Safe and Secure Development: Challenges and Opportunities

The ever-increasing complexity and connectivity of driver assist functions pose challenges for both Functional Safety and Cyber Security. Several of these challenges arise not only due to the new functionalities themselves but due to numerous interdependencies between safety and security. Safety and security goals can conflict, safety mechanisms might be intentionally triggered by attackers to impact functionality negatively, or mechanisms can compete for limited resources like processing power or memory to name just some conflict potentials. But there is also the potential for synergies, both in the implementation as well as during the development. For example, both disciplines require mechanisms to check data integrity, are concerned with freedom from interference and require architecture based analyses. So far there is no consensus in the industry on how to best deal with these interdependencies in automotive development projects. SAE J3061 introduces a process framework for Cyber Security development that is intentionally very similar to that for Functional Safety as defined in ISO 26262. While these parallel frameworks help to identify interdependencies and show that aligned processes are possible, a joint process seems unreasonable due to the vastly different implementation frameworks and methods. Using concrete examples, we show problems that can arise if Functional Safety and Cyber Security processes are not properly aligned and integrated into the overall development process. Based on this we then propose steps towards coordinated safety and security processes that can prevent such problems and show how such an approach at the same time allows to benefit from synergies.