Automotive SPICE, safety and cybersecurity integration

Georg Macher; Alexander Much; Andreas Riel; Richard Messnarz; Christian Kreiner

doi:10.1007/978-3-319-66284-8_23

Automotive SPICE, safety and cybersecurity integration

Georg Macher^*, Alexander Much, Andreas Riel, Richard Messnarz, Christian Kreiner

^*Corresponding author for this work

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

Original language	English
Title of host publication	Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings
Publisher	Springer Verlag
Pages	273-285
Number of pages	13
Volume	10489 LNCS
ISBN (Print)	9783319662831
DOIs	https://doi.org/10.1007/978-3-319-66284-8_23
Publication status	Published - 27 Sept 2017
Event	International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017 - Trento, Italy Duration: 12 Sept 2017 → 12 Sept 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10489 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017
Country/Territory	Italy
City	Trento
Period	12/09/17 → 12/09/17

Keywords

Automotive
Automotive SPICE
ISO 26262
SAE J3061
Security analysis

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-66284-8_23

Cite this

Macher, G., Much, A., Riel, A., Messnarz, R., & Kreiner, C. (2017). Automotive SPICE, safety and cybersecurity integration. In Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings (Vol. 10489 LNCS, pp. 273-285). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10489 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-66284-8_23

Automotive SPICE, safety and cybersecurity integration. / Macher, Georg; Much, Alexander; Riel, Andreas et al.
Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS Springer Verlag, 2017. p. 273-285 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10489 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Macher, G, Much, A, Riel, A, Messnarz, R & Kreiner, C 2017, Automotive SPICE, safety and cybersecurity integration. in Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. vol. 10489 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10489 LNCS, Springer Verlag, pp. 273-285, International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017, Trento, Italy, 12/09/17. https://doi.org/10.1007/978-3-319-66284-8_23

Macher G, Much A, Riel A, Messnarz R, Kreiner C. Automotive SPICE, safety and cybersecurity integration. In Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS. Springer Verlag. 2017. p. 273-285. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-66284-8_23

Macher, Georg ; Much, Alexander ; Riel, Andreas et al. / Automotive SPICE, safety and cybersecurity integration. Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings. Vol. 10489 LNCS Springer Verlag, 2017. pp. 273-285 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c6f1c267fa4141fcb535b5536c609ac3,

title = "Automotive SPICE, safety and cybersecurity integration",

abstract = "Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group{\textquoteright}s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.",

keywords = "Automotive, Automotive SPICE, ISO 26262, SAE J3061, Security analysis",

author = "Georg Macher and Alexander Much and Andreas Riel and Richard Messnarz and Christian Kreiner",

year = "2017",

month = sep,

day = "27",

doi = "10.1007/978-3-319-66284-8_23",

language = "English",

isbn = "9783319662831",

volume = "10489 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "273--285",

booktitle = "Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings",

address = "Germany",

note = "International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017 ; Conference date: 12-09-2017 Through 12-09-2017",

}

TY - GEN

T1 - Automotive SPICE, safety and cybersecurity integration

AU - Macher, Georg

AU - Much, Alexander

AU - Riel, Andreas

AU - Messnarz, Richard

AU - Kreiner, Christian

PY - 2017/9/27

Y1 - 2017/9/27

N2 - Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

AB - Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

KW - Automotive

KW - Automotive SPICE

KW - ISO 26262

KW - SAE J3061

KW - Security analysis

UR - http://www.scopus.com/inward/record.url?scp=85029519410&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-66284-8_23

DO - 10.1007/978-3-319-66284-8_23

M3 - Conference paper

AN - SCOPUS:85029519410

SN - 9783319662831

VL - 10489 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 273

EP - 285

BT - Computer Safety, Reliability, and Security - SAFECOMP 2017 Workshops ASSURE, DECSoS, SASSUR, TELERISE, and TIPS, Proceedings

PB - Springer Verlag

T2 - International Conference on Computer Safety, Reliability, and Security, SAFECOMP 2017 and 5th International Workshop on Assurance Cases for Software-Intensive Systems, ASSURE 2017, 12th Workshop on Dependable Embedded and Cyber-physical Systems and Systems-of Systems, DECSoS 2017, 6th International Workshop on Next Generation of System Assurance Approaches for Safety Critical Systems, SASSUR 2017, 3rd International Workshop on Technical and Legal Aspects of Data Privacy and Security, TELERISE 2017 and 2nd International Workshop on the Timing Performance in Safety Engineering, TIPS 2017

Y2 - 12 September 2017 through 12 September 2017

ER -

Automotive SPICE, safety and cybersecurity integration

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Industrial Informatics

AQU-AutoUniverse - Automotive Quality Universities

Cite this

Automotive SPICE, safety and cybersecurity integration

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Projects

Industrial Informatics

AQU-AutoUniverse - Automotive Quality Universities

Cite this