Abstract
The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.
As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bisson, P., Martinelli, F., Granadino, R.R.: Cybersecurity Strategic Research Agenda-SRA. In: European Network and Information Security (NIS) Platform NISP-Working Group, 3 (WG3), vol. v0.96, pp. 1–201, August 2015
Cercone, M., Ernst, T.: An EU cybercrime centre to fight online criminals and protect e-consumers. European Commission-Press release, March 2012
Vehicle Electrical System Security Committee, SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems
ISO-International Organization for Standardization, ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)
The SPICE User Group, Automotive SPICE Process Assessment/Reference Model V3.0, July 2015
Macher, G., Sporer, H., Armengaud, E., Kreiner, C.: A versatile approach for ISO26262 compliant hardware-software interface definition with model-based development. SAE Technical Paper, SAE International (2015)
Sporer, H., Macher, G., Kreiner, C., Brenner, E.: Resilient interface design for safety-critical embedded automotive software. In: Zizka, J., et al., (eds.) Sixth International Conference on Computer Science and Information Technology, CCSIT 2016, Zurich, Switzerland, pp. 183–199. Academy and Industry Research Collaboration Center (AIRCC) (2016)
King, M., Dave, N., Arvind: Automatic generation of hardware/software interfaces. In: Proceedings of the Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XVII, New York, NY, USA, pp. 325–336. ACM (2012)
Cimatti, A., Tonetta, S.: A property-based proof system for contract-based design. In: 2012 38th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), pp. 21–28, September 2012
Soderberg, A., Johansson, R.: Safety contract based design of software components. In: 2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 365–370, November 2013
Damm, W., Hungar, H., Josko, B., Peikenkamp, T., Stierand, I.: Using contract-based component specifications for virtual integration testing and architecture design. In: Design Automation Test in Europe Conference Exhibition (DATE) 2011, pp. 1–6 (2011)
Iber, J., Höller, A., Rauter, T., Kreiner, C.: Towards a generic modeling language for contract-based design. In: 2015 Workshop Proceedings 2nd International Workshop on Model-Driven Engineering for Component-Based Software Systems (ModComp), p. 24 (2015)
ISO-International Organization for Standardization, ISO/IEC 33000 Series on Process Assessment (2014)
Macher, G., Sporer, H., Armengaud, E., Brenner, E., Kreiner, C.: Using model-based Development for ISO26262 aligned HSI Definition. In: EDCC Conference Proceedings (2015)
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design Automation Test in Europe Conference Exhibition (DATE) 2015, pp. 621–624 (2015)
ISO-International Organization for Standardization, ISO IEC 7498–1 Information technology-Open Systems Interconnection-Basic Reference Model: The Basic Model (1994)
Brown, D., Cooper, G., Gilvarry, I., Rajan, A., Tatourian, A., Venugopalan, R., Wheeler, D., Zhao, M.: Automotive Security Best Practices, White Paper, pp. 1–17 (2015)
Hahn, T., Matthews, S., Wood, L., Cohn, J., Regev, S., Fletcher, J., Libow, E., Poulin, C., Ohnishi, K.: IBM Point of View: Internet of Things Security, White paper, April 2015
Windriver, Improving Android Security for Automotive with a Defense-In-Depth Strategy, White Paper (2013)
Pallierer, R., Ziehensack, M.: Secure Ethernet Communication for Autonomous Driving, February 2016
Macher, G., Riel, A., Kreiner, C.: Integrating HARA and TARA-How does this fit with Assumptions of the SAE J3061, Software Quality Professional (2016)
Otsuka, S., Ishigooka, T., Oishi, Y., Sasazawa, K.: CAN Security; Coste-Effective Intrusion Detection for Real-Time Control Systems, SAE Technical Paper 2014–01-0340 (2014)
Greenberg, A.: Hackers cut a Corvette’s brakes via a common car gadget, November 2015
Mahaffey, K.: Hacking a Tesla Model S: What we found and what we learned, August 2015
Acknowledgments
This work is supported by the \(EMC^2\) project. The research leading to these results has received funding from the ARTEMIS Joint Undertaking under grant agreement nr 621429 (project \(EMC^2\)) and from the Austrian Ministry for Transport, Innovation and Technology (BMVIT) in the Program IKT der Zukunft under FFG grant agreement nr 842537.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Macher, G., Sporer, H., Brenner, E., Kreiner, C. (2016). Supporting Cyber-Security Based on Hardware-Software Interface Definition. In: Kreiner, C., O'Connor, R., Poth, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham. https://doi.org/10.1007/978-3-319-44817-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-44817-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44816-9
Online ISBN: 978-3-319-44817-6
eBook Packages: Computer ScienceComputer Science (R0)