skip to main content
research-article

Co-engineering of Safety and Security Life Cycles for Engineering of Automotive Systems

Published:17 April 2020Publication History
Skip Abstract Section

Abstract

Nowadays systems are becoming more and more connected. Consequently, the co-engineering of (cyber)security and safety life cycles becomes paramount. Currently, no standard provides a structured co-engineering process to facilitate the communication between safety and security engineers. In this paper, we propose a process for co-engineering safety and security by the explicit systematization and management of commonalities and variabilities, implicitly stated in the requirements of the different standards. Our process treats the safety and security life cycles as members of a security-informed safety-oriented process line and so it forces safety and security engineers to come together and brainstorm on what might be considered a commonality and what might be considered a variability. We illustrate the usage of our process by systematizing commonalities and variabilities at risk analysis phase in the context of ISO 26262 and SAE J3061. We then draw lessons learnt. Finally, we sketch some directions for future work.

References

  1. AMASS (Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems) Project (online), https://www.amass-ecsel.eu.Google ScholarGoogle Scholar
  2. AMASS Project: Deliverables (online) https://www.amassecsel. eu/content/deliverables.Google ScholarGoogle Scholar
  3. ENISA (European Network and Information Security Agency), ENISA good practices for security of Smart Cars, https://www.enisa.europa.eu/publications/enisa-goodpractices- for-security-of-smart-cars.Google ScholarGoogle Scholar
  4. EVITA project, https://www.evita-project.org.Google ScholarGoogle Scholar
  5. ISO 26262 (2018), Road vehicles -- Functional safety, International Standard.Google ScholarGoogle Scholar
  6. ISO/SAE 21434, Road vehicles -- Cybersecurity Engineering - General Overview. https://www.iso.org/ standard/70918.htmlGoogle ScholarGoogle Scholar
  7. ISO/PAS 21448 (2019), Road vehicles - Safety of the intended functionality.Google ScholarGoogle Scholar
  8. SAE - Society of Automotive Engineers, SAE J3061 - Cybersecurity Guidebook for Cyber-Physical Automotive Systems.Google ScholarGoogle Scholar
  9. SECREDAS (Product Security for Cross Domain Reliable Dependable Automated Systems), http://secredas.eu/Google ScholarGoogle Scholar
  10. Underwriters Laboratories Inc. (UL), UL 4600 - Standard for Safety for the Evaluation of Autonomous Products.Google ScholarGoogle Scholar
  11. I. Ayala, B. Gallina (2016), Towards Tool-based Securityinformed Safety Oriented Process Line Engineering, 1st ACM International workshop on Interplay of Security,Safety and System/Software Architecture (ISSA), Copenhagen, Denmark.Google ScholarGoogle Scholar
  12. J. Castellanos Ardila, B. Gallina (2017), Towards Efficiently Checking Compliance Against Automotive Security and Safety Standards, 7th IEEE International Workshop on Software Certification., Toulouse, France.Google ScholarGoogle Scholar
  13. B. Gallina, L. Fabre (2015), Benefits of security-informed safety-oriented process line engineering, Digital Avionics Systems Conference (DASC), IEEE/AIAA 34th (pp. 8C1- 1), IEEE.Google ScholarGoogle Scholar
  14. B. Gallina, I. Sljivo, O. Jaradat (2012), Towards a Safetyoriented Process Line for Enabling Reuse in Safety Critical Systems Development and Certification, Postproceedings of the 35th IEEE Software Engineering Workshop (SEW-35).Google ScholarGoogle Scholar
  15. B. Gallina, S. Kashiyarandi, H. Martin, R. Bramberger (2014), Modeling a safety-and automotive-oriented process line to enable reuse and flexible process derivation, Computer Software and Applications Conference Workshops (COMPSACW), IEEE 38th International, pp. 504--509.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. B. Gallina, M. A. Javed, H. Martin, R. Bramberger (2019), Co-engineering of security and safety life-cycles for engineering security-informed safety-critical automotive systems in compliance with SAE J3061 and ISO 26262, 24th International Conference on Reliable Software Technologies-Industrial Presentation Track (Ada- Europe), Warsaw, Poland, June 11--14.Google ScholarGoogle Scholar
