This content is not included in your SAE MOBILUS subscription, or you are not logged in.
An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 14, 2020 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
The automotive domain has seen safety engineering at the forefront of the industry’s priorities for the last decade. Therefore, additional safety engineering efforts, design approaches, and well-established safety processes have been stipulated. Today many connected and automated vehicles are available and connectivity features and information sharing are increasingly used. This increases the attractiveness of an attack on vehicles and thus introduces new risks for vehicle cybersecurity. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cybersecurity as an integral part of the development of modern vehicles.
Aware of this fact, the automotive industry has, therefore, recently taken multiple efforts in designing and producing safe and secure connected and automated vehicles. As the domain geared up for the cybersecurity challenges, they leveraged experiences from many other domains, but must face several unique challenges. For that aim, the domain invested multiple efforts in the development of industry standards to tackle automotive cybersecurity issues and protect their assets. The joint working group of the standardization organizations ISO and SAE has recently established and published a committee draft of the”ISO/SAE CD 21434 Road Vehicles - Cybersecurity Engineering” standard.
This paper will summarize the previous results and extensions of the SoQrates assessment model, the working group’s vision and work from prior publications, how Automotive SPICE can also support the auditing of projects with close security relations, also in the context of the new ISO/SAE CD 21434. This work will show enhanced and adapted approach details for the new ISO/SAE CD 21434 norm requirements. Further, we propose a structured method for integrating security and safety engineering in the existing Automotive SPICE context. Additionally, provide methodical descriptions for the security development based on an in-depth treatment on signal and data-level to determine the essential security architecture requirements on the system level.
CitationMacher, G., Schmittner, C., Dobaj, J., Armengaud, E. et al., "An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security," SAE Technical Paper 2020-01-0145, 2020, https://doi.org/10.4271/2020-01-0145.
Data Sets - Support Documents
|[Unnamed Dataset 1]|
|[Unnamed Dataset 2]|
- Ebert, C. and Jones, C. , “Embedded Software: Facts, Figures, and Future,” IEEE Computer, 2009.
- European Commission , “A European Strategy on Cooperative Intelligent Transport Systems, a Milestone towards Cooperative, Connected and Automated Mobility,” 2016.
- Intel , “Safety First for Automated Driving,” 2019.
- Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S. et al. , Connected Cars - Threats, Vulnerabilities and their Impact (St Petersburg: IEEE, 2018).
- Ring, M., Durrwang, J., Sommer, F., and Kriesten, R. , Survey on Vehicular Attacks Building a Vulnerability Database (Yokohama: IEEE, 2015).
- Miller, C. and Valasek, C. , Remote Exploitation of an Unaltered Passenger Vehicle, Black Hat, 2015.
- Automotive, I.H.S. , Automotive Cybersecurity and Connected Car Report, 2016.
- Department of Defence , “DOD 5200.28-STD Computer Systems Evaluation Criteria,” Department of Defence, 1985.
- ISO - International Standardization Organisation , “ISO 26262 Road vehicles - Functional Safety, ISO - International Standardization Organisation,” 2018.
- ISO - International Organization for Standardization , “ISO/SAE CD 21434 - Road Vehicles - Cybersecurity Engineering, ISO - International Organization for Standardization,” 2018.
- Krzeszewski, J.T. , “ISO 21434 - Current Status (Youtube Presentation Recording),” youtube, 2019.
- Hunjan, H. , “ISO/SAE 21434 Automotive Cybersecurity Engineering,” 2018.
- International Organization for Standardization , “IEC 61508 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems.”
- International Organization for Standardization , “IEC 60812 Analysis Techniques for System Reliability - Procedure for Failure Mode and Effects Analysis (FMEA),” 2006.
- International Organisation for Standardisation , “IEC 61025 Fault Tree Analysis (FTA),” 2006.
- Vehicle Electrical System Security Committee , “SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems, SAE,” 2016.
