Hostname: page-component-586b7cd67f-g8jcs Total loading time: 0 Render date: 2024-11-27T04:21:47.407Z Has data issue: false hasContentIssue false
  • English
  • Français

RESOLUTION OF SAFETY RELEVANT SECURITY THREATS IN THE SYSTEM ARCHITECTURE DESIGN PHASE ON THE EXAMPLE OF AUTOMOTIVE INDUSTRY

Published online by Cambridge University Press:  27 July 2021

Sergej Japs  and
Harald Anacker
Sergej Japs*
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
Harald Anacker
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM
*
Japs, Sergej, Fraunhofer Research Institute for Mechatronic Systems Design IEM, Product Engineering, Germany, [email protected]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS.

Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models.

However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account.

Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards.

In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns.

We illustrate our approach with the example of the automotive sector.

Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Keywords

Systems Engineering (SE)Design for X (DfX)Early design phasesRisk managementSecurity & Safety
Type
Article
Information
Proceedings of the Design Society , Volume 1: ICED21 , August 2021 , pp. 2561 - 2570
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.
Copyright
The Author(s), 2021. Published by Cambridge University Press

References

Anacker, H., Dumitrescu, R., Kharatyan, A., Lipsmeier, A. (2020), “Pattern based systems engineering - Application of solution patterns in the design of intelligent technical systems”, [16th International design conference, Cavat, Dubrovnik, Croatia], 10.1017/dsd.2020.107.Google Scholar
Amorim et al. (2017), “Systematic pattern approach for safety and security co-engineering in the automotive domain”, [International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2017), Trento, Italy], 10.1007/978-3-319-66266-4-22.Google Scholar
Bosch (2020), Products and Services, https://www.bosch-mobility-solutions.com/en/, last access: 2020-12-08.Google Scholar
Cheng, B.H.C., Doherty, B., Polanco, N., Pasco, M. (2019), “Security patterns for automotive systems”, [ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS-C), Munich, Germany], 10.1109/MODELS-C.2019.00014.Google Scholar
Dori, D. (2016), “Model-Based Systems Engineering with OPM and SysML”, Springer.CrossRefGoogle Scholar
Dumitrescu, R., Kaiser, L., Meyer, M. and Holtmann, J. (2013),“Automatic verification of modeling rules in systems engineering for mechatronic systems”,[Proceedings of the ASME 2013 International Design Engineering Technical Conferences, Portland, Oregon, USA, 2013], 10.1115/DETC2013-12330.Google Scholar
Fernandez-Buglioni, E. (2013), “Security Patterns in Practice: Designing Secure Architectures Using Software Patterns”, Wiley.Google Scholar
Gausemeier, J., Rammig, F.J., Schäfer, W. (2014), “Design methodology for intelligent technical systems”, Springer, Berlin-Heidelberg, 2014,10.1007/978-3-642-45435-6.Google Scholar
Greenberg, A. (2015), “Hackers remotely kill a jeep on the highway - with me in it”, https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/, Wired Online, last access: 2020-09-11.Google Scholar
Goldman, D. (2015), “Chrysler recalls 1.4 million hackable cars”, 2015, CNN Business https://money.cnn.com/2015/07/24/technology/chrysler-hack-recall/index.html, last access: 2020-12-08.Google Scholar
Heisel, M., Maidl, M., Wagner, M., Wirtz, R., Zhao, T. (2019), “Pattern-based modeling of cyber-physical systems for analyzing security”, [24th European Conference on Pattern Languages of Programs (EuroPLoP'19), Irsee, Germany], 10.1145/3361149.3361172.Google Scholar
Howard, M., Lipner, S. (2006), “The security development lifecycle”, Microsoft Press, 10.1109/MSP.2017.14.Google Scholar
International standards organization (2018), “ISO 26262: Road vehicles – Functional safety”.Google Scholar
International standards organization (2015), “ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes”.Google Scholar
Japs, S., Kharatyan, A., Kaiser, L., Dumitrescu, R. (2020), “Method for 3D-environment driven domain knowledge elicitation and system model generation”, [16th International design conference, Cavat, Dubrovnik, Croatia], 10.1017/dsd.2020.41.Google Scholar
Japs, S. (2020), “Security & Safety by Model-based Requirements Engineering”,[28th IEEE International Requirements Engineering Conference], 10.1109/RE48521.2020.00062,CrossRefGoogle Scholar
Japs, S., Anacker, H., Dumitrescu, R. (2020), “SAVE: Security & safety by model-based systems engineering on theexample of automotive industry” (in press), https://owncloud.fraunhofer.de/index.php/s/hEuRbag1slmtyTD, last access: 2020-12-08Google Scholar
Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C. (2015), “SAHARA: A Security-Aware Hazard and Risk Analysis Method”, [Proceedings of design, automation & test in europe conference & exhibition (DATE), Grenoble, France], 10.7873/DATE.2015.0622.Google Scholar
Mead, N.R., Stehney, T. (2005), “Security quality requirements engineering (SQUARE) methodology”, [Proceedings of the 2005 Workshop on Software Engineering for Secure Systems—Building Trustworthy Applications, St. Louis, Missouri], 10.1145/1082983.1083214.Google Scholar
Pohl, K. (2016), “Requirements engineering: Fundamentals, principles, and techniques”, Springer.Google Scholar
Rehman, S. U., Allgaier, C., Gruhn, V. (2018), “Security requirements engineering: A framework for cyber-physical systems”, [2018 International Conference on Frontiers of Information Technology (FIT), Islamabad, Pakistan], 10.17185/duepublico/71232.Google Scholar
Rupp, C. and die SOPHISTen (2014), “Requirements-Engineering und -Management: Aus der Praxis von klassisch bis agil”, Carl Hanser Verlag.CrossRefGoogle Scholar
SAE International (2016), “Cybersecurity guidebook for cyber-physical vehicle systems J3061”.Google Scholar
SecForCARs 2020, Research project security for connected automated cars, https://www.secforcars.de, last access: 2020-12-08.Google Scholar
Shostack, A. (2014),“Threat Modeling: Designing for Security”, Wiley, 2014.Google Scholar
Stølen, K. et al. (2002), “Model-based risk assessment - the CORAS approach”, [Proceddings of the norsk informatikkkonferanse (NIK 2002), Tapir].Google Scholar
CONSENS application (2020), https://smartmechatronics.de/consens, last access: 2020-12-08.Google Scholar
Data set (2020), https://owncloud.fraunhofer.de/index.php/s/01hyejztC0nrRJ8, last access: 2020-12-08Google Scholar
Object Management Group (2015), Systems modeling language specification V. 1.4s.Google Scholar
Unity Consens (2020), Project References on the UNITY Innovation Alliance, https://www.unity-innovation-alliance.com/en/, last access: 2020-12-08.Google Scholar
Tekaat, J., Kharatyan, A., Anacker, H., Dumitrescu, R. (2019), “Potentials for the integration of design thinking along automotive systems engineering focusing security and safety”, [International Conference on Engineering Design (ICED), Delft, The Netherlands], 10.1017/dsi.2019.295.Google Scholar