nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems

verfasst von : Georg Macher, Andrea Höller, Harald Sporer, Eric Armengaud, Christian Kreiner

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Safety and Security appear to be two contradicting overall system features. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge becomes more important. Due to the increasing interlacing of automotive systems with networks (such as Car2X), it is no longer acceptable to assume that safety-critical systems are immune to security risks and vice versa.

This paper presents the application and method description of a novel approach for combined safety hazard and security threat analysis. In this paper we present a detailed description of the SAHARA method and an application of this method for an automotive system. We analyze the impact of this novel method and highlight the impacts of security threats on safety targets of the system. The paper describes the experiences gained at application of the method and how safety-critical contribution of successful security attacks can be quantified.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Dependable Cyber-Physical Systems with Redundant Consumer Single-Board Linux Computers

Nächstes Kapitel Safety and Security Assessment of Behavioral Properties Using Alloy

Bloomfield, R., Netkachova, K., Stroud, R.: Security-informed safety: if it’s not secure, it’s not safe. In: Gorbenko, A., Romanovsky, A., Kharchenko, V. (eds.) SERENE 2013. LNCS, vol. 8166, pp. 17–32. Springer, Heidelberg (2013) CrossRef

Ebert, C., Jones, C.: Embedded software: facts, figures, and future. IEEE Comput. Soc. 42(4), 42–52 (2009). ISSN: 0018-9162CrossRef

Gashi, I., Povyakalo, A., Strigini, L., Matschnig, M., Hinterstoisser, T., Fischer, B.: Diversity for safety and security in embedded systems. In: International Conference on Dependable Systems and Networks, vol. 26, 06 2014

ISO - International Organization for Standardization. ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

van Tilborg, H.C.A., Jajodia, S. (eds.): Encyclopedia of Cryptography and Security. ISO/IEC 15408, 2nd edn. Springer, Heidelberg (2011) MATH

Javaid, A.Y., Sun, W., Devabhaktuni, V.K., Alam, M.: Cyber security threat analysis and modeling of an unmanned aerial vehicle system. In: IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590, November 2012

Kath, O., Schreiner, R., Favaro, J.: Safety, security, and software reuse: a model-based approach. In: Fourth International Workshop in Software Reuse and Safety Proceedings, September 2009

Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015

Microsoft Corporation. The stride threat model (2005)

10.

Paulitsch, M., Reiger, R., Strigini, L., Bloomfield, R.: Evidence-based security in aerospace. In: ISSRE Workshops 2012, 21–22 (2012)

11.

Raspotnig, C., Katta, V., Karpati, P., Opdahl, A.L.: Enhancing CHASSIS: a method for combining safety and security. In: 2013 International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 2–6 September 2013, pp. 766–773 (2013)

12.

Roth, M., Liggesmeyer, P.: Modeling and analysis of safety-critical cyber physical systems using state/event fault trees. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)

13.

SAE International. Guidelines and Mehtods for Conductiong the Safety Assessment Process on Civil Airborne Systems and Equipment (1996)

14.

SAE International. Guidelines for Development of Civil Aircraft and Systems (2010)

15.

Schmidt, K., Troeger, P., Kroll, H., Buenger, T.: Adapted development process for security in networked automotive systems. In: SAE 2014 World Congress and Exhibition Proceedings, (SAE 2014-01-0334), pp. 516–526 (2014)

16.

Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)

17.

Scuro, G.: Automotive industry: Innovation driven by electronics (2012). http://embedded-computing.com/articles/automotive-industry-innovation-driven-electronics/

18.

Simion, C.P., Bucovtchi, O.M.C., Popescu, C.A.: Critical infrastructures protection through threat analysis framework. Ann. Oradea Univ. 1, 351–354 (2013)

19.

Special Committee 205 of RTCA. DO-178C Software Considerations in Airborne Systems and Equipment Certification (2011)

20.

Steiner, M., Liggesmeyer, P.: Combination of safety and security analysis - finding security problems that threaten the safety of a system. In: SAFECOMP 2013 - Workshop DECS (ERCIM/EWICS Workshop on Dependable Embedded and Cyber-Physical Systems) of the 32nd International Conference on Computer Safety, Reliability and Security (2013)

21.

The Common Criteria Recognition Agreement Members. Common Criteria for Information Technology Security Evaluation (2014). http://www.commoncriteriaportal.org/

22.

Ward, D., Ibara, I., Ruddle, A.: Threat analysis and risk assessment in automotive cyber security. In: SAE 2013 World Congress and Exhibition Proceedings, pp. 507–513 (2013)

Titel: A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems
verfasst von: Georg Macher
Andrea Höller
Harald Sporer
Eric Armengaud
Christian Kreiner
Verlag: Springer International Publishing
Buch: Computer Safety, Reliability, and Security
Print ISBN: 978-3-319-24248-4

Electronic ISBN: 978-3-319-24249-1

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24249-1_21

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner