Seminar: Automotive Cybersecurity

The topic of cybersecurity has become increasingly relevant in recent years. Current standards, such as ISO/SAE 21434 or the requirements of UN ECE R154/155, mean that security has become highly relevant for state-of-the-art automotive engineering. Ultimately, however, protection against malicious attacks via data interfaces serves the purpose of functional safety.

This seminar, which is aimed at developers with cybersecurity requirements, security engineers, and safety/security quality managers, teaches the basics of automotive security engineering in relation to ISO/SAE 21434 and provides an outlook on integration with safety engineering using STPA (Systems Theoretic Process Analysis).

Inhouse seminar for up to 13 participants; dates by individual arrangement.

The seminar documents are provided in English.

The seminar itself can be held either in German or in English.

Each participant will receive a certificate of attendance.

Embedded Security

Learning Goals

• What is security? How does it differ from safety and other system properties?
• Why security is so hard to manage

Importance of Security Engineering for Embedded Automotive Systems

• “Security for Safety”
• Increasing importance of information assets and data protection

Special Features of Security Compared to Other Non-Functional Properties

• Lack of invariance to refinement or aggregation
• Lack of product metrics for security
• Lack of stochastic predictability
• Lack of restriction of attacks to the original system architecture or to the intended functional principle

Process Model for Security Requirements Engineering

Learning Goals

• Introduction to the basic terminology (stakeholder, asset, threat, security policy, security assumptions, security goals, security requirement, ...)
• Basic process model:
  • Systematic derivation of the security problem to be solved
  • Systematic derivation of security goals and security requirements from the security problem
  • Requirements on the security problem
• Useful notations for requirements elicitation and threat analysis

Asset Elicitation

• Various types of assets
• STPA control structure model as an aid for asset identification

Threat Analysis

• Threat = {Agent, Asset, Adverse Action}
• Notation: threat matrix

Security Policies

• Role of policies as the source of security requirements

Security Assumptions, Claims

• Role of assumptions in requirements analysis
• Examples of security assumptions

Security Objectives, Goals

• Derivation of goals from threats, policies, and assumptions
• Notation: TPAxO Matrix

Refinement of Security Requirements Goals

• Coverage of all goals
• Notation: Requirements Matrix

Further Considerations

• Composition of security sub-analyses

System-Theoretic Process Analysis (STPA)

Learning Goals

• STPA as a method for the security- and safety analysis of cyber-physical systems
• STPA control structure model as a contribution of STPA to the process model according to seminar unit 2
• STPA as a link between safety and security as well as between developers and analysts

STPA Basics

• Weaknesses of established analysis methods

Control-Structure Modeling

• Concept of the hierarchical control structure
• Exercise: Modeling of a Cooperative Adaptive Cruise Control as a control structure model

From the Control Structure to the Security Problem to the Security Requirements

• Derivation of assets, vulnerabilities, threats, and security objectives from the control structure

Outlook: STPA as a Bridge between Safety and Security

• HARA / TARA
• Security for Safety

Positioning of the Process Model in the ISO/SAE 21434 Framework

Learning Goals

• Important activities according to ISO/SAE 21434 from the supplier perspective
• Positioning of the process model and STPA

Structure of ISO/SAE 21434

• Lifecycle phases like V-Model view
• Basic requirements in each phase
• Mirroring of the requirements for UN/ECE R155
• Integration into quality management according to Automotive SPICE

Contribution of the Process Model to the ISO/SAE 21434 Framework

• Item definition
• TARA
• Security concept