Refine Your Search

Topic

Search Results

Viewing 1 to 11 of 11
Technical Paper

Cybersecurity Testing and Validation

2017-03-28
2017-01-1655
We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems. ...Connected vehicles are increasingly seen as a potential target for cybersecurity attacks. A key differentiator for the automotive industry is the use of cyber-physical systems, where a successful cybersecurity attack could affect physical entities.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

2019-04-29
This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber-physical systems. ...This web seminar will define key concepts in cybersecurity and discuss what a cybersecurity process consists of and why one is needed for the development of cyber-physical vehicle systems.
Technical Paper

A Study on Comprehensive Evaluation of Intelligent Connected Vehicle Cybersecurity

2019-04-02
2019-01-0477
It is proposed to score (0-100) from the three dimensions of cybersecurity level, intelligent level and incident response capacity of enterprise, and then comprehensively evaluate the cybersecurity performance level of automobile. Cybersecurity level includes concept design of cybersecurity, verification of protection scheme and penetration test. ...In view of the automotive cybersecurity incidents occur frequently with no evaluation standard, a comprehensive evaluation method is proposed, which firstly reviews the process of obtaining automotive cybersecurity goals and function requirements through threat analysis and risk assessment. ...In view of the automotive cybersecurity incidents occur frequently with no evaluation standard, a comprehensive evaluation method is proposed, which firstly reviews the process of obtaining automotive cybersecurity goals and function requirements through threat analysis and risk assessment. Then the international research projects on automotive cybersecurity and the key issues are summarized.
Training / Education

ISO 26262 Functional Safety – Road Vehicles Focus on Second Edition Changes

2019-05-07
In addition to presenting an overview of the standard, this course highlights the major changes introduced in the second edition, which extends the standard"s scope to include all vehicles (excluding special vehicles), the objective-oriented confirmation measures approach, and references to Cybersecurity at the Concept and System Level development.
Technical Paper

Integrating STPA into ISO 26262 Process for Requirement Development

2017-03-28
2017-01-0058
Developing requirements for automotive electric/electronic systems is challenging, as those systems become increasingly software-intensive. Designs must account for unintended interactions among software features, combined with unforeseen environmental factors. In addition, engineers have to iteratively make architectural tradeoffs and assign responsibilities to each component in the system to accommodate new safety requirements as they are revealed. ISO 26262 is an industry standard for the functional safety of automotive electric/electronic systems. It specifies various processes and procedures for ensuring functional safety, but does not limit the methods that can be used for hazard and safety analysis. System Theoretic Process Analysis (STPA) is a new technique for hazard analysis, in the sense that hazards are caused by unsafe interactions between components (including humans) as well as component failures and faults.
Technical Paper

Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling

2018-04-03
2018-01-0014
Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians. Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated. In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack.
Journal Article

Threat Analysis and Risk Assessment in Automotive Cyber Security

2013-04-08
2013-01-1415
The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful. While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack.
Article

SAE International anti-counterfeit standards integral to obsolescence management

2018-07-25
Counterfeit parts prevention is integral to an effective obsolescence management plan, and the focus of anti-counterfeit standards – including Counterfeit Avoidance Standard (AS5553) and Counterfeit Detection Standard (AS6081) – from SAE International in Warrendale, Pa. SAE International officials are bringing the anti-counterfeit discussion and sharing best practices, which include adherence to critical standards, to the Future of Obsolescence Management (FOM) event on October 10 and 11 in Washington.
X