Skip to main content
SpringerLink
Log in

Safety and Security Co-engineering and Argumentation Framework

  • Conference paper
  • First Online:
Book cover Computer Safety, Reliability, and Security (SAFECOMP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10489))

Included in the following conference series:

Abstract

Automotive systems become increasingly complex due to their functional range and data exchange with the outside world. Until now, functional safety of such safety-critical electrical/electronic systems has been covered successfully. However, the data exchange requires interconnection across trusted boundaries of the vehicle. This leads to security issues like hacking and malicious attacks against interfaces, which could bring up new types of safety issues. Before mass-production of automotive systems, arguments supported by evidences are required regarding safety and security. Product engineering must be compliant to specific standards and must support arguments that the system is free of unreasonable risks.

This paper shows a safety and security co-engineering framework, which covers standard compliant process derivation and management, and supports product specific safety and security co-analysis. Furthermore, we investigate process- and product-related argumentation and apply the approach to an automotive use case regarding safety and security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The term “safety” refers functional safety according to ISO 26262, and “security” refers to cybersecurity according to SAE J3061.

  2. 2.

    Technology-specific details have been abstracted for commercial sensitivity and presented analysis results are not intended to be exhaustive.

  3. 3.

    Eclipse Process Framework, www.eclipse.org/epf/.

References

  1. Greenberg, A.: Hackers remotely kill a jeep on the highway—with me in it. Wired, 7, 21 (2015). https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

  2. Yan, C., Wenyuan, X., Liu, J.: Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicle. DEF CON (2016)

    Google Scholar 

  3. Borchert, J., Slusser, S.: Automotive (R)evolution: defining a security paradigm in the age of the connected car. Infineon Report Web, November 2014

    Google Scholar 

  4. Glas, B., Gebauer, C., Hänger, J., Heyl, A., Klarmann, J., Kriso, S., Wörz, P.: Automotive safety and security integration challenges. In: Automotive-Safety & Security (2014)

    Google Scholar 

  5. International Organization for Standardization. ISO 26262 - Road vehicles – Functional safety, Part 1–10. ISO/TC 22/SC 32 - Electrical and electronic components and general system aspects, 15 November 2011

    Google Scholar 

  6. SAE: J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)

    Google Scholar 

  7. Leveson, N.: A new accident model for engineering safer systems. Saf. Sci. 42(4), 237–270 (2004)

    Article  Google Scholar 

  8. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 621–624. IEEE, March 2015

    Google Scholar 

  9. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Cham (2014). doi:10.1007/978-3-319-10506-2_21

    Google Scholar 

  10. Goal Structuring Notation Working Group, GSN Community Standard Version 1, 16 November 2011. www.goalstructuringnotation.info

  11. Ray, A., Cleaveland, R.: Security assurance cases for medical cyber-physical systems. IEEE Des. Test 32(5), 56–65 (2015)

    Article  Google Scholar 

  12. Menon, C., Hawkins, R., McDermid, J.: Interim standard of best practice on SW in the context of DS 00-56 Issue 4. SSEI, University of York, Standard of Best Practice (1) (2009)

    Google Scholar 

  13. Preschern, C., Kajtazovic, N., Kreiner, C.: Security analysis of safety patterns. In: Proceedings of the 20th Conference on Pattern Languages of Programs, p. 12. The Hillside Group, October 2013

    Google Scholar 

  14. Taguchi, K., Souma, D., Nishihara, H.: Safe & sec case patterns. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2014. LNCS, vol. 9338, pp. 27–37. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_3

    Chapter  Google Scholar 

  15. Ruiz, A., Larrucea, X., Espinoza, H.: A tool suite for assurance cases and evidences: avionics experiences. In: O’Connor, R., Umay Akkaya, M., Kemaneci, K., Yilmaz, M., Poth, A., Messnarz, R. (eds.) Systems, Software and Services Process Improvement. CCIS, vol. 543, pp. 63–71. Springer, Cham (2015). doi:10.1007/978-3-319-24647-5_6

    Chapter  Google Scholar 

  16. Kristen, E., Althammer, E.: FlexRay robustness testing contributing to automated safety certification. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 201–211. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_18

    Chapter  Google Scholar 

  17. Macher, G., Armengaud, E., Kreiner, C., Brenner, E., Schmittner, C., Ma, Z., Krammer, M.: Integration of security in the development lifecycle of dependable automotive CPS. In: Druml, N., Genser, A., Krieg, A., Menghin, M., Hoeller, A. (eds.) Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity. IGI Global, in press

    Google Scholar 

  18. Martin, H., Krammer, M., Bramberger, R., Armengaud, E.: Process-and product-based lines of argument for automotive safety cases. In: ACM/IEEE 7th International Conference on Cyber-Physical Systems (2016)

    Google Scholar 

  19. Young, W., Leveson, N.: Systems thinking for safety and security. In: Proceedings of the 29th Annual Computer Security Applications Conference, pp. 1–8. ACM (2013)

    Google Scholar 

  20. Abdulkhaleq, A., Wagner, S.: XSTAMPP: an eXtensible STAMP platform as tool support for safety engineering (2015)

    Google Scholar 

  21. Schmittner, C., Ma, Z., Puschner, P.: Limitation and improvement of STPA-sec for safety and security co-analysis. In: Skavhaug, A., Guiochet, J., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9923, pp. 195–209. Springer, Cham (2016). doi:10.1007/978-3-319-45480-1_16

    Chapter  Google Scholar 

Download references

Acknowledgment

This work is supported by the projects EMC2 and AMASS. Research leading to these results has received funding from the EU ARTEMIS Joint Undertaking under grant agreement no. 621429 (project EMC2), project AMASS (H2020-ECSEL no 692474; Spain’s MINECO ref. PCIN-2015-262) and from the COMET K2 - Competence Centres for Excellent Technologies Programme of the Austrian Federal Ministry for Transport, Innovation and Technology (bmvit), the Austrian Federal Ministry of Science, Research and Economy (bmwfw), the Austrian Research Promotion Agency (FFG), the Province of Styria and the Styrian Business Promotion Agency (SFG).

Author information

Authors and Affiliations

  1. VIRTUAL VEHICLE Research Center, Graz, Austria

    H. Martin & R. Bramberger

  2. Austrian Institute of Technology, Vienna, Austria

    C. Schmittner, Z. Ma & T. Gruber

  3. TECNALIA/ICT Division, Derio, Spain

    A. Ruiz

  4. AVL List GmbH, Graz, Austria

    G. Macher

Authors
  1. H. Martin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Bramberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. C. Schmittner
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Z. Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. T. Gruber
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. A. Ruiz
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. G. Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to H. Martin .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

  2. Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  3. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Martin, H. et al. (2017). Safety and Security Co-engineering and Argumentation Framework. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66284-8_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66283-1

  • Online ISBN: 978-3-319-66284-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation