Skip to main content
main-content
Top

Hint

Swipe to navigate through the chapters of this book

2018 | OriginalPaper | Chapter

Roadblocks on the Highway to Secure Cars: An Exploratory Survey on the Current Safety and Security Practice of the Automotive Industry

Authors : Michael Huber, Michael Brunner, Clemens Sauerwein, Carmen Carlan, Ruth Breu

Published in: Computer Safety, Reliability, and Security

Publisher: Springer International Publishing

share
SHARE

Abstract

With various advances in technology, cars evolved to highly interconnected and complex Cyber-Physical Systems. Due to this development, the security of involved components and systems needs to be addressed in a rigorous way. The resulting necessity of combining safety and security aspects during the development processes has proven to be non-trivial due to the high interference between these aspects and their respective treatment. This paper discusses the results of an exploratory survey on how organizations from the automotive industry in the Euroregion tackle the challenge of integrating safety and security aspects during system development. The observed state of practice shows that there are significant deficits in the integration of both domains. The results of the exploratory survey enabled us to identify the most common challenges of realizing an integrated approach in a practical setting and discuss implications for future research.
Footnotes
1
https://​salsa.​q-e.​at/​ (Accessed: 02/12/2018).
 
Literature
1.
go back to reference Almeida, J.R., Camargo, J.B., Cugnasca, P.S.: Safety and security in critical applications and in information systems-a comparative study. IEEE Latin Am. Trans. 11(4), 1127–1133 (2013) CrossRef Almeida, J.R., Camargo, J.B., Cugnasca, P.S.: Safety and security in critical applications and in information systems-a comparative study. IEEE Latin Am. Trans. 11(4), 1127–1133 (2013) CrossRef
2.
go back to reference Baheti, R., Gill, H.: Cyber-physical systems. Impact Control Technol. 12, 161–166 (2011) Baheti, R., Gill, H.: Cyber-physical systems. Impact Control Technol. 12, 161–166 (2011)
4.
go back to reference Brunner, M., Huber, M., Sauerwein, C., Breu, R.: Towards an integrated model for safety and security requirements of cyber-physical systems. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 334–340. IEEE (2017) Brunner, M., Huber, M., Sauerwein, C., Breu, R.: Towards an integrated model for safety and security requirements of cyber-physical systems. In: 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 334–340. IEEE (2017)
5.
go back to reference Campbell, J.L., Quincy, C., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews problems of unitization and intercoder reliability and agreement. Sociol. Methods Res. 42(3), 294–320 (2013) MathSciNetCrossRef Campbell, J.L., Quincy, C., Osserman, J., Pedersen, O.K.: Coding in-depth semistructured interviews problems of unitization and intercoder reliability and agreement. Sociol. Methods Res. 42(3), 294–320 (2013) MathSciNetCrossRef
6.
go back to reference Derler, P., Lee, E.A., Vincentelli, A.S.: Modeling cyber-physical systems. Proc. IEEE 100(1), 13–28 (2012) CrossRef Derler, P., Lee, E.A., Vincentelli, A.S.: Modeling cyber-physical systems. Proc. IEEE 100(1), 13–28 (2012) CrossRef
7.
go back to reference Firesmith, D.G.: Common concepts underlying safety security and survivability engineering. Carnegie-mellon University, Pittsburgh, PA, Software Engineering Institute, Technical report (2003) Firesmith, D.G.: Common concepts underlying safety security and survivability engineering. Carnegie-mellon University, Pittsburgh, PA, Software Engineering Institute, Technical report (2003)
9.
go back to reference Fürst, S., et al.: AUTOSAR-a worldwide standard is on the road. In: 14th International VDI Congress Electronic Systems for Vehicles, Baden-Baden, vol. 62, p. 5 (2009) Fürst, S., et al.: AUTOSAR-a worldwide standard is on the road. In: 14th International VDI Congress Electronic Systems for Vehicles, Baden-Baden, vol. 62, p. 5 (2009)
10.
go back to reference Glas, B., et al.: Automotive safety and security integration challenges. In: Automotive-Safety & Security 2014 (2015) Glas, B., et al.: Automotive safety and security integration challenges. In: Automotive-Safety & Security 2014 (2015)
11.
go back to reference He, W., Yan, G., Da Xu, L.: Developing vehicular data cloud services in the IoT environment. IEEE Trans. Ind. Inform. 10(2), 1587–1595 (2014) CrossRef He, W., Yan, G., Da Xu, L.: Developing vehicular data cloud services in the IoT environment. IEEE Trans. Ind. Inform. 10(2), 1587–1595 (2014) CrossRef
12.
