Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
V1.10 | 2020-05-27
Dr. Arnulf Braatz/Andreas Horn, May 27th 2020
Automotive Cybersecurity for Safety Experts - ISO 26262 & ISO SAE 21434Webinar
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Webinar: Automotive Cybersecurity for Safety Experts
Welcome and Introduction
Technical Notes
Audio
There should be music to hear.
If the audio transmission over the Internet is not
working, ask for the participation in a conference call.
Contact the "host" in the "chat" window.
Screen
Disable your screen saver.
Feedback & communication
Open and review the "chat" window to get all organizational messages of the "hosts".
Use the "chat" window to the "host" to contact all organizational WebEx and transfer requests or disturbances.
Use the "Q & A" window instead of the "chat" window for substantive questions about the webinar.
Ask your questions at "All Panelists". Questions are answered online during and after the presentation.
Slides & Presentation
Within 1-2 days after the webinar, you will receive a link to the slides and additional information.
After the webinar a link will guide you to a feedback form.
We are looking forward to receiving your feedback to continuously improve our services.
Speaker: Q&A:Dr. Arnulf Braatz Andreas Horn
2/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Vector Group
Welcome and Introduction
ItalyMilano
USADetroit
FranceParis
GermanyStuttgart, Brunswick, Hamburg, Karlsruhe, Munich, Regensburg
JapanTokyo, Nagoya
KoreaSeoul
SwedenGothenburg
ChinaShanghai
IndiaPune
Great BritainBirmingham
AustriaVienna
BrazilSão Paulo
DevelopmentVector provides tools for developing, testing, calibration and diagnostics as well as software components and development services.
NetworkingVector provides components and engineering services for the networking of electronic systems.
OptimizationVector provides a comprehensive consulting portfolio as well as suitable tools support.
Vector Consulting ServicesWorldwide, 20 consultants
Vector Group
2978 employees
Date: Jan. 2020
@VectorVCS
3/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Safety & Security
Vector provides tailored consulting solutions to keep OEM and suppliers competitive:
Efficiency – Quality – Competences
Welcome and Introduction
Vector Client Survey 2020: Risk of vicious circle
Vector Client Survey 2020. Details: www.vector.com/trends.
Horizontal axis shows short-term challenges; vertical axis shows mid-term challenges.
Sum > 300% due to 5 answers per question. Strong validity with 4% response rate of 2000 recipients from
different industries worldwide.
Vicious cycle: > cost pressure > lack of competences > less innovation and quality
Innovative productsCompetencesand knowledge
Cost andefficiency
Flexibility
Distributeddevelopment
Complexity
Digital transformation
Quality
Others
0%
10%
20%
30%
40%
50%
60%
70%
0% 10% 20% 30% 40% 50% 60% 70%
Lo
ng
-term
ch
all
en
ges
Short-term Challenges
4/24
http://www.vector.com/trends
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Welcome and Introduction
Main Concepts of Safety & Security
Similarities of Functional Safety & Cybersecurity
Differences between Functionals Safety & Cybersecurity
Conclusions and Outlook
Agenda
5/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Typical Vehicle Scenarios
Main Concepts of Safety & Security
Unreliable Scenarios
Unsafe Scenarios
Triggering Event
e.g. pedestrian not detected
Internal Failure
Unsecure Scenarios
Attack
To avoid such scenarios is one goal of automotive system engineering activities.
6/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Emergent System Property: Availability, Safety & Security
Main Concepts of Safety & Security
Unsecure Scenarios
(Security)
Unreliable Scenarios
(Availability)
Unsafe Scenarios
(Safety)
According: Engineering a Safer World, The MIT Press, Nancy G. Leveson, 2011
Functional Safety
ISO 26262
Security-related but QM
ISO SAE 21434/SAE J3061-2016
International engineering standards are available to cover E/E emergent system properties.
