Automotive SPICE, safety and cybersecurity integration

Georg Macher, Alexander Much, Andreas Riel, Richard Messnarz, Christian Kreiner

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10489 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017
CountryItaly
CityTrento
Period12/09/1712/09/17

Fingerprint

SPICE
Safety
Advanced driver assistance systems
Safety engineering
Automation
Systems analysis
Auditing
Safety Assessment
Driver Assistance
Best Practice
Requirements
System Design
Infrastructure
Traffic
Model
Engineering

Keywords

  • Automotive
  • Automotive SPICE
  • ISO 26262
  • SAE J3061
  • Security analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Macher, G., Much, A., Riel, A., Messnarz, R., & Kreiner, C. (2017). Automotive SPICE, safety and cybersecurity integration. In Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings (Vol. 10489 LNCS, pp. 273-285). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10489 LNCS). Springer Verlag. DOI: 10.1007/978-3-319-66284-8_23

Automotive SPICE, safety and cybersecurity integration. / Macher, Georg; Much, Alexander; Riel, Andreas; Messnarz, Richard; Kreiner, Christian.

Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS Springer Verlag, 2017. p. 273-285 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10489 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Macher, G, Much, A, Riel, A, Messnarz, R & Kreiner, C 2017, Automotive SPICE, safety and cybersecurity integration. in Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. vol. 10489 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10489 LNCS, Springer Verlag, pp. 273-285, International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017, Trento, Italy, 12/09/17. DOI: 10.1007/978-3-319-66284-8_23
Macher G, Much A, Riel A, Messnarz R, Kreiner C. Automotive SPICE, safety and cybersecurity integration. In Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS. Springer Verlag. 2017. p. 273-285. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Available from, DOI: 10.1007/978-3-319-66284-8_23
Macher, Georg ; Much, Alexander ; Riel, Andreas ; Messnarz, Richard ; Kreiner, Christian. / Automotive SPICE, safety and cybersecurity integration. Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS Springer Verlag, 2017. pp. 273-285 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{c6f1c267fa4141fcb535b5536c609ac3,
title = "Automotive SPICE, safety and cybersecurity integration",
abstract = "Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.",
keywords = "Automotive, Automotive SPICE, ISO 26262, SAE J3061, Security analysis",
author = "Georg Macher and Alexander Much and Andreas Riel and Richard Messnarz and Christian Kreiner",
year = "2017",
month = "9",
day = "27",
doi = "10.1007/978-3-319-66284-8_23",
language = "English",
isbn = "9783319662831",
volume = "10489 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "273--285",
booktitle = "Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings",
address = "Germany",

}

TY - GEN

T1 - Automotive SPICE, safety and cybersecurity integration

AU - Macher,Georg

AU - Much,Alexander

AU - Riel,Andreas

AU - Messnarz,Richard

AU - Kreiner,Christian

PY - 2017/9/27

Y1 - 2017/9/27

N2 - Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

AB - Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

KW - Automotive

KW - Automotive SPICE

KW - ISO 26262

KW - SAE J3061

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85029519410&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-66284-8_23

DO - 10.1007/978-3-319-66284-8_23

M3 - Conference contribution

SN - 9783319662831

VL - 10489 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 273

EP - 285

BT - Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings

PB - Springer Verlag

ER -