Georg Macher

A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems

Safety and Security appear to be two contradicting overall system features. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge becomes more important. Due to the increasing interlacing of automotive systems with networks (such as Car2X), it is no longer acceptable to assume that safety-critical systems are immune to security risks and vice versa.

Supporting Cyber-Security Based on Hardware-Software Interface Definition

The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.

A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context

Consumer demands for advanced automotive assistant systems and connectivity of cars to the internet make cyber-security an important requirement for vehicle providers. As vehicle providers gear up for the cyber security challenges, they can leverage experiences from many other domains, but nevertheless, must face several unique challenges. Thus, several security standards are well established and do not need to be created from scratch. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides information and high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems.

Threat and Risk Assessment Methodologies in the Automotive Domain

Abstract Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO 26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development. Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.

Towards dependability engineering of cooperative automotive cyber-physical systems

Numerous industrial sectors are investing in Cyber-Physical-Systems (CPS). CPS provide their functionality by the interaction of various subsystems which are usually developed by different suppliers and are expected to cooperate safely. The open and cooperative nature of CPS poses a significant challenge for industrial sectors with stringent dependability constraints, such as, autonomous automobile systems, medical monitoring, process control systems, or automatic pilot avionics. As CPS may reconfigure itself during run-time, for instance in order to handle failures or to adapt on changing conditions (such as connected car features relying on availability of environmental information), the dependability of this adaptation must still be ensured. To tackle this assurance issue, several recommendations rely on a set of contracts to describe components attributes and evaluate the robustness of the configuration at run-time. In our research project, DEIS, we address these important and unsolved challenges by developing technologies for dependable system integration at run-time. At the core of these technologies lies the concept of a Digital Dependability Identity (DDI) of a component or system. DDIs are composable and executable in-the-field, facilitating (a) efficient synthesis of component and system dependability information over the supply chain and (b) effective evaluation of this information in-the-field for safe and secure composition of highly distributed and autonomous CPS. In contrast to other approaches mainly focusing on software specifics (such as SOME/IP or other SoA approaches), DDI focuses on system development level (also taking into account HW specifics and system decomposition). The paper is describing the approach focusing on the support for functional safety and validation of automated and connected vehicles, by providing an initial framework to manage dependability aspects.

DEIS: Dependability Engineering Innovation for Industrial CPS

The open and cooperative nature of Cyber-Physical Systems (CPS) poses new challenges in assuring dependability. The DEIS project (Dependability Engineering Innovation for automotive CPS. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 732242, see http://www.deis-project.eu) addresses these challenges by developing technologies that form a science of dependable system integration. In the core of these technologies lies the concept of a Digital Dependability Identity (DDI) of a component or system. DDIs are modular, composable, and executable in the field facilitating (a) efficient synthesis of component and system dependability information over the supply chain and (b) effective evaluation of this information in-the-field for safe and secure composition of highly distributed and autonomous CPS. The paper outlines the DDI concept and opportunities for application in four industrial use cases.

Extending Automotive SPICE 3.0 for the use in ADAS and future self-driving service architectures

The SOQRATES (www.soqrates.de) working party has been established in 2003 with the support of the Bavarian SW initiative. Major automotive suppliers joined forces to exchange best practices in topics such as Automotive SPICE, functional safety, and cybersecurity.

Systematic Pattern Approach for Safety and Security Co-engineering in the Automotive Domain

Future automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. Unfortunately, there is lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To remediate this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. The application of a combined safety and security pattern engineering workflow is shown and demonstrated by an automotive use case scenario.

Automotive SPICE, safety and cybersecurity integration

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

Embedded Multi-core System for Design of Next Generation Powertrain Control Units

In recent days lots of effort is spent on the integration of multi-core processors also in embedded realtime systems domain for several reasons, such as continuously increasing performance requirements and stricter power limitations. This trend is reflected also in the automotive field. Another major aspect for this up-coming trend is the increasing amount of ECUs within the vehicle. Modern vehicles are equipped with 70 to 100 ECUs communicating trough the existing networks within the vehicle with each other to handle the necessary control SW system for vehicle operation. With upcoming multi-core technologies this amount could be reduced by combining different control application with possibly mixed criticality into one multi-core ECU.In this paper, a smart environment for the efficient validation of innovative system architectures based on multi-core platforms in order to be able to handle this future trend in the automotive field is presented. The motivation is to provide a hybrid environment (mixing simulation and physical components) for development of dependable automotive based on multicore controllers and thus reduce validation efforts and costs. The major objectives of the paper addresses the integration of multi-core technology in existing control applications in order to provide more computing resources for (a) improvement of existing functions and (b) development of novel functionalities and the electrical and functional integration of high dynamic controls with time based vehicle control algorithm.