SOTIF
ISO/PAS 21448
QM
SPICE
IATF 16949
ISO 9001
…
Cybersecurity attacks on Safety
ISO SAE 21434/SAE J3061-2016
Privacy as an security property is also part of ISO SAE 21434
7/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Relationship of Cybersecurity & Functional Safety
Main Concepts of Safety & Security
By Design: Management & Engineering methods of Functional-safety & Cybersecurity are overlapping
FS Management & FS Engineering Methods
(ISO 26262)
Cybersecurity Management & Cybersecurity Engineering
Methods
(SAE J3061, ISO SAE 21434)
Systems Engineering
System Attributes: Functional-safety related system is part of Cybersecurity related system
Functional-safety (FS) related (ISO 26262)
Cybersecurity related
(SAE J3061, ISO SAE 21434)
8/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Vehicle Level: Cybersecurity & Functional Safety
Main Concepts of Safety & Security
= systematic & random faults of HW &SW (ISO 26262) = Cybersecurity Attacks (ISO SAE 21434)
Functional Safety: Methods required to minimize the risk down to residual risk, that a mal-function of the EE system violates a safety goal.
Cybersecurity: Methods to manage cybersecurity risks (threads) for road vehiclesthroughout engineering, production, operation, maintenance and decommissioning.
Attack via GSM and cloud services on TCU
Attack via Bluetooth on OBD
Safety & Security on the vehicle following a risk based approach which impacts engineering
methods.
9/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Today’s Situation: Engineering Lifecycle of Security & Functional Safety Standards
Main Concepts of Safety & Security
?
HW/SW
CyberSecurity according ISO SAE 21434 (Draft DIS)
Hazard & Risk
Assessment
Safety Goals
Functional Safety-Concept
Item Definition
Technical Safety-Concept
HW/SW safety
requirements
System Integration Test Safety
Item Integration Test Safety
Validate Safety Goals
Safety Case
Safety ActivityVerification on Unit Level
Production, operation, service &
decommissioning
Automotive Functional Safety:
ISO 26262:2018
Cybersecurity Concept
System cybersecurity requirements
HW/SW cybersecurity requirements
System Integration
Test Security
Item Integration
Test Security
Cybersecurity Validation, Pen
Tests
Approval of the release for post-
development
Cybersecurity Activity
Verification on Unit Level
Production, operations, maintenance &
decommissioningAutomotive Cybersecurity:
ISO 21434 (Draft Standard)
SAE J3061-2016 (Guideline)
General Cybersecurity:
ISO 15408 (Common Criteria)
ISO 27001, TISAX (IT Security)
Books: e.g. Threat Modelling, Adam Shostack, Wiley 2014
Item Definition & Asset
Identification
Threat & Risk
Assessment
Cybersecurity Goals
10/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Comparison: ISO 26262 & ISO SAE 21434
Main Concepts of Safety & Security
9. ASIL-oriented and safety-oriented analyses
3. Concept phase
4. Product development at the system level
5. Product development
at the hardware
level
6. Product development
at the software
level
12. Adaption of ISO 26262
for motorcycles
1. Vocabulary
2. Management of functional safety
Chapter 3: Terms and abbreviations
Chapter 5: Overall cybersecurity management
Chapter 6: Project dependent cybersecurity management
Chapter 7: Continuous cybersecurity activities
Cybersecurity events & Vulnerabilities
8. Supporting processes Chapter 15: Distributed cybersecurity activities
10. Guideline on ISO 26262 11. Application of ISO 26262 to semiconductor
Annex A-J: informative
Chapter 8:Risk
assessment methods
Chapter 9:Concept Phase
Chapter 10:Product
Development
Chapter 11:
Cyber-security
validation
SW/HW
level
Chapter 13:Operations
and maintenance
Chapter 14:Decommis-
sioning
7. Production
and operation
Chapter 12:Production
Overlap of same System engineering approach.
11/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Welcome and Introduction
Main Concepts of Safety & Security
Similarities of Functional Safety & Cybersecurity
Differences between Functionals Safety & Cybersecurity
Conclusions and Outlook
Agenda
12/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Cybersecurity management & Safety management
Similarities of Functional Safety & Cybersecurity
Pla
nnin
g
Tracking
Cybersecurity Plan
Plans Code Test-reportsDesign
Project ManagerCybersecurity Responsible
Safety- & Cybersecurity-related Development TeamCoordination
Cybersecurity Case
Evidence of process adherence
Capture
Require-ments
The safety/cybersecurity case is a collection of all security relevant work products.
