Skip to main content
SpringerLink
Log in

A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9338))

Included in the following conference series:

Abstract

Safety and Security appear to be two contradicting overall system features. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge becomes more important. Due to the increasing interlacing of automotive systems with networks (such as Car2X), it is no longer acceptable to assume that safety-critical systems are immune to security risks and vice versa.

This paper presents the application and method description of a novel approach for combined safety hazard and security threat analysis. In this paper we present a detailed description of the SAHARA method and an application of this method for an automotive system. We analyze the impact of this novel method and highlight the impacts of security threats on safety targets of the system. The paper describes the experiences gained at application of the method and how safety-critical contribution of successful security attacks can be quantified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  2. Ebert, C., Jones, C.: Embedded software: facts, figures, and future. IEEE Comput. Soc. 42(4), 42–52 (2009). ISSN: 0018-9162

    Article  Google Scholar 

  3. Gashi, I., Povyakalo, A., Strigini, L., Matschnig, M., Hinterstoisser, T., Fischer, B.: Diversity for safety and security in embedded systems. In: International Conference on Dependable Systems and Networks, vol. 26, 06 2014

    Google Scholar 

  4. ISO - International Organization for Standardization. ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

    Google Scholar 

  5. van Tilborg, H.C.A., Jajodia, S. (eds.): Encyclopedia of Cryptography and Security. ISO/IEC 15408, 2nd edn. Springer, Heidelberg (2011)

    MATH  Google Scholar 

  6. Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590, November 2012

    Google Scholar 

  7. Kath, O., Schreiner, R., Favaro, J.: Safety, security, and software reuse: a model-based approach. In: Fourth International Workshop in Software Reuse and Safety Proceedings, September 2009

    Google Scholar 

  8. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015

    Google Scholar 

  9. Microsoft Corporation. The stride threat model (2005)

    Google Scholar 

  10. Paulitsch, M., Reiger, R., Strigini, L., Bloomfield, R.: Evidence-based security in aerospace. In: ISSRE Workshops 2012, 21–22 (2012)

    Google Scholar 

  11. Raspotnig, C., Katta, V., Karpati, P., Opdahl, A.L.: Enhancing CHASSIS: a method for combining safety and security. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September 2013, pp. 766–773 (2013)

    Google Scholar 

  12. Roth, M., Liggesmeyer, P.: Modeling and analysis of safety-critical cyber physical systems using state/event fault trees. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)

    Google Scholar 

  13. SAE International. Guidelines and Mehtods for Conductiong the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)

    Google Scholar 

  14. SAE International. Guidelines for Development of Civil Aircraft and Systems (2010)

    Google Scholar 

  15. Schmidt, K., Troeger, P., Kroll, H., Buenger, T.: Adapted development process for security in networked automotive systems. In: SAE 2014 World Congress and Exhibition Proceedings, (SAE 2014-01-0334), pp. 516–526 (2014)

    Google Scholar 

  16. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)

    Google Scholar 

  17. Scuro, G.: Automotive industry: Innovation driven by electronics (2012). http://embedded-computing.com/articles/automotive-industry-innovation-driven-electronics/

  18. Simion, C.P., Bucovtchi, O.M.C., Popescu, C.A.: Critical infrastructures protection through threat analysis framework. Ann. Oradea Univ. 1, 351–354 (2013)

    Google Scholar 

  19. Special Committee 205 of RTCA. DO-178C Software Considerations in Airborne Systems and Equipment Certification (2011)

    Google Scholar 

  20. Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-Physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)

    Google Scholar 

  21. The Common Criteria Recognition Agreement Members. Common Criteria for Information Technology Security Evaluation (2014). http://www.commoncriteriaportal.org/

  22. Ward, D., Ibara, I., Ruddle, A.: Threat analysis and risk assessment in automotive cyber security. In: SAE 2013 World Congress and Exhibition Proceedings, pp. 507–513 (2013)

    Google Scholar 

Download references

Acknowledgment

This work is partially supported by the INCOBAT and the MEMCONS projects.

The research leading to these results has received funding from the European Unions Seventh Framework Programme (FP7/2007-2013) under grant agreement n 608988 and financial support of the “COMET K2 - Competence Centers for Excellent Technologies Programme” of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT), the Austrian Federal Ministry of Economy, Family and Youth (BMWFJ), the Austrian Research Promotion Agency (FFG), the Province of Styria, and the Styrian Business Promotion Agency (SFG).

We are grateful for the contribution of the SOQRATES Safety AK experts and the expertise gained in SafEUr professional training.

Furthermore, we would like to express our thanks to our supporting project partners, AVL List GmbH, Virtual Vehicle Research Center, and Graz University of Technology

Author information

Authors and Affiliations

  1. Institute for Technical Informatics, Graz University of Technology, Graz, Austria

    Georg Macher, Andrea Höller, Harald Sporer & Christian Kreiner

  2. AVL List GmbH, Graz, Austria

    Georg Macher & Eric Armengaud

Authors
  1. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Höller
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Harald Sporer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eric Armengaud
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christian Kreiner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georg Macher .

Editor information

Editors and Affiliations

  1. University of Technology, Delft, The Netherlands

    Floor Koornneef

  2. University of Huddersfield, Huddersfield, United Kingdom

    Coen van Gulijk

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C. (2015). A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9338. Springer, Cham. https://doi.org/10.1007/978-3-319-24249-1_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-24249-1_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-24248-4

  • Online ISBN: 978-3-319-24249-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation