Skip to main content
Springer Nature Link
Log in

Reducing Time for Performing ASPICE Assessments

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 651))

Included in the following conference series:

  • 865 Accesses

Abstract

The development of embedded systems requires the use of development processes. These processes for development are defined in ASPICE for assessment of their capability. The processes ASPICE covers are about software, system, support, project management, supplier monitoring. It defines a scheme to assess the processes according to the rating scheme NPLF (Not, Partially, Largely, Fully). HW Spice is not part of the current version of ASPICE yet. In order to fulfill the requirements of cybersecurity HW Spice is considered as important part. VDA defines additional processes for cybersecurity to fulfill the requirements of standard ISO/SAE 21434. These additional processes are about Supplier Request and Selection, Risk Management and Engineering. They increase the effort performing an assessment. This paper finds common work products and dependencies to reduce the time for an assessment covering processes of both ASPICE and Cybersecurity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ahmad, F., Adnane, A., Franqueira, V., Kurugollu, F., Liu, L.: Man-in-the-middle attacks in vehicular ad-hoc networks: evaluating the impact of attackers strategies. Sensors 18(11), 4040 (2018). https://doi.org/10.3390/s18114040

    Article  Google Scholar 

  2. Brennich, T., Moser, M.: Automotive security auf dem Pruefstand. ATZelectronics 15(1), 48–53 (2020)

    Google Scholar 

  3. Cheng, B.H., Doherty, B., Polanco, N., Pasco, M.: Security patterns for connected and automated automotive systems. J. Autom. Softw. Eng. 1(1), 51–77 (2020). https://doi.org/10.2991/jase.d.200826.001

    Article  Google Scholar 

  4. Dobaj, J., Ekert, D., Stolfa, J., Stolfa, S., Macher, G., Messnarz, R.: Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: a case study. J. Univ. Comput. Sci. 27(8), 830–849 (2021).https://lib.jucs.org/article/72367/

  5. Ebert, C.: Efficient implementation of standards for security, safety and UNECE. ATZelectronics Worldwide 15(9), 40–43 (2020)

    Article  Google Scholar 

  6. Groza, B., Murvay, P.: Identity-based key exchange on in-vehicle networks: CAN-FD and FlexRay. Sensors 19(22), 4919 (2019). https://doi.org/10.3390/s19224919

    Article  Google Scholar 

  7. intacs HW Spice, intacs Working Group HW Engineering Processes (2019)

    Google Scholar 

  8. intacs Process Assessment Model SPICE for Mechanical Engineering, intacs Working Group MECH Engineering Processes (2020)

    Google Scholar 

  9. ISO/IEC (2019) ISO/IEC 33020 Information technology - Process assessment - Process measurement framework for assessment of process capability

    Google Scholar 

  10. ISO/SAE (2020) ISO/SAE DIS 21434, Strassenfahrzeuge, Cybersecurity Engineering

    Google Scholar 

  11. Jadhav, A.: Automotive cybersecurity. In: Kathiresh, M., Neelaveni, R. (eds.) Automotive Embedded Systems. EICC, pp. 101–114. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-59897-6_6

    Chapter  Google Scholar 

  12. Kim, S., Shrestha, R.: Introduction to automotive cybersecurity. In: Automotive Cyber Security, pp. 1–13. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_1

    Chapter  Google Scholar 

  13. Laborde, R., Bulusu, S.T., Wazan, A.S., Oglaza, A., Benzekri, A.: A methodological approach to evaluate security requirements engineering methodologies: application to the IREHDO2 project context. J. Cybersecurity Priv. 1(3), 422–452 (2021). https://doi.org/10.3390/jcp1030022

    Article  Google Scholar 

  14. Magdy, E.: A-SPICE for cybersecurity: analysis and enriched practices. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 564–574. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_37

    Chapter  Google Scholar 

  15. Macher, G., Schmittner, C., Dobaj, J., Armengaud, E.: An Integrated View on Automotive SPICE and Functional Safety and Cyber-Security, (SAE Technical Paper) (2020). https://doi.org/10.4271/2020-01-0145

  16. MacGregor, J., Burton, S.: Challenges in assuring highly complex, high volume safety-critical software. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 252–264. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_22

    Chapter  Google Scholar 

  17. Messnarz, R., Ekert, D., Zehetner, T., Aschbacher, L.: Experiences with ASPICE 3.1 and the VDA automotive SPICE guidelines – using advanced assessment systems. In: Walker, A., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2019. CCIS, vol. 1060, pp. 549–562. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-28005-5_42

    Chapter  Google Scholar 

  18. Messnarz, R., et al.: First experiences with the automotive SPICE for cybersecurity assessment model. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 531–547. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_35

    Chapter  Google Scholar 

  19. Moselhy, N., Ali, Y.: Impact of the new A-SPICE appendix for cybersecurity on the implementation of ISO26262 for functional safety. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 122–136. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_9

    Chapter  Google Scholar 

  20. Petho, Z., Khan, I., Torok, Á.: Analysis of security vulnerability levels of in-vehicle network topologies applying graph representations. J. Electr. Test. 1–9 (2022). https://doi.org/10.1007/s10836-021-05973-x

  21. Schlager, C., Macher, G.: The cybersecurity extension for ASPICE - a view from ASPICE assessors. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 409–422. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_27

    Chapter  Google Scholar 

  22. Schlager, C., Macher, G., Messnarz, R., Ekert, D., Brenner, E.: Reduce Time Performing an Assessment - Considering Work Products. In: Yilmaz, M., Clarke, P., Messnarz, R., Wöran, B. (eds) Systems, Software and Services Process Improvement. EuroSPI 2022. Communications in Computer and Information Science, vol. 1646, pp. 540–552. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15559-8_39

  23. Singh, M.: Cybersecurity in automotive technology. In: Information Security of Intelligent Vehicles Communication. SCI, vol. 978, pp. 29–50. Springer, Singapore (2021). https://doi.org/10.1007/978-981-16-2217-5_3

    Chapter  Google Scholar 

  24. SOQRATES, Task Forces Developing Integration of Automotive SPICE, ISO 26262, ISO21434 and SAE J3061. http://soqrates.eurospi.net/

  25. VDA QMC: Automotive SPICE Process Reference Model/Process Assessment Model (2015)

    Google Scholar 

  26. VDA QMC: Automotive Spice Guidelines 2nd Edition (2017)

    Google Scholar 

  27. VDA QMC: Automotive SPICE for Cybersecurity, 1st ed (2021)

    Google Scholar 

  28. VDA QMC: Automotive SPICE for Cybersecurity Process Reference and Assessment Model (2021)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Graz, Rechbauerstrasse 12, 1010, Graz, Austria

    Christian Schlager, Georg Macher & Eugen Brenner

  2. ISCN, Schiessstattgasse 4, 8010, Graz, Austria

    Richard Messnarz

  3. Bosch, Robert-Bosch-Allee 1, 74232, Abstatt, Germany

    Ralf Mayer

Authors
  1. Christian Schlager
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ralf Mayer
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Eugen Brenner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Schlager .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schlager, C., Macher, G., Messnarz, R., Mayer, R., Brenner, E. (2023). Reducing Time for Performing ASPICE Assessments. In: Arai, K. (eds) Advances in Information and Communication. FICC 2023. Lecture Notes in Networks and Systems, vol 651. Springer, Cham. https://doi.org/10.1007/978-3-031-28076-4_38

Download citation

Publish with us

Policies and ethics