Input for a safety/cybersecurity assessment and release for production/post-development.
The safety/cybersecurity case provides a structured argument for the achieved degree of safety/cybersecurity
Assessment-reports
ISO SAE 21434 (Draft DIS), chapter 6.1
Safety Manager
Safety Plan
Safety Case
13/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
ISO 26262 Part 3
ISO 26262 Part 4
Safety Goals
SG1 HZ1, HZ3 ASIL B Safety Goal 1
SG2 HZ2 ASIL D Safety Goal 2
... ... ... ...
Functional Safety Requirements
FSR 1 SG1 ASIL B Funct. Safety Req. 1
FSR 2 SG1 ASIL B Funct. Safety Req. 2
... ... ... ...
Functional Safety Concept
Cybersecurity Concept
Flow and sequence of the cybersecurity & safety requirements
Similarities of Functional Safety & Cybersecurity
Allocation of FSRs to architectural elements
Allocation of CSRs to architectural elements
Technical Safety Requirements
TSR 1.1 FSR 1 ASIL B Comp1 Tech. Safety Req. 1.1
TSR 1.2 FSR 1 ASIL B Comp1 Tech. Safety Req. 1.2
... ... ... ... ...
Cybersecurity Controls
CSC 1.1 CSR 1 CAL 1 Comp1 Cybersecurity Control 1.1
CSC 1.2 CSR 1 CAL 1 Comp1 Cybersecurity Control 1.2
... ... ... ... ...
Technical SafetyConcept
Allocation of TSRs to architectural elements
Refinement of Architectural Design
System Architectural Design
Item DefinitionHARA
TARA
ISO SAE 21434, 8-9
Cybersecurity Requirements
CSR 1 SecG1 CAL 1 Cybersecurity Req. 1
CSR 2 SecG1 CAL 1 Cybersecurity Req. 2
... ... ... ...
Cybersecurity Goals
SecG1 Asset 1 CAL 1Cybersecurity Goal 1
SecG2 Asset 2 CAL 3Cybersecurity Goal 2
... ... ... ...
Tra
ceability
Tra
ceability
Allocation of CSCs to architectural elements
ISO SAE 21434, 10
14/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Similarities of Functional Safety & Cybersecurity
Your Questions
Remark: If we are not able to answer your question within the hour we will send you the answer via mail in the coming days!
?
??
? ?
15/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Welcome and Introduction
Main Concepts of Safety & Security
Similarities of Functional Safety & Cybersecurity
Differences between Functionals Safety & Cybersecurity
Conclusions and Outlook
Agenda
16/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Terms & Concepts: Attack Path vs. Path of Effects
Differences between Functionals Safety & Cybersecurity
= Cybersecurity Attacks (ISO SAE 21434/SAE J3061-2016)
Attack: Attempted action or interaction with the vehicle or its environment that has the potential to result in an
adverse consequence.
Attack Path: Set of actions that could lead to the accomplishment of the
threat scenario
Asset: Anything that has value to the product’s stakeholders (and is
contained by SW or HW)
= systematic & random faults of HW &SW (ISO 26262)
Safety requirements are allocated along path of effects, security requirements along the attack path.
itemitem
Path of effects: Set of elements cascades the
fault to item level.
S
A
17/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Terms & Concepts: Vulnerability vs. Failure
Differences between Functionals Safety & Cybersecurity
Failure: Random/systematic fault which leads with a certain probability to a violation of a Safety Goal.
Safety Mechanism: Reducesprobability of safety goal violation.
Vulnerability: Weakness (unknown), which can be exploited by an attacker.
Security Control: Reduces probability of unauthorized access (known) by the attacker.
… Vulnerability detected during testing.
… a how-to to create the exploit is published.
… exploit can be downloaded from a black market.
Vulnerability Analysis & Management are specific to the cybersecurity approach.
Path
of eff
ects
Sensor
ECU
Actuator
Failure
Asset
Att
ack P
ath
ECU
nodeVulnerability
18/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Methods: Attack Tree vs. Fault Tree Analysis (FTA)
Differences between Functionals Safety & Cybersecurity
Threat ScenarioThreat Scenario: Is realizing a sequence of actions (attack path) requiring an underlying vulnerabilities.
