Integrated Safety and Security Development in the Automotive Domain 2017-01-1661
The replacement of safety-critical mechanical components with electro-mechanical systems has led to the fact that safety aspects play a central role in development of embedded automotive systems. Recently, consumer demands for connectivity (e.g., infotainment, car-2-car or car-2-infrastructure communication) as well as new advances toward advanced driver assistance systems (ADAS) or even autonomous driving functions make cybersecurity another key factor to be taken into account by vehicle suppliers and manufacturers. Although these can capitalize on experiences from many other domains, they still have to face several unique challenges when gearing up for specific cybersecurity challenges.
A key challenge is related to the increasing interconnection of automotive systems with networks (such as Car2X). Due to this connectivity, it is no longer acceptable to assume that safety-critical systems are immune to security risks. Consequently novel automotive systems require appropriate systematic approaches to support security and safety aware development. Traditionally, safety and security have been treated separately, however due to increasing awareness of the mutual impacts, an integrated view based on cross domain knowledge becomes more important.
The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations for identifying and assessing cybersecurity threats and for designing cybersecurity aware systems in close relation to the ISO 26262 standard for the functional safety of road vehicles.
The focus of this paper is set on addressing system safety and cybersecurity in combination rather than independently, and thereby raise the awareness of their mutual impacts. Therefore, we examine appropriate threat modeling and hazard analysis techniques in order to quantify the security impact on dependable safety related system development on a system level. Furthermore, we investigate systematic approaches to supporting the identification of trust boundaries and attack vectors for the safety- and cybersecurity-related aspects of complex automotive systems.