  17. B. Gallina (2019), Quantitative Evaluation of Tailoring within SPICE-compliant Security-informed Safetyoriented Process Lines, Journal of Software: Evolution and Process, EuroSPI Special Issue, DOI:10.1002/smr.2212.Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ø. Haugen, O. Øgård (2014), BVR--better variability results, International Conference on System Analysis and Modeling (pp. 1--15). Springer, Cham.Google ScholarGoogle Scholar
  19. Ø. Haugen (2012), Common Variability Language (CVL), Object Management Group, Tech. Rep. ad/2012-08-05 [Online]. Available: http://www.omgwiki.org/variability/doku.phpGoogle ScholarGoogle Scholar
  20. M. A. Javed, B. Gallina (2018), Get EPF Composer back to the future: A trip from Galileo to Photon after 11 years, EclipseCon, Toulouse, France.Google ScholarGoogle Scholar
  21. M. A. Javed, B. Gallina (2018), Safety-oriented process line engineering via seamless integration between EPF composer and BVR tool, Proceedings of the 22nd International Conference on Systems and Software Product Line-Volume 2 (pp. 23--28), ACM.Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. K. C. Kang, S. G. Cohen, J. A. Hess, W. E. Novak, A. S. Peterson (1990), Feature-oriented domain analysis (FODA) feasibility study (No. Carnegie Mellon University/SEI-90-TR-21), Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst.Google ScholarGoogle Scholar
  23. H. Martin, R. Bramberger, C. Schmittner, Z. Ma, T. Gruber, A. Ruiz, G. Macher (2017), Safety and security co-engineering and argumentation framework, International Conference on Computer Safety, Reliability, and Security (pp. 286--297). Springer, Cham.Google ScholarGoogle ScholarCross RefCross Ref
  24. G. Macher, E. Armengaud, C. Kreiner, E. Brenner, C. Schmittner, Z. Ma, M. Krammer (2018), Integration of security in the development lifecycle of dependable automotive CPS, Solutions for Cyber-Physical Systems Ubiquity (pp. 383--423), IGI Global.Google ScholarGoogle Scholar
  25. N. Morgulis, A. Kreines, S. Mendelowitz, Y. Weisglass (2019), Fooling a Real Car with Adversarial Traffic Signs, arXiv preprint arXiv:1907.00374.Google ScholarGoogle Scholar
  26. A. Ruiz, B. Gallina, J. L. de la Vara, S. Mazzini, H. Espinoza (2016), Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems, 5th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems (SASSUR), Trondheim.Google ScholarGoogle Scholar
  27. C. Schmittner, T. Gruber, P. Puschner, E. Schoitsch (2014), Security application of failure mode and effect analysis (FMEA), International Conference on Computer Safety, Reliability, and Security (pp. 310--325), Springer, Cham.Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. L. de la Vara, E. Parra Corredor, A. Ruiz Lopez, B. Gallina (2019), AMASS: A Large-Scale European Project to Improve the Assurance and Certification of Cyber- Physical Systems, Proceedings of the 20th International Conference on Product-Focused Software Process Improvement (PROFES), Barcelona, Spain.Google ScholarGoogle ScholarCross RefCross Ref
  29. J. L. de la Vara, A. Ruiz, B. Gallina, G. Blondelle, E. Alaña, H. Herrero, F. Warg, M. Skoglund, R. Bramberger (2019), The AMASS Approach for Assurance and Certification of Critical Systems, embedded world Conference (ewC), Nuremberg, Germany.Google ScholarGoogle Scholar
  30. OMG (2008), Software & systems Process Engineering Meta-model (SPEM), v 2.0, Full Specification formal/08- 04-01.Google ScholarGoogle Scholar
  31. BVR Tool. https://github.com/SINTEF-9012/bvrGoogle ScholarGoogle Scholar
  32. OpenCert - hosting the AMASS platform. https://www.polarsys.org/opencert/about/Google ScholarGoogle Scholar
  33. Eclipse Process Framework, Eclipse Foundation, Inc., Canada, http://www.eclipse.org/epf/.Google ScholarGoogle Scholar
  34. ANSYS medini analyse, ANSYS Inc., USA, https://www.ansys.com/products/systems/ ansys-medini-analyzeGoogle ScholarGoogle Scholar

Index Terms

(auto-classified)
  1. Co-engineering of Safety and Security Life Cycles for Engineering of Automotive Systems

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!