Refine Your Search

Topic

Search Results

Viewing 1 to 12 of 12
Technical Paper

Cybersecurity Testing and Validation

2017-03-28
2017-01-1655
We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment. ...An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. ...The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels.
Training / Education

Keys to Creating a Cybersecurity Process from the J3061 Process Framework

This allows an organization to develop an internal cybersecurity process consistent with its other processes in order to build cybersecurity robustness into their cyber- physical systems. ...This seminar will define key concepts in cybersecurity and discuss what a cybersecurity process consists of and why one is needed for the development of cyber-physical vehicle systems.
Training / Education

DO-326A and ED-202A An Introduction to the New and Mandatory Aviation Cyber-Security Essentials

2020-09-14
The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).
Journal Article

Threat Analysis and Risk Assessment in Automotive Cyber Security

2013-04-08
2013-01-1415
The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful. While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack.
Book

The Car Hacker's Handbook: A Guide for the Penetration Tester

2016-03-01
Modern cars are more computerized than ever, with the aim to make driving more convenient. But vehicle technologies haven’t kept pace with today’s more hostile security environment, leaving millions vulnerable to attack. This handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems. With an understanding of a vehicle’s communication network, you’ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more.
Standard

Requirements for a COTS Assembly Management Plan

2020-08-03
CURRENT
EIA933C
This document applies to the development of Plans for integrating and managing COTS assemblies in electronic equipment and Systems for the commercial, military, and space markets; as well as other ADHP markets that wish to use this document. For purposes of this document, COTS assemblies are viewed as electronic assemblies such as printed wiring assemblies, relays, disk drives, LCD matrices, VME circuit cards, servers, printers, laptop computers, etc. There are many ways to categorize COTS assemblies1, including the following spectrum: At one end of the spectrum are COTS assemblies whose design, internal parts2, materials, configuration control, traceability, reliability, and qualification methods are at least partially controlled, or influenced, by ADHP customers (either individually or collectively). An example at this end of the spectrum is a VME circuit card assembly.
SAE MOBILUS Subscription

Wiley Cyber Security Collection Add-On

2018-03-23
As an annual subscription, the Wiley Cyber Security Collection Add-On is available for purchase along with one or both of the following: Wiley Aerospace Collection Wiley Automotive Collection The titles from the Wiley Cyber Security Collection are included in the SAE MOBILUS® eBook Package. Titles: Network Forensics Penetration Testing Essentials Security in Fixed and Wireless Networks, 2nd Edition The Network Security Test Lab: A Step-by-Step Guide Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Applied Cryptography: Protocols, Algorithms and Source Code in C, 20th Anniversary Edition Computer Security Handbook, Set, 6th Edition Threat Modeling: Designing for Security Other available Wiley collections: Wiley SAE MOBILUS eBook Package Wiley Aerospace Collection Wiley Automotive Collection Wiley Computer Systems Collection Add-On (purchasable with the Wiley Aerospace Collection and/or the Wiley Automotive Collection)
Technical Paper

Integrating STPA into ISO 26262 Process for Requirement Development

2017-03-28
2017-01-0058
Developing requirements for automotive electric/electronic systems is challenging, as those systems become increasingly software-intensive. Designs must account for unintended interactions among software features, combined with unforeseen environmental factors. In addition, engineers have to iteratively make architectural tradeoffs and assign responsibilities to each component in the system to accommodate new safety requirements as they are revealed. ISO 26262 is an industry standard for the functional safety of automotive electric/electronic systems. It specifies various processes and procedures for ensuring functional safety, but does not limit the methods that can be used for hazard and safety analysis. System Theoretic Process Analysis (STPA) is a new technique for hazard analysis, in the sense that hazards are caused by unsafe interactions between components (including humans) as well as component failures and faults.
Standard

Standard Best Practices for System Safety Program Development and Execution

2018-11-19
WIP
GEIASTD0010B
This document outlines a standard practice for conducting system safety. In some cases, these principles may be captured in other standards that apply to specific commodities such as commercial aircraft and automobiles. For example, those manufacturers that produce commercial aircraft should use SAE ARP4754 or SAE ARP4761 (see Section 2 below) to meet FAA or other regulatory agency system safety-related requirements. The system safety practice as defined herein provides a consistent means of evaluating identified risks. Mishap risk should be identified, evaluated, and mitigated to a level as low as reasonably practicable. The mishap risk should be accepted by the appropriate authority and comply with federal (and state, where applicable) laws and regulations, executive orders, treaties, and agreements. Program trade studies associated with mitigating mishap risk should consider total life cycle cost in any decision.
Technical Paper

Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling

2018-04-03
2018-01-0014
Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians. Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated. In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack.
Article

SAE International anti-counterfeit standards integral to obsolescence management

2018-07-25
Counterfeit parts prevention is integral to an effective obsolescence management plan, and the focus of anti-counterfeit standards – including Counterfeit Avoidance Standard (AS5553) and Counterfeit Detection Standard (AS6081) – from SAE International in Warrendale, Pa. SAE International officials are bringing the anti-counterfeit discussion and sharing best practices, which include adherence to critical standards, to the Future of Obsolescence Management (FOM) event on October 10 and 11 in Washington.
X