Safety and Security Co-engineering and Argumentation Framework
Automotive systems become increasingly complex due to their functional range and data exchange with the outside world. Until now, functional safety of such safety-critical electrical/electronic systems has been covered successfully. However, the data exchange requires interconnection across trusted boundaries of the vehicle. This leads to security issues like hacking and malicious attacks against interfaces, which could bring up new types of safety issues. Before mass-production of automotive systems, arguments supported by evidences are required regarding safety and security. Product engineering must be compliant to specific standards and must support arguments that the system is free of unreasonable risks.
This paper shows a safety and security co-engineering framework, which covers standard compliant process derivation and management, and supports product specific safety and security co-analysis. Furthermore, we investigate process- and product-related argumentation and apply the approach to an automotive use case regarding safety and security.
KeywordsSafety and security co-engineering Process- and product-based argumentation Process and argumentation patterns Automotive domain ISO 26262 SAE J3061
This work is supported by the projects EMC2 and AMASS. Research leading to these results has received funding from the EU ARTEMIS Joint Undertaking under grant agreement no. 621429 (project EMC2), project AMASS (H2020-ECSEL no 692474; Spain’s MINECO ref. PCIN-2015-262) and from the COMET K2 - Competence Centres for Excellent Technologies Programme of the Austrian Federal Ministry for Transport, Innovation and Technology (bmvit), the Austrian Federal Ministry of Science, Research and Economy (bmwfw), the Austrian Research Promotion Agency (FFG), the Province of Styria and the Styrian Business Promotion Agency (SFG).
- 1.Greenberg, A.: Hackers remotely kill a jeep on the highway—with me in it. Wired, 7, 21 (2015). https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
- 2.Yan, C., Wenyuan, X., Liu, J.: Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicle. DEF CON (2016)Google Scholar
- 3.Borchert, J., Slusser, S.: Automotive (R)evolution: defining a security paradigm in the age of the connected car. Infineon Report Web, November 2014Google Scholar
- 4.Glas, B., Gebauer, C., Hänger, J., Heyl, A., Klarmann, J., Kriso, S., Wörz, P.: Automotive safety and security integration challenges. In: Automotive-Safety & Security (2014)Google Scholar
- 5.International Organization for Standardization. ISO 26262 - Road vehicles – Functional safety, Part 1–10. ISO/TC 22/SC 32 - Electrical and electronic components and general system aspects, 15 November 2011Google Scholar
- 6.SAE: J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)Google Scholar
- 8.Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 621–624. IEEE, March 2015Google Scholar
- 10.Goal Structuring Notation Working Group, GSN Community Standard Version 1, 16 November 2011. www.goalstructuringnotation.info
- 12.Menon, C., Hawkins, R., McDermid, J.: Interim standard of best practice on SW in the context of DS 00-56 Issue 4. SSEI, University of York, Standard of Best Practice (1) (2009)Google Scholar
- 13.Preschern, C., Kajtazovic, N., Kreiner, C.: Security analysis of safety patterns. In: Proceedings of the 20th Conference on Pattern Languages of Programs, p. 12. The Hillside Group, October 2013Google Scholar
- 15.Ruiz, A., Larrucea, X., Espinoza, H.: A tool suite for assurance cases and evidences: avionics experiences. In: O’Connor, R., Umay Akkaya, M., Kemaneci, K., Yilmaz, M., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement. CCIS, vol. 543, pp. 63–71. Springer, Cham (2015). doi: 10.1007/978-3-319-24647-5_6 CrossRefGoogle Scholar
- 17.Macher, G., Armengaud, E., Kreiner, C., Brenner, E., Schmittner, C., Ma, Z., Krammer, M.: Integration of security in the development lifecycle of dependable automotive CPS. In: Druml, N., Genser, A., Krieg, A., Menghin, M., Hoeller, A. (eds.) Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity. IGI Global, in pressGoogle Scholar
- 18.Martin, H., Krammer, M., Bramberger, R., Armengaud, E.: Process-and product-based lines of argument for automotive safety cases. In: ACM/IEEE 7th International Conference on Cyber-Physical Systems (2016)Google Scholar
- 19.Young, W., Leveson, N.: Systems thinking for safety and security. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 1–8. ACM (2013)Google Scholar
- 20.Abdulkhaleq, A., Wagner, S.: XSTAMPP: an eXtensible STAMP platform as tool support for safety engineering (2015)Google Scholar
- 21.Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi: 10.1007/978-3-319-45480-1_16 CrossRefGoogle Scholar