Abstract
Creating modern safe automated systems like vehicles demands making them secure. With many diverse components addressing different needs, it is hard to trace and ensure the contributions of components to the overall security of systems. Principles, as high-level statements, can be used to reason how components contribute to security (and privacy) needs. This would help to design systems and products by aligning security and privacy concerns. The structure proposed in this positioning paper helps to make traceable links from stakeholders to specific technologies and system components. It aims at informing holistic discussions and reasoning on security approaches with stakeholders involved in the system development process. Ultimately, the traceable links can help to assist in aligning developers, create test cases, and provide certification claims - essential activities to ensure the final system is secure and safe.
This research is carried out as part of SECREDAS and INTERSECT projects. SECREDAS is funded by the ECSEL Joint Undertaking of the European Union under grant agreement number 783119. INTERSECT is a public private partnership funded by the Dutch National Research Council (Grant NWA. 1162.18.301).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Asadi Khashooei, B., Vasenev, A., Kocademir, H.A., Mathijssen, R.W.: Architecting system of systems solutions with security and data-protection principles. In: 2021 16th International Conference of System of Systems Engineering (SoSE) (SoSE 2021), June 2021
Bijlsma, T., van der Sanden, B., Li, Y., Janssen, R., Tinsel, R.: Decision support methodology for evolutionary embedded system design. In: 2019 International Symposium on Systems Engineering (ISSE), pp. 1–8. IEEE (2019)
Bijlsma, T., Suermondt, W.T., Doornbos, R.: A knowledge domain structure to enable system wide reasoning and decision making. Procedia Comput. Sci. 153, 285–293 (2019)
Bodeau, D., Graubart, R.: Cyber resiliency design principles selective use throughout the lifecycle and in conjunction with related disciplines. Technical report, MITRE CORP BEDFORD MA BEDFORD United States (2017)
DAARIUS: DAARIUS methodology. Embedded Systems Innovation (ESI) (2019). https://esi.nl/research/output/methods/daarius-methodology. Accessed 18 Feb 2021
Halperin, D., Heydt-Benjamin, T.S., Fu, K., Kohno, T., Maisel, W.H.: Security and privacy for implantable medical devices. IEEE Pervasive Comput. 7(1), 30–39 (2008)
Haponava, T., Al-Jibouri, S.H.: Identifying the KPIs for the design stage based on the main design sub-processes. In: Proceedings of joint CIB conference on Performance and Knowledge Management, 3–4 June, Helsinki, Finland. pp. 14–23. CIB (2008)
Laverdiere, M., Mourad, A., Hanna, A., Debbabi, M.: Security design patterns: Survey and evaluation. In: 2006 Canadian Conference on Electrical and Computer Engineering, pp. 1605–1608. IEEE (2006)
Marko, N., Vasenev, A., Striecks, C.: Collecting and classifying security and privacy design patterns for connected vehicles: SECREDAS approach. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12235, pp. 36–53. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55583-2_3
Moneva, H., Hamberg, R., Punter, T.: A design framework for model-based development of complex systems. In: 32nd IEEE Real-Time Systems Symposium 2nd Analytical Virtual Integration of Cyber-Physical Systems Workshop, Vienna (2011)
Muller, G.: CAFCR: A multi-view method for embedded systems architecting. Balancing Genericity and Specificity (2004)
Regulation, G.D.P.: Regulation eu 2016/679 of the European parliament and of the council of 27 April 2016. Official Journal of the European Union (2016). http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf. Accessed 28 Jan 2021
Riva, G.M.: Privacy architecting of GDPR-compliant high-tech systems: the PAGHS methodology (2019). http://essay.utwente.nl/79359/
Saltzer, J.H., Schroeder, M.D.: The protection of information in computer systems. Proc. IEEE 63(9), 1278–1308 (1975)
SECREDAS: SECREDAS project: an ECSEL joint undertaking (2021). https://secredas-project.eu/. Accessed 27 Jan 2021
Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)
Stolfo, S., Bellovin, S.M., Evans, D.: Measuring security. IEEE Secur. Priv. 9(3), 60–65 (2011)
Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inf. 5(5), 35–47 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Asadi Khashooei, B., Vasenev, A., Kocademir, H.A. (2021). Structured Traceability of Security and Privacy Principles for Designing Safe Automated Systems. In: Habli, I., Sujan, M., Gerasimou, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops. SAFECOMP 2021. Lecture Notes in Computer Science(), vol 12853. Springer, Cham. https://doi.org/10.1007/978-3-030-83906-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-83906-2_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83905-5
Online ISBN: 978-3-030-83906-2
eBook Packages: Computer ScienceComputer Science (R0)