Harald Sporer

SAHARA: a security-aware hazard and risk analysis method

Safety and Security are two seemingly contradictory system features, which have challenged researchers for decades. Traditionally, these two features have been treated separately, but due to the increasing knowledge about their mutual impacts, similarities, and interdisciplinary values, they have become more important. Because systems (such as Car2x in the automotive industry) are increasingly interlaced, it is no longer acceptable to assume that safety systems are immune to security risks. Future automotive systems will require appropriate systematic approaches that will support security-aware safety development. Therefore, this paper presents a combined approach of the automotive HARA (hazard analysis and risk assessment) approach with the security domain STRIDE approach, and outlines the impacts of security issues on safety concepts at system level. We present an approach to classify the probability of security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we analyze the impact of these security threats on the safety analysis of automotive systems. This paper additionally describes how such a method has been developed based on the HARA approach, and how the safety-critical contributions of successful security attacks can be quantified and processed.

A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems

Safety and Security appear to be two contradicting overall system features. Traditionally, these two features have been treated separately, but due to increasing awareness of mutual impacts, cross domain knowledge becomes more important. Due to the increasing interlacing of automotive systems with networks (such as Car2X), it is no longer acceptable to assume that safety-critical systems are immune to security risks and vice versa.

Supporting Cyber-Security Based on Hardware-Software Interface Definition

The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.

Incorporation of Model-Based System and Software Development Environments

Development of dependable embedded automotive systems faces many challenges arising from increasing complexity, criticality, and demand of certifiability. Efficient and consistent development models along the entire development life cycle needs to be ensured. So far, existing solutions are still frequently insufficient when transforming system models with higher level of abstraction to more concrete engineering models (such as software engineering models). De facto industry standards aims to standardize frameworks and to facilitate the exchange of information. However, refinement of system designs into hardware and software implementations is still a tedious task. The aim of this work is to enhance an automotive model-driven system engineering framework with software architecture design capabilities and a model transformation framework to enable a seamless description of safety-critical systems, from requirements at the system level down to software component implementation in a bidirectional way.

Service Deterioration Analysis (SDA): An Early Development Phase Dependability Analysis Method

Dependability is a super ordinate concept regrouping different system attributes such as reliability, safety, security, or availability and a key selling point of modern embedded systems. Dependable systems rely on mature quality management and development methods such as requirements / systems engineering and system analyses. In the automotive domain analysis methods for safety and security attributes at early development phases are well known and partially mandatory by domain standards. Nevertheless, approaches for analysis of serviceability attributes (the combination of reliability and maintainability) at early development phases are not yet available. Aim of the paper is to present a novel analysis method to quantify the impact of individual system parts on the overall system serviceability at early development phases. This approach bases on the concepts of state-of-the-art methods for safety and security analysis and extends their scope of application to serviceability feature quantification, thus enables consistent identification of system dependability target attributes. This, in turn, is a pre-requisite for ensuring a certain level of system dependability from start of development. In the second part of the document the application of the novel approach is demonstrated on an automotive training example of a battery management system.

A Comprehensive Safety, Security, and Serviceability Assessment Method

Dependability is a superordinate concept regrouping different system attributes such as reliability, safety, security, or availability and non-functional requirements for modern embedded systems. These different attributes, however, might lead to different targets. Furthermore, the non-unified methods to manage these different attributes might lead to inconsistencies, which are identified in late development phases. The aim of the paper is to present a combined approach for system dependability analysis to be applied in early development phases. This approach regroups state-of-the-art methods for safety, security, and reliability analysis, thus enabling consistent dependability targets identification across the three attributes. This, in turn, is a pre-requisite for consistent dependability engineering along the development lifecycle. In the second part of the document the experiences of this combined dependability system analysis method are discussed based on an automotive application.

