Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt

Towards Digital Twin-enabled DevOps for CPS providing Architecture-Based Service Adaptation & Verification at Runtime

Industrial Product-Service Systems (IPSS) denote a service-oriented (SO) way of providing access to CPS capabilities. The design of such systems bears high risk due to uncertainty in requirements related to service function and behavior, operation environments, and evolving customer needs. Such risks and uncertainties are well known in the IT sector, where DevOps principles ensure continuous system improvement through reliable and frequent delivery processes. A modular and SO system architecture complements these processes to facilitate IT system adaptation and evolution. This work proposes a method to use and extend the Digital Twins (DTs) of IPSS assets for enabling the continuous optimization of CPS service delivery and the latter's adaptation to changing needs and environments. This reduces uncertainty during design and operations by assuring IPSS integrity and availability, especially for design and service adaptations at CPS runtime. The method builds on transferring IT DevOps principles to DT-enabled CPS IPSS. The chosen design approach integrates, reuses, and aligns the DT processing and communication resources with DevOps requirements derived from literature. We use these requirements to propose a DT-enabled self-adaptive CPS model, which guides the realization of DT-enabled DevOps in CPS IPSS. We further propose detailed design models for operation-critical DTs that integrate CPS closed-loop control and architecture-based CPS adaptation. This integrated approach enables the implementation of A/B testing as a use case and central concept to enable CPS IPSS service adaptation and reconfiguration. The self-adaptive CPS model and DT design concept have been validated in an evaluation environment for operation-critical CPS IPSS. The demonstrator achieved sub-millisecond cycle times during service A/B testing at runtime without causing CPS operation interferences and downtime.Comment: Final published version appearing in 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2022

Systematic pattern approach for safety and security co-engineering in the automotive domain

Future automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. Unfortunately, there is lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To remediate this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. The application of a combined safety and security pattern engineering workflow is shown and demonstrated by an automotive use case scenario

Safety of the Intended Functionality Concept Integration into a Validation Tool Suite

Nowadays, the increasing complexity of Advanced Driver Assistance Systems (ADAS) and Automated Driving (AD) means that the industry must move towards a scenario-based approach to validation rather than relying on established technology-based methods. This new focus also requires the validation process to take into account Safety of the Intended Functionality (SOTIF), as many scenarios may trigger hazardous vehicle behaviour. Thus, this work demonstrates how the integration of the SOTIF process within an existing validation tool suite can be achieved. The necessary adaptations are explained with accompanying examples to aid comprehension of the approach

Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.Web of Science27884983

Integrating Automotive Hazard and Threat Analysis Methods: How Does This Fit with Assumptions of the SAE J3061.

International audienc

A Lightweight Meta-Model to Support Automotive Systems and Software Engineering

International audienceModern automotive systems exhibit an increased level of automation as well as an ever-tighter integration with other vehicles, traffic infrastructure and cloud services. Novel features, such as advanced driver assistance systems or automated driving functions, drive the need to master the increased complexity of these systems and ensure consistency of the development along the entire product life cycle.Model-based development (MBD) is still the most promising approach to tackle these issues and support development of system-wide features (such as safety and security). With MBD approaches, the model become the central role for analysis and construction of system under development and for information exchange between stakeholders. Unfortunately, many existing automotive meta-models are enormously complex and tedious to use in efficient manner. This is especially cumbersome in European R&D project cooperation, when different institutions with different field of expertise and diverse tool- and process- setups are required to work together. erefore, this paper aims at improving the information interchange continuity of architectural designs from system development level to software development level with the elementary meta-model required to support systems and software engineering for embedded automotive systems. The presented UML model supports managing of development artifacts and seamless information interchange across tool boundaries to merge heterogeneous tools required for the development of automotive multi-core software.The aim of this work is to improve the information interchange continuity of architectural designs from system development level to software development level with the minimalistic meta-model required to support systems, safety, and software engineering for embedded automotive multi-core systems. The presented UML model supports managing of development artifacts and seamless information interchange across tool boundaries to merge heterogeneous tools required for the development of automotive multi-core software

A Method for Deriving Technical Requirements of Digital Twins as Industrial Product-Service System Enablers

International audienc

Integrated design for tackling safety and security challenges of smart products and digital manufacturing

International audienceThe Internet of Things (IoT) is the key facilitator for digital manufacturing (Industry 4.0, Cyber-physical Systems), as well as for smart, intelligent products, services and processes. In the IoT, increasingly many product and process functions become safety-critical and exposed to IT security attacks. This adds tremendous complexity to product and process design, which this paper shows by using the automotive sector as a particularly challenging example. The article proposes a new logic and method for tackling the major challenges of design for functional safety and IT security which is essentially based on reducing the design solutions' complexities by integration

Towards DevOps for Cyber-Physical Systems (CPSs): Resilient Self-Adaptive Software for Sustainable Human-Centric Smart CPS Facilitated by Digital Twins

International audienceThe Industrial Revolution drives the digitization of society and industry, entailing Cyber-Physical Systems (CPSs) that form ecosystems where system owners and third parties share responsibilities within and across industry domains. Such ecosystems demand smart CPSs that continuously align their architecture and governance to the concerns of various stakeholders, including developers, operators, and users. In order to satisfy short-and long-term stakeholder concerns in a continuously evolving operational context, this work proposes self-adaptive software models that promote De-vOps for smart CPS. Our architectural approach extends to the embedded system layer and utilizes embedded and interconnected Digital Twins to manage change effectively. Experiments conducted on industrial embedded control units demonstrate the approach's effectiveness in achieving submillisecond real-time closed-loop control of CPS assets and the simultaneous high-fidelity twinning (i.e., monitoring) of asset states. In addition, the experiments show practical support for the adaptation and evolution of CPS through the dynamic reconfiguring and updating of real-time control services and communication links without downtime. The evaluation results conclude that, in particular, the embedded Digital Twins can enhance CPS smartness by providing service-oriented access to CPS data, monitoring, adaptation, and control capabilities. Furthermore, the embedded Digital Twins can facilitate the seamless integration of these capabilities into current and future industrial service ecosystems. At the same time, these capabilities contribute to implementing emerging industrial services such as remote asset monitoring, commissioning, and maintenance