Seminar: Automotive Cybersecurity

Embedded Security

Learning Goals

• What is security? How does it differ from safety and other system properties?
• Why security is so hard to manage

Importance of Security Engineering for Embedded Automotive Systems

• “Security for Safety”
• Increasing importance of information assets and data protection

Special Features of Security Compared to Other Non-Functional Properties

• Lack of invariance to refinement or aggregation
• Lack of product metrics for security
• Lack of stochastic predictability
• Lack of restriction of attacks to the original system architecture or to the intended functional principle

Process Model for Security Requirements Engineering

Learning Goals

• Introduction to the basic terminology (stakeholder, asset, threat, security policy, security assumptions, security goals, security requirement, ...)
• Basic process model:
  • Systematic derivation of the security problem to be solved
  • Systematic derivation of security goals and security requirements from the security problem
  • Requirements on the security problem
• Useful notations for requirements elicitation and threat analysis

Asset Elicitation

• Various types of assets
• STPA control structure model as an aid for asset identification

Threat Analysis

• Threat = {Agent, Asset, Adverse Action}
• Notation: threat matrix

Security Policies

• Role of policies as the source of security requirements

Security Assumptions, Claims

• Role of assumptions in requirements analysis
• Examples of security assumptions

Security Objectives, Goals

• Derivation of goals from threats, policies, and assumptions
• Notation: TPAxO Matrix

Refinement of Security Requirements Goals

• Coverage of all goals
• Notation: Requirements Matrix

Further Considerations

• Composition of security sub-analyses

System-Theoretic Process Analysis (STPA)

Learning Goals

• STPA as a method for the security- and safety analysis of cyber-physical systems
• STPA control structure model as a contribution of STPA to the process model according to seminar unit 2
• STPA as a link between safety and security as well as between developers and analysts

STPA Basics

• Weaknesses of established analysis methods

Control-Structure Modeling

• Concept of the hierarchical control structure
• Exercise: Modeling of a Cooperative Adaptive Cruise Control as a control structure model

From the Control Structure to the Security Problem to the Security Requirements

• Derivation of assets, vulnerabilities, threats, and security objectives from the control structure

Outlook: STPA as a Bridge between Safety and Security

• HARA / TARA
• Security for Safety

Positioning of the Process Model in the ISO/SAE 21434 Framework

Learning Goals

• Important activities according to ISO/SAE 21434 from the supplier perspective
• Positioning of the process model and STPA

Structure of ISO/SAE 21434

• Lifecycle phases like V-Model view
• Basic requirements in each phase
• Mirroring of the requirements for UN/ECE R155
• Integration into quality management according to Automotive SPICE

Contribution of the Process Model to the ISO/SAE 21434 Framework

• Item definition
• TARA
• Security concept