Skip to main content
SpringerLink
Log in

Supporting Cyber-Security Based on Hardware-Software Interface Definition

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 633))

Included in the following conference series:

Abstract

The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.

As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bisson, P., Martinelli, F., Granadino, R.R.: Cybersecurity Strategic Research Agenda-SRA. In: European Network and Information Security (NIS) Platform NISP-Working Group, 3 (WG3), vol. v0.96, pp. 1–201, August 2015

    Google Scholar 

  2. Cercone, M., Ernst, T.: An EU cybercrime centre to fight online criminals and protect e-consumers. European Commission-Press release, March 2012

    Google Scholar 

  3. Vehicle Electrical System Security Committee, SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems

    Google Scholar 

  4. ISO-International Organization for Standardization, ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

    Google Scholar 

  5. The SPICE User Group, Automotive SPICE Process Assessment/Reference Model V3.0, July 2015

    Google Scholar 

  6. Macher, G., Sporer, H., Armengaud, E., Kreiner, C.: A versatile approach for ISO26262 compliant hardware-software interface definition with model-based development. SAE Technical Paper, SAE International (2015)

    Google Scholar 

  7. Sporer, H., Macher, G., Kreiner, C., Brenner, E.: Resilient interface design for safety-critical embedded automotive software. In: Zizka, J., et al., (eds.) Sixth International Conference on Computer Science and Information Technology, CCSIT 2016, Zurich, Switzerland, pp. 183–199. Academy and Industry Research Collaboration Center (AIRCC) (2016)

    Google Scholar 

  8. King, M., Dave, N., Arvind: Automatic generation of hardware/software interfaces. In: Proceedings of the Seventeenth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS XVII, New York, NY, USA, pp. 325–336. ACM (2012)

    Google Scholar 

  9. Cimatti, A., Tonetta, S.: A property-based proof system for contract-based design. In: 2012 38th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA), pp. 21–28, September 2012

    Google Scholar 

  10. Soderberg, A., Johansson, R.: Safety contract based design of software components. In: 2013 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 365–370, November 2013

    Google Scholar 

  11. Damm, W., Hungar, H., Josko, B., Peikenkamp, T., Stierand, I.: Using contract-based component specifications for virtual integration testing and architecture design. In: Design Automation Test in Europe Conference Exhibition (DATE) 2011, pp. 1–6 (2011)

    Google Scholar 

  12. Iber, J., Höller, A., Rauter, T., Kreiner, C.: Towards a generic modeling language for contract-based design. In: 2015 Workshop Proceedings 2nd International Workshop on Model-Driven Engineering for Component-Based Software Systems (ModComp), p. 24 (2015)

    Google Scholar 

  13. ISO-International Organization for Standardization, ISO/IEC 33000 Series on Process Assessment (2014)

    Google Scholar 

  14. Macher, G., Sporer, H., Armengaud, E., Brenner, E., Kreiner, C.: Using model-based Development for ISO26262 aligned HSI Definition. In: EDCC Conference Proceedings (2015)

    Google Scholar 

  15. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design Automation Test in Europe Conference Exhibition (DATE) 2015, pp. 621–624 (2015)

    Google Scholar 

  16. ISO-International Organization for Standardization, ISO IEC 7498–1 Information technology-Open Systems Interconnection-Basic Reference Model: The Basic Model (1994)

    Google Scholar 

  17. Brown, D., Cooper, G., Gilvarry, I., Rajan, A., Tatourian, A., Venugopalan, R., Wheeler, D., Zhao, M.: Automotive Security Best Practices, White Paper, pp. 1–17 (2015)

    Google Scholar 

  18. Hahn, T., Matthews, S., Wood, L., Cohn, J., Regev, S., Fletcher, J., Libow, E., Poulin, C., Ohnishi, K.: IBM Point of View: Internet of Things Security, White paper, April 2015

    Google Scholar 

  19. Windriver, Improving Android Security for Automotive with a Defense-In-Depth Strategy, White Paper (2013)

    Google Scholar 

  20. Pallierer, R., Ziehensack, M.: Secure Ethernet Communication for Autonomous Driving, February 2016

    Google Scholar 

  21. Macher, G., Riel, A., Kreiner, C.: Integrating HARA and TARA-How does this fit with Assumptions of the SAE J3061, Software Quality Professional (2016)

    Google Scholar 

  22. Otsuka, S., Ishigooka, T., Oishi, Y., Sasazawa, K.: CAN Security; Coste-Effective Intrusion Detection for Real-Time Control Systems, SAE Technical Paper 2014–01-0340 (2014)

    Google Scholar 

  23. Greenberg, A.: Hackers cut a Corvette’s brakes via a common car gadget, November 2015

    Google Scholar 

  24. Mahaffey, K.: Hacking a Tesla Model S: What we found and what we learned, August 2015

    Google Scholar 

Download references

Acknowledgments

This work is supported by the \(EMC^2\) project. The research leading to these results has received funding from the ARTEMIS Joint Undertaking under grant agreement nr 621429 (project \(EMC^2\)) and from the Austrian Ministry for Transport, Innovation and Technology (BMVIT) in the Program IKT der Zukunft under FFG grant agreement nr 842537.

Author information

Authors and Affiliations

  1. AVL List GmbH, Graz, Austria

    Georg Macher

  2. pewag International GmbH, Graz, Austria

    Harald Sporer

  3. Institute for Technical Informatics, Graz University of Technology, Graz, Austria

    Eugen Brenner & Christian Kreiner

Authors
  1. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harald Sporer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eugen Brenner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christian Kreiner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georg Macher .

Editor information

Editors and Affiliations

  1. Graz University of Technology, Graz, Austria

    Christian Kreiner

  2. Dublin City University, Dublin 9, Ireland

    Rory V. O'Connor

  3. Volkswagen AG, Wolfsburg, Germany

    Alexander Poth

  4. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Macher, G., Sporer, H., Brenner, E., Kreiner, C. (2016). Supporting Cyber-Security Based on Hardware-Software Interface Definition. In: Kreiner, C., O'Connor, R., Poth, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham. https://doi.org/10.1007/978-3-319-44817-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44817-6_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44816-9

  • Online ISBN: 978-3-319-44817-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation