Safety goals in vehicle security analyses

Ensuring safety is the most important objective of security in the automotive domain. However, security analyses often lack systematic input from functional safety. We provide a method for integrating safety goals identified in the Hazard Analysis and Risk Assessment (HARA) from functional safety in a well-established Threat Analysis and Risk Assessment (TARA) for security. Our method treats safety goals as additional security goals and analyzes them in the same way as the other security goals identified by the TARA. By this means, violations of safety goals by a malicious attack are evaluated with respect to their feasibility in terms of attack potential according to Common Criteria. Furthermore, we propose a metric to quantify the security risk with safety impact based on the severity and controllability values from the Automotive Safety Integrity Level (ASIL) ratings done by safety experts in the HARA. We apply our proposal to an Automated Emergency Braking system to demonstrate how it increases the completeness and accuracy of security analyses with respect to vehicle/system safety based on expert safety ratings

The Challenge of being safe and secure

On the one hand, the increasing complexity and connectivity due to the evolution of driver assist functions up to autonomously driving vehicles and their additional connection to external networks is a challenge for safety and security. Generally, we assume that a secure environment is a precondition for safety. On the other hand, the implementation of security measures could lead to violations of safety and introduced safety measures may also have an additional security impact. A close cooperation between the domains safety and security is mandatory for developing safe and secure systems and can be supported by wellestablished analysis techniques. Therefore, we propose suitable process interfaces between both domains, as well as appropriate methods and related work products for cooperation. In our publication, we demonstrate how to systematically reuse the safety analyses outputs in the security domain in a five-step approach and how to analyze the impact of security measures in the safety context. With our approach the completeness, correctness, and consistency of safety and security analyses will be improved

A supplier’s perspective on threat analysis and risk assessment according to ISO/SAE 21434

Since its recent publication in August 2021, the new international standard $\it ISO/SAE 21434$ Road vehicles – Cybersecurity engineering has become the leading standard for security engineering in automotive domains. It defines comprehensive requirements for analysis, processes, and management of security-related tasks in designing, developing, producing, and maintaining vehicles. Within the first few months of applying the standard as a tier 1 supplier, we have been able to gain relevant experience in our daily work. In this paper, we present some of these insights concerning the application of the standard to threat analysis and risk assessment, especially from a supplier’s point of view. We discuss limitations of the standard with respect to impact and risk estimation for threats, realistic and consistent attack feasibility rating of attacks, and technical communication interfaces with our customers. Further, we present our ideas on how these limitations can be overcome by supplying specific interpretations of the standard and the extending examples in its annex