Attack Action (AA) 1.1.1 AA 1.1.2 AA 2.1.1 AA 2.1.2
…
Attack Action 2.1
or
Attack Action 1.2Attack Action 1.1
or and
and
Value: Possible/impossible
Attack Action 1 Attack Action 2
or
Attack path according ISO SAE 21434 (Draft DIS), Chapter 8.6.2
FTA & Attack tree can be integrated as a method, but semantics are different.
Attack Path
Atomic Actions
…
and
FTA as Safety Analysis:
FTA and Attack Tree applying same tree-based approach.
Semantics of probability concerning faults/failures is different:
ISO 26262: Two independent faults at the same time are significantly more unlikely compared to a single fault with same FIT rate.
Vulnerability 1 Vulnerability 2
ISO 21434: Two independent vulnerabilities, which are known, do not necessarily reduce likelihood of a successful attack.
ISO 21434: TheAttack Tree covers System, SW & HW level (architecture & Implementation)
ISO 26262: Safety analysis for system, SW & HW are applied on architecture level.
…
19/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Comparison : Established Engineering Methods Safety & Security
FTA
HARA
Requirements-based testing
FMEASystem- & SW Architecture
…
Utilizing shared methods & keeping different approaches focused is the key for efficiency.
HARA= Hazard Analysis & Risk Assessment (ISO 26262-3)
TARA= Threat Analysis & Risk Assessment (SAE J3061-2016)
Differences between Functionals Safety & Cybersecurity
Vulnerability Analysis (e.g. Attack Tree)
TARA
…Fuzz- & PEN Testing
Requirements-based testing
System- & SW Architecture
20/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Welcome and Introduction
Main Concepts of Safety & Security
Similarities of Functional Safety & Cybersecurity
Differences between Functionals Safety & Cybersecurity
Conclusions and Outlook
Agenda
21/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
ISO SAE 21434 & ISO26262 Experience
Conclusions and Outlook
Increasing cybersecurity demand …
Most of OEM´s include ISO26262 compliance in their contracts
… more and more requirements specifications pointing also to ISO SAE 21434
Overlap with ISO 26262 helps to understand the upcoming standard
… but there are a few significant differences concerning concepts and methods
Efficient integration of functional safety & cybersecurity is the efficiency key for OEMs and suppliers.
Cybersecurity has to be built on solid Functional safety processes together with a
competent partner.
22/24
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Vector: Comprehensive Portfolio for Security and Safety
Conclusions and Outlook
Vector Cyber Security and Safety Solutions
Security and Safety Consulting
AUTOSAR Basic Software Tools
(PLM, Architecture, Test, Diagnosis etc.)
Engineering Services for Safety and Security
HW based Security
www.vector.com/safety www.vector.com/security www.vector.com/consulting
23/24
http://www.vector.com/safetyhttp://www.vector.com/securityhttp://www.vector.com/consulting
© 2020. Vector Consulting Services GmbH. All rights reserved. Any distribution or copying is subject to prior written approval by Vector. V1.10 | 2020-05-27
Trainings and media
Training “Functional Safety with ISO 26262”Stuttgart, continuouslywww.vector.com/training-safety
Trainings tailored to your needs available worldwide
Virtual trainings
Free white papers… www.vector.com/media-safety
Vector Forum – Automotive systems & Software for Tomorrow(25 June 2020), on your computer – It is a virtual eventhttps://consulting.vector.com/int/en/company/vector-forum/2020/
Further free Webinars:> 2020-06-16 Functional Safety and SOTIF - Principles and Practice
> 2020-06-17 Automotive Cybersecurity – Challenges and Practical Guidance
https://www.vector.com/int/en/events/webinars/
Vector Safety Solutions
Conclusions and Outlook
24/24
http://www.vector.com/training-safetyhttp://www.vector.com/media-safetyhttps://consulting.vector.com/int/en/company/vector-forum/2020/https://www.vector.com/int/en/events/webinars/