Abstract
Safety and Security appear to be two contradicting overall system features. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge becomes more important. Due to the increasing interlacing of automotive systems with networks (such as Car2X), it is no longer acceptable to assume that safety-critical systems are immune to security risks and vice versa.
This paper presents the application and method description of a novel approach for combined safety hazard and security threat analysis. In this paper we present a detailed description of the SAHARA method and an application of this method for an automotive system. We analyze the impact of this novel method and highlight the impacts of security threats on safety targets of the system. The paper describes the experiences gained at application of the method and how safety-critical contribution of successful security attacks can be quantified.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013)
Ebert, C., Jones, C.: Embedded software: facts, figures, and future. IEEE Comput. Soc. 42(4), 42–52 (2009). ISSN: 0018-9162
Gashi, I., Povyakalo, A., Strigini, L., Matschnig, M., Hinterstoisser, T., Fischer, B.: Diversity for safety and security in embedded systems. In: International Conference on Dependable Systems and Networks, vol. 26, 06 2014
ISO - International Organization for Standardization. ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)
van Tilborg, H.C.A., Jajodia, S. (eds.): Encyclopedia of Cryptography and Security. ISO/IEC 15408, 2nd edn. Springer, Heidelberg (2011)
Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590, November 2012
Kath, O., Schreiner, R., Favaro, J.: Safety, security, and software reuse: a model-based approach. In: Fourth International Workshop in Software Reuse and Safety Proceedings, September 2009
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015
Microsoft Corporation. The stride threat model (2005)
Paulitsch, M., Reiger, R., Strigini, L., Bloomfield, R.: Evidence-based security in aerospace. In: ISSRE Workshops 2012, 21–22 (2012)
Raspotnig, C., Katta, V., Karpati, P., Opdahl, A.L.: Enhancing CHASSIS: a method for combining safety and security. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September 2013, pp. 766–773 (2013)
Roth, M., Liggesmeyer, P.: Modeling and analysis of safety-critical cyber physical systems using state/event fault trees. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
SAE International. Guidelines and Mehtods for Conductiong the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)
SAE International. Guidelines for Development of Civil Aircraft and Systems (2010)
Schmidt, K., Troeger, P., Kroll, H., Buenger, T.: Adapted development process for security in networked automotive systems. In: SAE 2014 World Congress and Exhibition Proceedings, (SAE 2014-01-0334), pp. 516–526 (2014)
Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)
Scuro, G.: Automotive industry: Innovation driven by electronics (2012). http://embedded-computing.com/articles/automotive-industry-innovation-driven-electronics/
Simion, C.P., Bucovtchi, O.M.C., Popescu, C.A.: Critical infrastructures protection through threat analysis framework. Ann. Oradea Univ. 1, 351–354 (2013)
Special Committee 205 of RTCA. DO-178C Software Considerations in Airborne Systems and Equipment Certification (2011)
Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-Physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)
The Common Criteria Recognition Agreement Members. Common Criteria for Information Technology Security Evaluation (2014). http://www.commoncriteriaportal.org/
Ward, D., Ibara, I., Ruddle, A.: Threat analysis and risk assessment in automotive cyber security. In: SAE 2013 World Congress and Exhibition Proceedings, pp. 507–513 (2013)
Acknowledgment
This work is partially supported by the INCOBAT and the MEMCONS projects.
The research leading to these results has received funding from the European Unions Seventh Framework Programme (FP7/2007-2013) under grant agreement n 608988 and financial support of the “COMET K2 - Competence Centers for Excellent Technologies Programme” of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT), the Austrian Federal Ministry of Economy, Family and Youth (BMWFJ), the Austrian Research Promotion Agency (FFG), the Province of Styria, and the Styrian Business Promotion Agency (SFG).
We are grateful for the contribution of the SOQRATES Safety AK experts and the expertise gained in SafEUr professional training.
Furthermore, we would like to express our thanks to our supporting project partners, AVL List GmbH, Virtual Vehicle Research Center, and Graz University of Technology
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C. (2015). A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9338. Springer, Cham. https://doi.org/10.1007/978-3-319-24249-1_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-24249-1_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24248-4
Online ISBN: 978-3-319-24249-1
eBook Packages: Computer ScienceComputer Science (R0)