Skip to main content

2017 | Supplement | Buchkapitel

Automotive SPICE, Safety and Cybersecurity Integration

verfasst von : Georg Macher, Alexander Much, Andreas Riel, Richard Messnarz, Christian Kreiner

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway-With Me in It, July 2015. wired.com Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway-With Me in It, July 2015. wired.​com
3.
Zurück zum Zitat ISO: International Organization for Standardization: IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems (2010) ISO: International Organization for Standardization: IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)
4.
Zurück zum Zitat ISO: International Organization for Standardization: IEC 60812 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006) ISO: International Organization for Standardization: IEC 60812 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)
5.
Zurück zum Zitat ISO: International Organization for Standardization: IEC 61025 Fault tree analysis (FTA), December 2006 ISO: International Organization for Standardization: IEC 61025 Fault tree analysis (FTA), December 2006
6.
Zurück zum Zitat ISO: International Organization for Standardization: IEC 62443 - Industrial Communication Networks Network and System Security (2009) ISO: International Organization for Standardization: IEC 62443 - Industrial Communication Networks Network and System Security (2009)
7.
Zurück zum Zitat ISO: International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10 (2011) ISO: International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)
8.
Zurück zum Zitat ISO: International Organization for Standardization: SS 7740 Road Vehicles Functional Safety Process Assessment Model (2012) ISO: International Organization for Standardization: SS 7740 Road Vehicles Functional Safety Process Assessment Model (2012)
9.
Zurück zum Zitat Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), 2015, pp. 621–624, March 2015 Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), 2015, pp. 621–624, March 2015
10.
Zurück zum Zitat Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_11 CrossRef Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). doi:10.​1007/​978-3-319-45477-1_​11 CrossRef
11.
Zurück zum Zitat Macher, G., Armengaud, E., Kreiner, C., Brenner, E., Schmittner, C., Ma, Z., Martin, H., Krammer, M.: Integration of security in the development lifecycle of dependable automotive CPS. In: Druml, N., Genser, A., Armin, K., Menghin, M., Hoeller, A. (eds.) Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity. IGI Global, Hershey (2017) Macher, G., Armengaud, E., Kreiner, C., Brenner, E., Schmittner, C., Ma, Z., Martin, H., Krammer, M.: Integration of security in the development lifecycle of dependable automotive CPS. In: Druml, N., Genser, A., Armin, K., Menghin, M., Hoeller, A. (eds.) Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity. IGI Global, Hershey (2017)
12.
Zurück zum Zitat Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_21 CrossRef Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi:10.​1007/​978-3-319-24249-1_​21 CrossRef
13.
Zurück zum Zitat Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A comprehensive safety, security, and serviceability assessment method. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 410–424. Springer, Cham (2015). doi:10.1007/978-3-319-24255-2_30 CrossRef Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A comprehensive safety, security, and serviceability assessment method. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 410–424. Springer, Cham (2015). doi:10.​1007/​978-3-319-24255-2_​30 CrossRef
14.
15.
Zurück zum Zitat Macher, G., Riel, A., Kreiner, C.: Integrating HARA and TARA - How Does this Fit with Assumptions of the SAE J3061. Software Quality Professional (2016) Macher, G., Riel, A., Kreiner, C.: Integrating HARA and TARA - How Does this Fit with Assumptions of the SAE J3061. Software Quality Professional (2016)
16.
Zurück zum Zitat Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting Cyber-Security Based on Hardware-Software Interface Definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. CCIS, vol. 633, pp. 148–159. Springer, Cham (2016). doi:10.1007/978-3-319-44817-6_12 CrossRef Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting Cyber-Security Based on Hardware-Software Interface Definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. CCIS, vol. 633, pp. 148–159. Springer, Cham (2016). doi:10.​1007/​978-3-319-44817-6_​12 CrossRef
17.
Zurück zum Zitat Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 266–275. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31199-4_23 CrossRef Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 266–275. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-31199-4_​23 CrossRef
18.
Zurück zum Zitat Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39179-8_29 CrossRef Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-39179-8_​29 CrossRef
19.
Zurück zum Zitat Messnarz, R., Kreiner, C., Macher, G., Walker, A.: Extending automotive SPICE 3.0 for the use in ADAS service architectures. J. Softw.: Evolution Process 29, 17–27 (2017) Messnarz, R., Kreiner, C., Macher, G., Walker, A.: Extending automotive SPICE 3.0 for the use in ADAS service architectures. J. Softw.: Evolution Process 29, 17–27 (2017)
21.
Zurück zum Zitat Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39179-8_29 CrossRef Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-39179-8_​29 CrossRef
22.
Zurück zum Zitat Riel, A., Bachmann, V.O., Dussa-Zieger, K., Kreiner, C., Messnarz, R., Nevalainen, R., Sechser, B., Tichkiewitch, S.: EU project SafEUr – competence requirements for functional safety managers. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 253–265. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31199-4_22 CrossRef Riel, A., Bachmann, V.O., Dussa-Zieger, K., Kreiner, C., Messnarz, R., Nevalainen, R., Sechser, B., Tichkiewitch, S.: EU project SafEUr – competence requirements for functional safety managers. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 253–265. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-31199-4_​22 CrossRef
Metadaten
Titel
Automotive SPICE, Safety and Cybersecurity Integration
verfasst von
Georg Macher
Alexander Much
Andreas Riel
Richard Messnarz
Christian Kreiner
Copyright-Jahr
2017
DOI
https://doi.org/10.1007/978-3-319-66284-8_23