Combined automotive safety and security pattern engineering approach

Abstract Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.

[1]  Bruce Powel Douglass,et al.  Design Patterns for Embedded Systems in C: An Embedded Software Engineering Toolkit , 2010 .

[2]  Magnus Almgren,et al.  Adapting Threat Modeling Methods for the Automotive Industry , 2017 .

[3]  Stefan Schulz,et al.  Integrating System Modelling with Safety Activities , 2010, SAFECOMP.

[4]  Ioannis G. Askoxylakis,et al.  A Pattern-Based Approach for Designing Reliable Cyber-Physical Systems , 2014, GLOBECOM 2014.

[5]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[6]  Christoph Schmittner,et al.  Status of the Development of ISO/SAE 21434 , 2018, EuroSPI.

[7]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[8]  Laura L. Pullum,et al.  Software Fault Tolerance Techniques and Implementation , 2001 .

[9]  C.J.H. Mann,et al.  A Practical Guide to SysML: The Systems Modeling Language , 2009 .

[10]  Ashraf Armoush,et al.  Design patterns for safety-critical embedded systems , 2010 .

[11]  Wolfgang Reif,et al.  Model Based Safety Analysis , 2009 .

[12]  Christoph Schmittner,et al.  Co-Engineering-in-the-Loop , 2018, SAFECOMP Workshops.

[13]  Christopher Preschern,et al.  Security analysis of safety patterns , 2013 .

[14]  Bruce Powell Douglass,et al.  Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems , 2002 .

[15]  Christoph Schmittner,et al.  Systematic Pattern Approach for Safety and Security Co-engineering in the Automotive Domain , 2017, SAFECOMP.

[16]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[17]  Christoph Schmittner,et al.  A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems , 2015, CPSS@ASIACSS.

[18]  Eric Armengaud,et al.  SAHARA: A security-aware hazard and risk analysis method , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[19]  Mohammad Hamad,et al.  Towards Comprehensive Threat Modeling for Vehicles , 2016 .

[20]  Christoph Schmittner,et al.  Integration of Security in the Development Lifecycle of Dependable Automotive CPS , 2021, Research Anthology on Artificial Intelligence Applications in Security.

[21]  Jeff A. Estefan,et al.  of Model-Based Systems Engineering ( MBSE ) Methodologies , 2008 .

[22]  Christoph Schmittner,et al.  Threat Modeling for Automotive Security Analysis , 2016 .

[23]  Christoph Schmittner,et al.  Towards Integrated Quantitative Security and Safety Risk Assessment , 2019, SAFECOMP Workshops.

[24]  Eduardo B. Fernández,et al.  A Pattern-Driven Security Process for SOA Applications , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[25]  Christopher Preschern,et al.  Building a safety architecture pattern system , 2015, EuroPLoP '13.

[26]  Murray Silverstein,et al.  A Pattern Language , 1977 .

[28]  Christoph Schmittner,et al.  Safety and Security Co-engineering of Connected, Intelligent, and Automated Vehicles , 2017, ERCIM News.

[29]  Muhammad Sabir Idrees A framework towards the efficient identification and modeling of security requirements , 2010 .

[30]  Tetsuo Kotoku,et al.  A profile and tool for modelling safety information with design information in SysML , 2014, Software & Systems Modeling.