Skip to main content
SpringerLink
Log in

Reduce Time Performing an Assessment - Considering Work Products

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1646))

Included in the following conference series:

Abstract

ASPICE has been introduced to develop embedded systems at automotive suppliers to assess the capability of processes. ASPICE covers processes for software, system, quality assurance, configuration management, problem resolution, change management, project management and supplier monitoring in VDA (Verband der Automobilindustrie) scope. It defines a scheme for determining the capability of the process based on the underlying PAM. HW Spice is also taken into consideration because it is also necessary for Cybersecurity but not mechanical Spice. Based on ASPICE, VDA defines processes for Cybersecurity Engineering, Cybersecurity Risk Management and Supplier Request and Selection. This means additional effort for the assessors and also the engineering team when the ASPICE assessment is extended by processes of Cybersecurity to satisfy the requirements of standard ISO/SAE 21434. VDA also defines Rules and Recommendations for rating practices according the NPLF scheme of ASPICE for processes defined in VDA Scope and for Cybersecurity. This paper investigates how to implement the proposals for reducing time performing an assessment in a well-established tool.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmad, F., Adnane, A., Franqueira, V., Kurugollu, F., Liu, L.: Man-in-the-middle attacks in vehicular ad-hoc networks: evaluating the impact of attackers strategies. Sensors 18(11) (2018). https://doi.org/10.3390/s18114040

  2. Brennich, T., Moser, M.: Automotive security auf dem Pruefstand. ATZelectronics 15, 48–53 (2020). https://doi.org/10.1007/s35658-019-0155-9

    Article  Google Scholar 

  3. Cheng, B., Doherty, B., Polanco, N., Pasco, M.: Security patterns for connected and automated automotive systems. Autom. Softw. Eng. 1(1), 51–77 (2021). https://doi.org/10.2991/jase.d.200826.001

    Article  Google Scholar 

  4. Dobaj, J., Ekert, D., Stolfa, J., Stolfa, S., Macher, G., Messnarz, R.: Cybersecurity threat analysis and risk assessment and design patterns for automotive networked embedded systems: a case study. JUCS Univ. Comput. Sci. 27(8), 830–849 (2021). https://lib.jucs.org/article/72367/

    Article  Google Scholar 

  5. Ebert, C.: Efficient implementation of standards for security, safety and UNECE. ATZelectronics Worldwide 15(9), 40–43 (2020). https://doi.org/10.1007/s38314-020-0250-y

    Article  Google Scholar 

  6. Groza, B., Murvay, P.: Identity-based key exchange on in-vehicle networks: CAN-FD and FlexRay. Sensors 19(22) (2019). https://doi.org/10.3390/s19224919

  7. intacs: HW Spice, intacs Working Group HW Engineering Processes (2019)

    Google Scholar 

  8. intacs: Process Assessment Model SPICE for Mechanical Engineering, intacs Working Group MECH Engineering Processes (2020)

    Google Scholar 

  9. ISO/IEC: ISO/IEC 33020 Information technology - Process assessment Process measurement framework for assessment of process capability (2019)

    Google Scholar 

  10. ISO/SAE: ISO/SAE DIS 21434, Strassenfahrzeuge, Cybersecurity Engineering (2020)

    Google Scholar 

  11. Jadhav, A.: Automotive cybersecurity. In: Kathiresh, M., Neelaveni, R. (eds.) Automotive Embedded Systems. EICC, pp. 101–114. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-59897-6_6

    Chapter  Google Scholar 

  12. Kim, S., Shrestha, R.: Introduction to automotive cybersecurity. In: Kim, S., Shrestha, R. (eds.) Automotive Cyber Security, pp. 1–13. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_1

    Chapter  Google Scholar 

  13. Kneuper, R.: Software processes in the software product life cycle. In: Kneuper, R. (ed.) Software Processes and Life Cycle Models, pp. 69–157. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98845-0_3

    Chapter  Google Scholar 

  14. Laborde, R., Bulusu, S., Wazan, A., Oglaza, A., Benzekri, A.: A Methodological approach to evaluate security requirements engineering methodologies: application to the IREHDO2 project context. Cybersecur. Priv. 1(3), 422–452 (2021). https://doi.org/10.3390/jcp1030022

    Article  Google Scholar 

  15. Magdy, E.: A-SPICE for cybersecurity: analysis and enriched practices. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 564–574. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_37

    Chapter  Google Scholar 

  16. Macher, G., Schmittner, C., Dobaj, J., Armengaud, E.: An integrated view on automotive SPICE and functional safety and cyber-security. SAE Technical Paper (2020). https://doi.org/10.4271/2020-01-0145

