A Case Study of FMVEA and CHASSIS as Safety and Security Co-Analysis Method for Automotive Cyber-physical Systems

The increasing integration of computational components and physical systems creates cyber-physical system, which provide new capabilities and possibilities for humans to control and interact with physical machines. However, the correlation of events in cyberspace and physical world also poses new safety and security challenges. This calls for holistic approaches to safety and security analysis for the identification of safety failures and security threats and a better understanding of their interplay. This paper presents the application of two promising methods, i.e. Failure Mode, Vulnerabilities and Effects Analysis (FMVEA) and Combined Harm Assessment of Safety and Security for Information Systems (CHASSIS), to a case study of safety and security co-analysis of cyber-physical systems in the automotive domain. We present the comparison, discuss their applicabilities, and identify future research needs.

[1]  Péter Kárpáti,et al.  A Combined Process for Elicitation and Analysis of Safety and Security Requirements , 2012, BMMDS/EMMSAD.

[2]  Christoph Schmittner,et al.  Security Application of Failure Mode and Effect Analysis (FMEA) , 2014, SAFECOMP.

[3]  Sung-Ho Kim,et al.  The Design of Remote Vehicle Management System Based on OMA DM Protocol and AUTOSAR S/W Architecture , 2008, 2008 International Conference on Advanced Language Processing and Web Information Technology.

[4]  Shuhei Yamashita,et al.  Introduction of ISO 26262 'Road vehicles-Functional safety' , 2012 .

[5]  Nuno Pereira,et al.  Security vulnerabilities and risks in industrial usage of wireless communication , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[6]  Eric Armengaud,et al.  Towards Trust Assurance and Certification in Cyber-Physical Systems , 2014, SAFECOMP Workshops.

[7]  Subra Ganesan,et al.  Firmware over the air for automotive, Fotamotive , 2014, IEEE International Conference on Electro/Information Technology.

[8]  Daniel Hahn,et al.  Complexity, quality and robustness - the challenges of tomorrow's automotive electronics , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[9]  Levente Buttyán,et al.  Duqu: Analysis, Detection, and Lessons Learned , 2012 .

[10]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[11]  Manfred Broy,et al.  Engineering Automotive Software , 2007, Proceedings of the IEEE.

[12]  AvizienisAlgirdas,et al.  Basic Concepts and Taxonomy of Dependable and Secure Computing , 2004 .

[13]  Lei Sun,et al.  A Framework for Self-Verification of Firmware Updates over the Air in Vehicle ECUs , 2008, 2008 IEEE Globecom Workshops.

[14]  Ludovic Piètre-Cambacédès,et al.  Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes) , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[15]  Jana Maria Heinsohn,et al.  Einführung in die ISO 26262 "Functional Safety - Road Vehicles" , 2011 .

[16]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[17]  Herbert White,et al.  Interoperability of the trans-European high-speed rail system , 2014 .

[18]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[19]  E Hicham,et al.  Failure Mode and Effects Analysis (FMEA) , 2007 .

[20]  Erland Jonsson,et al.  A First Simulation of Attacks in the Automotive Network Communications Protocol FlexRay , 2008, CISIS.

[21]  Christoph Schmittner,et al.  FMVEA for Safety and Security Analysis of Intelligent and Cooperative Vehicles , 2014, SAFECOMP Workshops.

[22]  R. J. Walter,et al.  Center for Chemical Process Safety of the American Institute of Chemical Engineers , 2010 .

[23]  Muhammad Sabir Idrees,et al.  Secure Automotive On-Board Protocols: A Case of Over-the-Air Firmware Updates , 2011, Nets4Cars/Nets4Trains.

[24]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[25]  Laci J. Jalics,et al.  Overview of Remote Diagnosis and Maintenance for Automotive Systems , 2005 .

[26]  Andreas L. Opdahl,et al.  Enhancing CHASSIS: A Method for Combining Safety and Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[27]  Ayan Banerjee,et al.  Ensuring Safety, Security, and Sustainability of Mission-Critical Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[28]  Dwen-Ren Tsai,et al.  Integrated installing ISO 9000 and ISO 27000 management systems on an organization , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[29]  Nancy G. Leveson,et al.  Systems thinking for safety and security , 2013, ACSAC.

[30]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[31]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[32]  R. Bell,et al.  IEC 61508: functional safety of electrical/electronic/ programme electronic safety-related systems: overview , 1999 .

[33]  Igor Nai Fovino,et al.  Integrating cyber attacks within fault trees , 2009, Reliab. Eng. Syst. Saf..

[34]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .