Supporting Cyber-Security Based on Hardware-Software Interface Definition

Georg Macher, Harald Sporer, Eugen Brenner, Christian Josef Kreiner

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.

As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.
Original languageEnglish
Title of host publication23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016
PublisherSpringer International Publishing AG
Pages148
Number of pages159
DOIs
Publication statusPublished - 2016
Event23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016 - Graz, Austria
Duration: 14 Sep 201616 Sep 2016

Conference

Conference23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016
CountryAustria
CityGraz
Period14/09/1616/09/16

Fingerprint

Hardware
Remote control
Automotive industry
Gears
Large scale systems
Railroad cars

Fields of Expertise

  • Information, Communication & Computing
  • Mobility & Production

Cite this

Macher, G., Sporer, H., Brenner, E., & Kreiner, C. J. (2016). Supporting Cyber-Security Based on Hardware-Software Interface Definition. In 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016 (pp. 148). Springer International Publishing AG . https://doi.org/10.1007/978-3-319-44817-6_12

Supporting Cyber-Security Based on Hardware-Software Interface Definition. / Macher, Georg; Sporer, Harald; Brenner, Eugen; Kreiner, Christian Josef.

23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016. Springer International Publishing AG , 2016. p. 148.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Macher, G, Sporer, H, Brenner, E & Kreiner, CJ 2016, Supporting Cyber-Security Based on Hardware-Software Interface Definition. in 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016. Springer International Publishing AG , pp. 148, 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016, Graz, Austria, 14/09/16. https://doi.org/10.1007/978-3-319-44817-6_12
Macher G, Sporer H, Brenner E, Kreiner CJ. Supporting Cyber-Security Based on Hardware-Software Interface Definition. In 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016. Springer International Publishing AG . 2016. p. 148 https://doi.org/10.1007/978-3-319-44817-6_12
Macher, Georg ; Sporer, Harald ; Brenner, Eugen ; Kreiner, Christian Josef. / Supporting Cyber-Security Based on Hardware-Software Interface Definition. 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016. Springer International Publishing AG , 2016. pp. 148
@inproceedings{6d01b071de3848e7b4f5f0ebf474de97,
title = "Supporting Cyber-Security Based on Hardware-Software Interface Definition",
abstract = "The automotive industry has an annual increase rate of software implemented functions of about 30 {\%}. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.",
author = "Georg Macher and Harald Sporer and Eugen Brenner and Kreiner, {Christian Josef}",
year = "2016",
doi = "10.1007/978-3-319-44817-6_12",
language = "English",
pages = "148",
booktitle = "23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016",
publisher = "Springer International Publishing AG",
address = "Switzerland",

}

TY - GEN

T1 - Supporting Cyber-Security Based on Hardware-Software Interface Definition

AU - Macher, Georg

AU - Sporer, Harald

AU - Brenner, Eugen

AU - Kreiner, Christian Josef

PY - 2016

Y1 - 2016

N2 - The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.

AB - The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.As vehicle providers gear up for the cyber-security challenges, they can leverage experiences from many other domains, but nevertheless have to face several unique challenges. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems in close relation to ISO 26262. Although functional safety and cyber-security engineering have a considerable overlap regarding many facets, such as analysis methods and system function thinking, the definition of system borders (item definition vs. trust boundaries) often differs largely. Therefore, appropriate systematic approaches to support the identification of trust boundaries and attack vectors for the safety- and cybersecurity-relates aspects of complex automotive systems are essential. In the course of this paper, we analyze a method to identify attack vectors on complex systems via signal interfaces. We focus on a central development artifact of the ISO 26262 functional safety development process, the hardware-software interface (HSI), and propose an extension for the HSI to support the cyber-security engineering process.

U2 - 10.1007/978-3-319-44817-6_12

DO - 10.1007/978-3-319-44817-6_12

M3 - Conference contribution

SP - 148

BT - 23rd European Conference on Systems, Software and Services Process Improvement, EuroSPI 2016

PB - Springer International Publishing AG

ER -