Abstract
Over-the-air updates have been used for years in the software industry, allowing bug fixes and enhancements to desktop, laptop, and mobile operating systems and applications. Automotive vehicles now depend on software to the extent that manufacturers are turning to over-the-air updates for critical vehicle functionality. History shows that our software systems are most vulnerable to lapses in safety and dependability when they undergo change, and performing an update over a communication channel adds a significant security concern. This paper presents our ideas on assuring integrated safety and security of over-the-air updates through assurance case templates that comply with both ISO 26262 (functional safety) and SAE J3061 (cyber-security). Wisely, the authors of SAE J3061 structured the guidebook so that it meshes well with ISO 26262, and we have been able to use principles we developed for deriving an assurance case template from ISO 26262, to help include compliance with SAE J3061 in the template. The paper also demonstrates how a specialization of the template helps guide us to pre-emptively mitigate against potential vulnerabilities in over-the-air update implementations.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amorim, T., et al.: Systematic pattern approach for safety and security co-engineering in the automotive domain. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 329–342. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66266-4_22
Aroms, E., et al.: NIST Special Publication 800–30 Risk Management Guide for Information Technology Systems (2012)
Barber, A.: Status of work in process on ISO/SAE 21434 Automotive Cybersecurity Standard. https://www.sans.org/summit-archives/file/summit-archive-1525889601.pdf. Accessed 28 May 2018
BBC News: Faulty update breaks Lexus cars’ maps and radio systems. http://www.bbc.com/news/technology-36478641. Accessed 08 Jun 2016
Bloomfield, R., Bishop, P., Jones, C., Froome, P.: ASCAD. Adelard Safety Case Development Manual, Adelard (1998). ISBN 0-9533771-0 5
Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40894-6_2
Chowdhury, T., Lin, C.W., Kim, B., Lawford, M., Shiraishi, S., Wassyng, A.: Principles for systematic development of an assurance case template from ISO 26262. In: IEEE International Symposium on Software Reliability Engineering, pp. 69–72, October 2017
Friedberg, I., McLaughlin, K., Smith, P., Laverty, D., Sezer, S.: STPA-SafeSec: safety and security analysis for cyber-physical systems. J. Inf. Secur. Appl. 34, 183–196 (2017)
Graydon, P., Knight, J., Strunk, E.: Assurance based development of critical systems. In: 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2007, pp. 347–357, June 2007
ISO: 26262: Road vehicles-Functional safety. International Standard ISO 26262 (2011)
ISO/SAE AWI: 21434: Road vehicles-Cybersecurity Engineering [Under development]
ISO/WD PAS: 21448: Road vehicles - Safety of the intended functionality [Under development]
Karthik, T., Brown, A., Awwad, S., McCoy, D., Bielawski, R., Mott, C., Lauzon, S., Weimerskirch, A., Cappos, J.: Uptane: securing software updates for automobiles. In: International Conference on Embedded Security in Car, pp. 1–11 (2016)
Kelly, T.: Arguing safety - a systematic approach to managing safety cases. Ph.D. thesis, University of York, September 1998
Lauzon, S.: Secure software updates for automotive systems: introduction to the Uptane SOTA solution, May 2017
Leveson, N.: Engineering a Safer World: Systems Thinking Applied to Safety. MIT Press, Cambridge (2011)
Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: Threat and risk assessment methodologies in the automotive domain. Procedia Comput. Sci. 83, 1288–1294 (2016)
Microsoft: Microsoft threat modeling tool. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 20 Sept 2017
Microsoft: The STRIDE threat model. https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx. Accessed 20 Sept 2017
NCC Group: The Automotive Threat Modeling Template. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/july/the-automotive-threat-modeling-template/. Accessed 20 Sept 2017
Netkachova, K., Müller, K., Paulitsch, M., Bloomfield, R.: Security-informed safety case approach to analysing MILS systems (2015)
Pereira, D., Hirata, C., Pagliares, R., Nadjm-Tehrani, S.: Towards combined safety and security constraints analysis. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10489, pp. 70–80. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66284-8_7
Procter, S., Vasserman, E.Y., Hatcliff, J.: Safe and secure: deeply integrating security in a new hazard analysis. In: ARES, p. 66. ACM (2017)
SAE International: SAE J3061-Cybersecurity Guidebook for Cyber-Physical Automotive Systems. SAE-Society of Automotive Engineers (2016)
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Spaan, R., Batina, L., Schwabe, P., Verheijden, S.: Secure updates in automotive systems, pp. 1–71. Radboud University, Nijmegen (2016)
Summers, A., Tickner, C.: What is Security Analysis. http://www.doc.ic.ac.uk/~ajs300/security/CIA.htm. Accessed 20 Sept 2017
US Department of Transportation: Architecture reference for cooperative and intelligent transportation. https://local.iteris.com/arc-it/. Accessed 24 Feb 2018
Wassyng, A., Joannou, P., Lawford, M., Maibaum, T.S., Singh, N.K.: Chapter 13 new standards for trustworthy cyber-physical systems. In: Trustworthy Cyber-Physical Systems Engineering, pp. 337–368. CRC Press (2016)
Wassyng, A., Maibaum, T., Lawford, M., Bherer, H.: Software certification: is there a case against safety cases? In: Calinescu, R., Jackson, E. (eds.) Monterey Workshop 2010. LNCS, vol. 6662, pp. 206–227. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21292-5_12
Webtrend: threat modeling with STRIDE. https://www.webtrends.com/blog/2015/04/threat-modeling-with-stride/. Accessed 20 Sept 2017
Young, W., Leveson, N.: Systems thinking for safety and security. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 1–8. ACM (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Chowdhury, T. et al. (2018). Safe and Secure Automotive Over-the-Air Updates. In: Gallina, B., Skavhaug, A., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2018. Lecture Notes in Computer Science(), vol 11093. Springer, Cham. https://doi.org/10.1007/978-3-319-99130-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-99130-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99129-0
Online ISBN: 978-3-319-99130-6
eBook Packages: Computer ScienceComputer Science (R0)