Automotive SPICE, Safety and Cybersecurity Integration

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

[1]  Eric Armengaud,et al.  Integrated Safety and Security Development in the Automotive Domain , 2017 .

[2]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[3]  Eric Armengaud,et al.  A Combined Safety-Hazards and Security-Threat Analysis Method for Automotive Systems , 2014, SAFECOMP Workshops.

[4]  Christian Kreiner,et al.  Implementing Functional Safety Standards - Experiences from the Trials about Required Knowledge and Competencies (SafEUr) , 2013, EuroSPI.

[5]  Christian Kreiner,et al.  Extending Automotive SPICE 3.0 for the use in ADAS and future self‐driving service architectures , 2018, J. Softw. Evol. Process..

[6]  Christoph Schmittner,et al.  Integration of Security in the Development Lifecycle of Dependable Automotive CPS , 2021, Research Anthology on Artificial Intelligence Applications in Security.

[7]  Christian Kreiner,et al.  Integrating Automotive Hazard and Threat Analysis Methods: How Does This Fit with Assumptions of the SAE J3061. , 2016 .

[8]  Christian Kreiner,et al.  EU Project SafEUr - Competence Requirements for Functional Safety Managers , 2012, EuroSPI.

[9]  Richard Messnarz,et al.  Experiences with Trial Assessments Combining Automotive SPICE and Functional Safety Standards , 2012, EuroSPI.

[10]  Eric Armengaud,et al.  A Comprehensive Safety, Security, and Serviceability Assessment Method , 2015, SAFECOMP.

[11]  Christian Kreiner,et al.  Supporting Cyber-Security Based on Hardware-Software Interface Definition , 2016, EuroSPI.

[12]  Eric Armengaud,et al.  A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context , 2016, SAFECOMP.