- Schmittner, C., Ma, Z., Reyes, C., Dillinger, O., and Puschner, P. , “Using SAE J3061 for Automotive Security Requirement Engineering,” 2016.
- International Electrotechnical Commission , “IEC 62443 - Security for Industrial Automation and Control Systems, IEC,” 2018.
- International Standardization Organization , “ISO 27000 Series, Information technology - Security Techniques, International Standardization Organization.”
- National Highway Traffic Safety Administration and others , “Cybersecurity Best Practices for Modern Vehicles, National Highway Traffic Safety Administration,” 2016.
- Macher, G., Armengaud, E., Brenner, E., and Kreiner, C. , A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context (Springer International Publishing, 2016).
- Macher, G., Messnarz, R., Armengaud, E., Riel, A. et al. , “Integrated Safety and Security Development in the Automotive Domain,” SAE Technical Paper 2017-01-1661, 2017, https://doi.org/10.4271/2017-01-1661.
- Schmittner, C., Griessnig, G., and Ma, Z. , Status of the Development of ISO/SAE 21434 (Springer International Publishing, 2018).
- I. O. f. Standardization , Risk Management--Principles and Guidelines (Geneva: International Organization for Standardization, 2009).
- Karahasanovic, A., Kleberger, P. and Almgren, M. , “Adapting Threat Modeling Methods for the Automotive Industry,” 2017.
- Wolf, M. , “Combining Safety and Security Threat Modeling to Improve Automotive Penetration Testing,” Universität Ulm, 2019.
- Macher, G., Sporer, H., Berlach, R., Armengaud, E., and Kreiner, C. , “SAHARA: a Security-Aware Hazard and Risk Analysis Method,” 2015.
- Schmittner, C., Ma, Z., and Smith, P. , FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles (Springer International, 2014).
- Ruddle, A., Ward, D., Weyl, B., Idrees, S., Roudier, Y., Friedewald, M., Leimbach, T., Fuchs, A., Gürgens, S., Henniger, O. and others, “Deliverable D2.3: Security Requirements for Automotive On-Board Networks Based on Dark-Side Scenarios,” Technique Report 2009, 2009.
- The SPICE User Group , “Automotive SPICE Process Assessment/Reference Model V3.0, VDA,” 2015.
- NXP Semiconductors , “A Multi-Layer Vehicle Security Framework,” 2016.
- Sagstetter, F., Lukasiewycz, M., Steinhorst, S., Wolf, M. et al. , Security Challenges in Automotive Hardware/Software Architecture Design (EDA Consortium, 2013).
- Wolf, M., Weimerskirch, A., and Paar, C. , Security in Automotive Bus Systems (Bochum, 2004).
- Lokman, S.-F., Othman, A.T., and Abu-Bakar, M.-H. , Intrusion Detection System for Automotive Controller Area Network (CAN) Bus System: A Review (Springer, 2019).
- Chen, L., Franklin, J., and Regenscheid, A. , Guidelines on Hardware-Rooted Security in Mobile Devices (National Institute of Standards and Technology, 2012).
- Schmittner, C., Kastner, W., and El Sadany, M. , Assuring Compliance with Protection Profiles with Threatget (Springer, 2019).
- Automotive Information Sharing and Analysis Center AUTO-ISAC , “Automotive Cybersecurity Best Practices Executive Summary, Automotive Information Sharing and Analysis Center AUTO-ISAC,” 2016.
- Kleberger, P., Olovsson, T., and Jonsson, E. , An In-Depth Analysis of the Security of the Connected Repair Shop (Lisbon, 2012).
- European Automobile Manufacturers Association , Safe and Secure Access to Vehicle Data (European Automobile Manufacturers Association, 2019).
- Criteria, C. , Common Methodology for Information Technology Security Evaluation - Evaluation Methodology (Common Criteria, 2012).
- Scarfone, K., Souppaya, M., Cody, A. and Orebaugh, A. , “Technical Guide to Information Security Testing and Assessment,” NIST Special Publication, 2008.