Safety goals in vehicle security analyses

Ensuring safety is the most important objective of security in the automotive domain. However, security analyses often lack systematic input from functional safety. We provide a method for integrating safety goals identified in the Hazard Analysis and Risk Assessment (HARA) from functional safety in a well-established Threat Analysis and Risk Assessment (TARA) for security. Our method treats safety goals as additional security goals and analyzes them in the same way as the other security goals identified by the TARA. By this means, violations of safety goals by a malicious attack are evaluated with respect to their feasibility in terms of attack potential according to Common Criteria. Furthermore, we propose a metric to quantify the security risk with safety impact based on the severity and controllability values from the Automotive Safety Integrity Level (ASIL) ratings done by safety experts in the HARA. We apply our proposal to an Automated Emergency Braking system to demonstrate how it increases the completeness and accuracy of security analyses with respect to vehicle/system safety based on expert safety ratings