Safety and Security Co-engineering and Argumentation Framework

Automotive systems become increasingly complex due to their functional range and data exchange with the outside world. Until now, functional safety of such safety-critical electrical/electronic systems has been covered successfully. However, the data exchange requires interconnection across trusted boundaries of the vehicle. This leads to security issues like hacking and malicious attacks against interfaces, which could bring up new types of safety issues. Before mass-production of automotive systems, arguments supported by evidences are required regarding safety and security. Product engineering must be compliant to specific standards and must support arguments that the system is free of unreasonable risks. This paper shows a safety and security co-engineering framework, which covers standard compliant process derivation and management, and supports product specific safety and security co-analysis. Furthermore, we investigate process- and product-related argumentation and apply the approach to an automotive use case regarding safety and security.This work is supported by the projects EMC2 and AMASS. Research leading to these results has received funding from the EU ARTEMIS Joint Undertaking under grant agreement no. 621429 (project EMC2), project AMASS (H2020-ECSEL no 692474; Spain’s MINECO ref. PCIN-2015-262) and from the COMET K2 - Competence Centres for Excellent Technologies Programme of the Austrian Federal Ministry for Transport, Innovation and Technology (bmvit), the Austrian Federal Ministry of Science, Research and Economy (bmwfw), the Austrian Research Promotion Agency (FFG), the Province of Styria and the Styrian Business Promotion Agency (SFG)

An Assurance Framework for Independent Co-assurance of Safety and Security

Integrated safety and security assurance for complex systems is difficult for many technical and socio-technical reasons such as mismatched processes, inadequate information, differing use of language and philosophies, etc.. Many co-assurance techniques rely on disregarding some of these challenges in order to present a unified methodology. Even with this simplification, no methodology has been widely adopted primarily because this approach is unrealistic when met with the complexity of real-world system development. This paper presents an alternate approach by providing a Safety-Security Assurance Framework (SSAF) based on a core set of assurance principles. This is done so that safety and security can be co-assured independently, as opposed to unified co-assurance which has been shown to have significant drawbacks. This also allows for separate processes and expertise from practitioners in each domain. With this structure, the focus is shifted from simplified unification to integration through exchanging the correct information at the right time using synchronisation activities

The North American Transportation Security Center – Fedtrak Specifications and Release Plan

Executive Summary In April 2008, the U.S. Transportation Security Administration (TSA) completed work on the TSA Hazmat Truck Security Pilot (HTSP). This congressionally mandated pilot program was undertaken to prove that a hazmat truck tracking center was feasible from a technology and systems perspective. The HTSP project team built a technology prototype of a hazmat truck tracking system to show that “smart truck” technology could be crafted into an effective and efficient system for tracking hazmat shipments. The HTSP project team also built the Universal Communications Interface – the XML gateway for hazmat carriers to use to provide data to a centralized truck tracking center. In August 2007, Congress enacted the 9/11 Act (PL110-53) that directs TSA to develop a program - consistent with the Hazmat Truck Security Pilot - to facilitate the tracking of motor carrier shipments of security-sensitive materials. In June 2008, TSA took a major step forward in establishing a national hazmat security program by issuing guidance for shipments of Tier 1 Highway Security Sensitive Materials (HSSMs), the riskiest shipments from a security perspective. TSA’s Tier 1 HSSM guidance includes Security Action Items which specify security measures – including vehicle tracking – that TSA believes are prudent security measures for shippers and carriers to follow. Compliance with TSA’s Tier 1 HSSM guidance is voluntary but TSA is expected to issue regulations based on the Tier 1 HSSM Security Action Items that will make compliance mandatory. Establishment of a Tier 1 HSSM truck tracking center is critical to implementation of a Tier 1 HSSM regulatory program based on the Security Action items by TSA. The HTSP technology prototype was an excellent first step toward an operational Tier 1 HSSM truck tracking system. However, it falls far short of what TSA needs in an operational system. In an earlier deliverable, the Kentucky Transportation Center (KTC) at the University of Kentucky examined the “gaps” between the HTSP technology prototype and an operational Tier 1 HSSM truck tracking system. TSA needs a Tier 1 HSSM truck tracking system to support its regulatory ambitions, and FedTrak is being built to specifically serve as the implementing tool for TSA’s Tier 1 HSSM regulatory program. Deliverables 1.1 and 1.2 laid the foundation for development of the Specifications and Release plan for FedTrak, a Tier 1 HSSM truck tracking system. The Kentucky Transportation Center (KTC) held joint application design (JAD) sessions in Northern Virginia (June 3-5), in Lexington, KY (June 23-26) and again in Northern Virginia (July 15-16) to support development of the plan. A representative from NIHS attended the meeting in Lexington. This deliverable summarizes those meetings and the development approach the KTC project team will follow in building the FedTrak system. Specifically, this deliverable: summarizes specifications arising from project team JAD sessions (Section 1.2 and Appendix A); describes how “gaps” identified in Deliverable 1.2 will be filled (Section 1.1); and describes the FedTrak project team’s architectural design and development approach (Sections 2, 3 and 4 ). Release plans for the FedTrak shipper/carrier portals, the FedTrak electronic manifest application, and the FedTrak electronic route application are presented under separate cover

component testing

Este relatório/dissertação foi desenvolvido no âmbito do Curso de Mestrado em Engenharia Eletrotécnica, e para a Unidade Curricular de Estágio, e representa o trabalho desenvolvido na empresa Critical Software, no âmbito do projeto interno Railway Embedded Software Validation na área de Component Testing. No projeto em que está envolvido este estágio, visa-se testar componentes do sistema de controlo do comboio (Luzes, Travagem, ...), ou seja, testar se uma das partes dos componentes está a funcionar dentro dos parâmetros exigidos e/ou estabelecidos. Para isso foi necessário passar por um processo de aprendizagem com várias etapas, entre as quais se podem destacar: - como funcionam os comboios; - como são aplicadas as normas; - como são descritos os requisitos necessários para que os comboios funcionem dentro dos parâmetros de segurança. Com isso em perspetiva, foram realizadas atividades de verificação formal, com objetivo fazer a especificação e desenvolvimento dos diversos níveis de teste o sistema. Alguns dos sistemas estudados foram de tração, sistema de travagem, controlos do motorista e de diagnóstico

From Simulation to Runtime Verification and Back: Connecting Single-Run Verification Techniques

Modern safety-critical systems, such as aircraft and spacecraft, crucially depend on rigorous verification, from design time to runtime. Simulation is a highly-developed, time-honored design-time verification technique, whereas runtime verification is a much younger outgrowth from modern complex systems that both enable embedding analysis on-board and require mission-time verification, e.g., for flight certification. While the attributes of simulation are well-defined, the vocabulary of runtime verification is still being formed; both are active research areas needed to ensure safety and security. This invited paper explores the connections and differences between simulation and runtime verification and poses open research questions regarding how each might be used to advance past bottlenecks in the other. We unify their vocabulary, list their commonalities and contrasts, and examine how their artifacts may be connected to push the state of the art of what we can (safely) fly

Developing a distributed electronic health-record store for India

The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India