  17. MacGregor, J., Burton, S.: Challenges in assuring highly complex, high volume safety-critical software. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 252–264. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_22

    Chapter  Google Scholar 

  18. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  19. Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35

    Chapter  Google Scholar 

  20. Moselhy, N., Ali, Y.: Impact of the new A-SPICE appendix for cybersecurity on the implementation of ISO26262 for functional safety. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 122–136. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_9

    Chapter  Google Scholar 

  21. Petho, Z., Khan, I., Torok, Á.: Analysis of security vulnerability levels of in-vehicle network topologies applying graph representations. J. Electron. Test. 37, 613–621 (2022). https://doi.org/10.1007/s10836-021-05973-x

    Article  Google Scholar 

  22. Pries-Heje, J., Johanson, J.: SPI Manifesto, European system and software improvement and innovation (2010)

    Google Scholar 

  23. Schlager, C., Macher, G.: The cybersecurity extension for ASPICE - a view from ASPICE assessors. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 409–422. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_27

    Chapter  Google Scholar 

  24. Singh, M.: Cybersecurity in automotive technology. In: Singh, M. (ed.) Information Security of Intelligent Vehicles Communication. SCI, vol. 978, pp. 29–50. Springer, Singapore (2021). https://doi.org/10.1007/978-981-16-2217-5_3

    Chapter  Google Scholar 

  25. SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO26262, ISO21434 and SAE J3061. http://soqrates.eurospi.net/

  26. VDA QMC: Automotive SPICE Process Reference Model/Process Assessment Model (2015)

    Google Scholar 

  27. VDA QMC: Automotive Spice Guidelines, 2nd edn. (2017)

    Google Scholar 

  28. VDA QMC: Automotive SPICE for Cybersecurity, 1st edn. (2021)

    Google Scholar 

  29. VDA QMC: Automotive SPICE for Cybersecurity Process Reference and Assessment Model (2021)

    Google Scholar 

Download references

Acknowledgements

We are grateful to a working party of Automotive suppliers SOQRATES (www.soqrates.de) who exchange knowledge about such assessment strategies. This includes: Böhner Martin (Elektrobit), Brasse Michael (HELLA), Bressau Ernst (BBraun), Dallinger Martin (ZF), Dorociak Rafal (HELLA), Dreves Rainer (Continental Automotive), Ekert Damjan (ISCN), Forster Martin (ZKW), Geipel Thomas (BOSCH), Grave Rudolf (Elektrobit), Griessnig Gerhard (AVL), Gruber Andreas (ZKW), Habel Stephan (Continental Automotive), Hällmayer Frank (Software Factory), Haunert Lutz (Giesecke & Devrient), Karner Christoph (KTM), Kinalzyk Dietmar (AVL), König Frank (ZF), Lichtenberger Christoph (MAGNA ECS), Lindermuth Peter (Magna Powertrain), Macher Georg (TU Graz & ISCN), Mandic Irenka (Magna Powertrain), Maric Dijas (Lorit Consultancy), Mayer Ralf (BOSCH Engineering), Mergen Silvana (TDK/EPCOS), Messnarz Richard (ISCN), Much Alexander (Elektrobit), Nikolov Borislav (msg Plaut), Oehler Couso Daniel (Magna Powertrain), Riel Andreas (Grenoble INP & ISCN), Rieß Armin (BBraun), Santer Christian (AVL), Schlager Christian (Magna ECS), Schmittner Christoph (Austrian Institute of Technology AIT), Schubert Marion (ZKW), Sechser Bernhard (Process Fellows), Sokic Ivan (Continental Automotive), Sporer Harald (Infineon), Stahl Florian (AVL), Wachter Stefan (msg Plaut), Walker Alastair (Lorit Consultancy), Wegner Thomas (ZF).

Author information

Authors and Affiliations

  1. Technische Universität Graz, Graz, Austria

    Christian Schlager, Georg Macher & Eugen Brenner

  2. ISCN, Graz, Austria

    Richard Messnarz & Damjan Ekert

Authors
  1. Christian Schlager
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Damjan Ekert
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eugen Brenner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Georg Macher , Richard Messnarz , Damjan Ekert or Eugen Brenner .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Turkey

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

  4. Paracelsus Medical University, Salzburg, Austria

    Bruno Wöran

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schlager, C., Macher, G., Messnarz, R., Ekert, D., Brenner, E. (2022). Reduce Time Performing an Assessment - Considering Work Products. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol 1646. Springer, Cham. https://doi.org/10.1007/978-3-031-15559-8_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15559-8_39

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15558-1

  • Online ISBN: 978-3-031-15559-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation