Skip to main content
SpringerLink
Log in
Book cover

International Conference on Computer Safety, Reliability, and Security

SAFECOMP 2017: Computer Safety, Reliability, and Security pp 273–285Cite as

Automotive SPICE, Safety and Cybersecurity Integration

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 10489))

Abstract

Currently developed automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Thus, just as safety became a critical part of the development in the late 20th century, the automotive domain must now consider cyber-security as an integral part of the development of modern vehicles. Novel features, such as advanced driver assistance systems or automated driving functions drive the need for built-in security solutions and cyber-security aware system design. Unfortunately, there is still a lack of experience with security concerns in the context of safety engineering in general and in the automotive safety departments in particular. A European partnership developed a skill set, training materials and best practices for ISO 26262 in the context of the EU project SafEUr. This working party (SoQrates working group) shares knowledge and experiences and integrated the Automotive SPICE assessment model with functional safety requirements, which was further used in integrated Automotive SPICE and safety assessments. The members of the SoQrates working group are, to a large extent, certified Automotive SPICE assessors dealing with security-related project in practice. From 2016 onwards, the SoQrates working party started to analyse the SAE J3061 cyber-security guidebook and integrated the additional requirements of SAE J3061 into this assessment model. This paper will summarise the previous results and extensions of the assessment model and the working group’s vision, how an Automotive SPICE assessor can support also the auditing of projects with close security relation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. SOQRATES Task Forces Developing Integration of Automotive SPICE, ISO 26262 and SAE J3061. http://soqrates.eurospi.net/

  2. Greenberg, A.: Hackers Remotely Kill a Jeep on the Highway-With Me in It, July 2015. wired.com

  3. ISO: International Organization for Standardization: IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems (2010)

    Google Scholar 

  4. ISO: International Organization for Standardization: IEC 60812 Analysis techniques for system reliability - Procedure for failure mode and effects analysis (FMEA) (2006)

    Google Scholar 

  5. ISO: International Organization for Standardization: IEC 61025 Fault tree analysis (FTA), December 2006

    Google Scholar 

  6. ISO: International Organization for Standardization: IEC 62443 - Industrial Communication Networks Network and System Security (2009)

    Google Scholar 

  7. ISO: International Organization for Standardization: ISO 26262 Road vehicles Functional Safety Part 1–10 (2011)

    Google Scholar 

  8. ISO: International Organization for Standardization: SS 7740 Road Vehicles Functional Safety Process Assessment Model (2012)

    Google Scholar 

  9. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: Design, Automation Test in Europe Conference Exhibition (DATE), 2015, pp. 621–624, March 2015

    Google Scholar 

  10. Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). doi:10.1007/978-3-319-45477-1_11

    Chapter  Google Scholar 

  11. Macher, G., Armengaud, E., Kreiner, C., Brenner, E., Schmittner, C., Ma, Z., Martin, H., Krammer, M.: Integration of security in the development lifecycle of dependable automotive CPS. In: Druml, N., Genser, A., Armin, K., Menghin, M., Hoeller, A. (eds.) Handbook of Research on Solutions for Cyber-Physical Systems Ubiquity. IGI Global, Hershey (2017)

    Google Scholar 

  12. Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_21

    Chapter  Google Scholar 

  13. Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A comprehensive safety, security, and serviceability assessment method. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9337, pp. 410–424. Springer, Cham (2015). doi:10.1007/978-3-319-24255-2_30

    Chapter  Google Scholar 

  14. Macher, G., Messnarz, R., Armengaud, E., Riel, A., Brenner, E., Kreiner, C.: Integrated safety and security development in the automotive domain. In: SAE Technical Paper. SAE International (2017). http://papers.sae.org/2017-01-1661/

  15. Macher, G., Riel, A., Kreiner, C.: Integrating HARA and TARA - How Does this Fit with Assumptions of the SAE J3061. Software Quality Professional (2016)

    Google Scholar 

  16. Macher, G., Sporer, H., Brenner, E., Kreiner, C.: Supporting Cyber-Security Based on Hardware-Software Interface Definition. In: Kreiner, C., O’Connor, R.V., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. CCIS, vol. 633, pp. 148–159. Springer, Cham (2016). doi:10.1007/978-3-319-44817-6_12

    Chapter  Google Scholar 

  17. Messnarz, R., König, F., Bachmann, V.O.: Experiences with trial assessments combining automotive spice and functional safety standards. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 266–275. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31199-4_23

    Chapter  Google Scholar 

  18. Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39179-8_29

    Chapter  Google Scholar 

  19. Messnarz, R., Kreiner, C., Macher, G., Walker, A.: Extending automotive SPICE 3.0 for the use in ADAS service architectures. J. Softw.: Evolution Process 29, 17–27 (2017)

    Google Scholar 

  20. Microsoft Corporation: The STRIDE Threat Model (2005). http://msdn.microsoft.com/en-us/library/ee823878%28v=cs.20%29.aspx

  21. Messnarz, R., Kreiner, C., Bachmann, O., Riel, A., Dussa-Zieger, K., Nevalainen, R., Tichkiewitch, S.: Implementing functional safety standards – experiences from the trials about required knowledge and competencies (SafEUr). In: McCaffery, F., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2013. CCIS, vol. 364, pp. 323–332. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39179-8_29

    Chapter  Google Scholar 

  22. Riel, A., Bachmann, V.O., Dussa-Zieger, K., Kreiner, C., Messnarz, R., Nevalainen, R., Sechser, B., Tichkiewitch, S.: EU project SafEUr – competence requirements for functional safety managers. In: Winkler, D., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2012. CCIS, vol. 301, pp. 253–265. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31199-4_22

    Chapter  Google Scholar 

  23. The SPICE User Group: Automotive SPICE Process Assessment/Reference Model V3.0, July 2015. http://www.automotivespice.com/fileadmin/software-download/Automotive_SPICE_PAM_30.pdf

  24. Vehicle Electrical System Security Committee: SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems, http://standards.sae.org/wip/j3061/

Download references

Acknowledgments

This work is supported by the \(EMC^2\) project. The research leading to these results has received funding from the ARTEMIS Joint Undertaking under grant agreement nr 621429 (project \(EMC^2\)).

Furthermore, we would like to express our thanks to our supporting partners, the experts of the SoQrates working group.

Author information

Authors and Affiliations

  1. AVL List GmbH, Graz, Austria

    Georg Macher

  2. Elektrobit Germany, Erlangen, Germany

    Alexander Much

  3. EMIRAcle, Grenoble, France

    Andreas Riel

  4. ISCN GesmbH/LTD, Dublin, Ireland

    Richard Messnarz

  5. Graz University of Technology, Graz, Austria

    Christian Kreiner

Authors
  1. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Much
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Riel
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Richard Messnarz
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christian Kreiner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Georg Macher .

Editor information

Editors and Affiliations

  1. Fondazione Bruno Kessler, Trento, Italy

    Stefano Tonetta

  2. Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  3. Thales Transportation Systems GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Macher, G., Much, A., Riel, A., Messnarz, R., Kreiner, C. (2017). Automotive SPICE, Safety and Cybersecurity Integration. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66284-8_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66283-1

  • Online ISBN: 978-3-319-66284-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation