Integration of safety and cybersecurity analysis through combination of systems and reliability theory methods

Joaquim Castella Triginer, Helmut Martin, Bernhard Winkler, Nadja Christiane Marko

Research output: Contribution to conferencePaperpeer-review


The development of requirements for automotive E/E (electrics/electronics) systems arebecoming increasingly complexsince these systems are more and moreinterconnectedand software intensive.In the automotive industry, there are two main international standards to accomplish safety and cybersecurityrequirements:ISO 26262 for functional safetyinE/E systems and SAE J3061(ISO/SAE21434 in elaboration)for cybersecurityengineeringin cyber-physical vehicle systems. Safety and securityare two interdependent properties of future automated driving systemsthat mustensure the protection ofvehicles againstunintended failures and intentional attacks.To optimize resources, it is necessary to find common properties to integrate functionalsafety and cybersecurity in a unified analysis. Furthermore, a holistic approach to safetyand cybersecurity analysis is needed, based on systems theory, which addresses more types of hazards and threats,and treats them as a problem of dynamic control rather than individual component failure.This paper presents the integration of safety and cybersecurity analysis through the combination of methods based on systems theory and reliability theory. It provides an overall, generic methodology to combinethe functional safety and cybersecurity analysis, to obtain a list of common requirements.The presented approachcombines systems theory methodsSTPA (Systems-Theoretic Process Analysis) and STPA-sec (STPA for Security) with the reliability theory methodsHARA (Hazard Analysis and Risk Assessment) and TARA (Threat Analysis and Risk Assessment).The proposed approach is applied to an on-goingproject of a fully automated vehicle at Virtual Vehicle Research Centercalled SPIDER(Smart PhysIcal Demonstration and Evaluation Robot). SPIDERis an omnidirectional robot car,which can autonomously move along a predefined global path with a self-developed mobile platform for the development and testing of autonomous driving functions.Firstresultsprovide a proof of concepton applying the proposed approach to the remote communication module of SPIDER obtaining the functional and technical safety and cybersecurity requirements.
Original languageEnglish
Publication statusSubmitted - 31 Jan 2020
Event10th European Congress Embedded Real Time Systems: ERTS 2020 - Toulouse, France
Duration: 29 Jan 202031 Jan 2020


Conference10th European Congress Embedded Real Time Systems
Abbreviated titleERTS 2020
Internet address

Cite this