go back to reference ISO/TC 22: ISO/DIS 26262–1 - Road vehicles functional safety Part 1–10. Technical report, Technical Committee 22, Geneva, Switzerland, July 2009 ISO/TC 22: ISO/DIS 26262–1 - Road vehicles functional safety Part 1–10. Technical report, Technical Committee 22, Geneva, Switzerland, July 2009
13.
go back to reference Kannenberg, A., Saiedian, H.: Why software requirements traceability remains a challenge. CrossTalk J. Defense Softw. Eng. 22(5), 14–19 (2009) Kannenberg, A., Saiedian, H.: Why software requirements traceability remains a challenge. CrossTalk J. Defense Softw. Eng. 22(5), 14–19 (2009)
14.
go back to reference Kelly, T.P.: Arguing safety: a systematic approach to managing safety cases. Ph.D. thesis, University of York (1999) Kelly, T.P.: Arguing safety: a systematic approach to managing safety cases. Ph.D. thesis, University of York (1999)
15.
go back to reference Kitchenham, B.A., Pfleeger, S.L.: Guide to advanced empirical software engineering. Springer, London 46, 48–49 (2008) Kitchenham, B.A., Pfleeger, S.L.: Guide to advanced empirical software engineering. Springer, London 46, 48–49 (2008)
16.
go back to reference Kletz, T.A.: HAZOP and HAZAN: Identifying and Assessing Process Industry Hazards. IChemE, Boca Raton (1999) Kletz, T.A.: HAZOP and HAZAN: Identifying and Assessing Process Industry Hazards. IChemE, Boca Raton (1999)
17.
go back to reference Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on Bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013) Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on Bayesian belief networks. In: 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE (2013)
18.
go back to reference Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015) CrossRef Kriaa, S., Pietre-Cambacedes, L., Bouissou, M., Halgand, Y.: A survey of approaches combining safety and security for industrial control systems. Reliab. Eng. Syst. Saf. 139, 156–178 (2015) CrossRef
20.
go back to reference Martins, L.E., Gorschek, T.: Requirements engineering for safety-critical systems: overview and challenges. IEEE Softw. 34, 49–57 (2017) CrossRef Martins, L.E., Gorschek, T.: Requirements engineering for safety-critical systems: overview and challenges. IEEE Softw. 34, 49–57 (2017) CrossRef
21.
go back to reference Mayring, P., Gläser-Zikuda, M.: Die Praxis der Qualitativen Inhaltsanalyse. Beltz Weinheim (2008) Mayring, P., Gläser-Zikuda, M.: Die Praxis der Qualitativen Inhaltsanalyse. Beltz Weinheim (2008)
22.
go back to reference Nostro, N., Bondavalli, A., Silva, N.: Adding security concerns to safety critical certification. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 521–526. IEEE (2014) Nostro, N., Bondavalli, A., Silva, N.: Adding security concerns to safety critical certification. In: 2014 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), pp. 521–526. IEEE (2014)
24.
go back to reference Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013) CrossRef Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Reliab. Eng. Syst. Saf. 110, 110–126 (2013) CrossRef
25.
go back to reference Ray, S., Chen, W., Bhadra, J., Al Faruque, M.A.: Extensibility in automotive security: current practice and challenges. In: 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2017) Ray, S., Chen, W., Bhadra, J., Al Faruque, M.A.: Extensibility in automotive security: current practice and challenges. In: 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6. IEEE (2017)
26.
go back to reference Runeson, P., Host, M., Rainer, A., Regnell, B.: Case Study Research in Software Engineering: Guidelines and Examples. Wiley, Hoboken (2012) CrossRef Runeson, P., Host, M., Rainer, A., Regnell, B.: Case Study Research in Software Engineering: Guidelines and Examples. Wiley, Hoboken (2012) CrossRef
27.
28.
go back to reference Sojka, M., Krec, M., Hanzálek, Z.: Case study on combined validation of safety & security requirements. In: 2014 9th IEEE International Symposium on Industrial Embedded Systems (SIES), pp. 244–251. IEEE (2014) Sojka, M., Krec, M., Hanzálek, Z.: Case study on combined validation of safety & security requirements. In: 2014 9th IEEE International Symposium on Industrial Embedded Systems (SIES), pp. 244–251. IEEE (2014)
29.
go back to reference de la Vara, J.L., Borg, M., Wnuk, K., Moonen, L.: An industrial survey of safety evidence change impact analysis practice. IEEE Trans. Softw. Eng. 42(12), 1095–1117 (2016) CrossRef de la Vara, J.L., Borg, M., Wnuk, K., Moonen, L.: An industrial survey of safety evidence change impact analysis practice. IEEE Trans. Softw. Eng. 42(12), 1095–1117 (2016) CrossRef
Metadata
Title
Roadblocks on the Highway to Secure Cars: An Exploratory Survey on the Current Safety and Security Practice of the Automotive Industry
Authors
Michael Huber
Michael Brunner
Clemens Sauerwein
Carmen Carlan
Ruth Breu
Copyright Year
2018
DOI
https://doi.org/10.1007/978-3-319-99130-6_11

Premium Partner