A Lean Automotive E/E-System Design Approach with Integrated Requirements Management Capability

Replacing former pure mechanical functionalities by mecha-tronics-based solutions, introducing new propulsion technologies, and connecting cars to their environment are only a few reasons for the still growing E/E-System complexity at modern passenger cars. Smart methodologies and processes are necessary during the development life cycle to master the related challenges successfully. In this paper, a lean approach for a model-based domain-specific E/E-System architectural design is presented. Furthermore, an integrated requirements management methodology is shown, satisfying the needs for a full traceability between the requirements and design artifacts. The novel model-based language allows domain experts, with limited knowledge of the de-facto system design standard SysML, to describe the mechatronics-based system easily and unambiguously. The lean tool chain orchestration makes the presented approach, especially but not limited to, interesting for small project teams.

An automotive E/E system domain-specific modelling approach with various tool support

The electrical and electronic systems (E/E Systems) in the automotive world have been getting increasingly complex over the past decades. New functionality, which is mainly realized through embedded E/E Systems, as well as the growing connectivity (Car2X-Communication), will keep this trend alive in the upcoming years. Additionally, new standards and regulations have been released during the last few years (e.g. ISO 26262), which improve system properties such as dependability, but also lead to an even higher system complexity. Therefore, well-defined development processes are crucial to manage this complexity and achieve high quality products. To accomplish an appropriated guidance through these processes, a tool chain has to be established, which supports each phase of the E/E System development. However, it is not enough to provide a stand-alone solution for the assistance at each phase. A smooth transition of the development artefacts between the different levels as well as their bilateral traceability is crucial. Common approaches utilize tools such as Enterprise Architect or Artisan Studio to model the E/E System design in SysML or a kind of UML2 profile. Usually, several abstraction layers are designed with these tools, starting from the system architectural design down to the software architectural design. Although, in the majority of cases the design should represent a mechatronics-based system, the hardware and the mechanics view are not considered. The aim of this work is to remedy the defficiencies regarding the missing representation of hardware and mechanics artefacts within E/E System design. Therefore, a model-based domain-specific language was developed that describes the system in a more comprehensive way. It makes it easier for domain experts, who are not that familiar with UML or SysML, to create an architectural design. The methodology presented does not ignore existing SysML models, but rather supports them by means of a translator, which converts the DSL model into a SysML representation. As well as the domain-specific language definition itself, a feasible tool support is presented. To showcase that the language definition can be implemented easily in different ways, a custom-made tool written in C# as well as a tool generated from a UML definition is shown.

Bidirectional Crosslinking of System and Software Modeling in the Automotive Domain

Replacing former pure mechanical functionalities by mecha-tronics-based solutions, introducing new propulsion technologies, and connecting cars to their environment are only a few reasons for the still growing E/E-System complexity at modern passenger cars. Hence, for an engineering company in the automotive embedded system domain it is vital to establish mature development processes, including a smart tool chain orchestration. Starting from the customer requirements until the final release of the product, traceability and consistency between all development artifacts shall be given. However, achieving this by linking the development items manually is a tedious and error-prone task. The aim of this work is to enhance the development process by introducing a fully automatic transformation of a system design model into a software framework model and vice versa. With this novel approach, the full traceability, between the system and software architectural levels, is guaranteed.

A Lean Automotive E/E-System Design Approach with Open Toolbox Access

Replacing former pure mechanical functionalities by mecha-tronics-based solutions, introducing new propulsion technologies, and connecting cars to their environment are only a few reasons for the still growing electrical and electronic systems (E/E-Systems) complexity at modern passenger cars. Smart methodologies and processes are necessary during the development life cycle to master the related challenges successfully. One of the key issues is to have an adequate environment for creating architectural system designs, and linking them to other development artifacts. In this paper, a novel model-based domain-specific language for embedded mechatronics-based systems, with focus on the support of different automotive sub-domains, is presented. With the described methodology, the domain-specific modeling (DSM) approach can be adapted to the needs of the respective company or project easily. Though, the model-based language definition can be implemented using various platforms (e.g. Eclipse Modeling Framework), also a custom-made open source editor supporting the DSM technique, is presented.