Safety goals in vehicle security analyses
- Ensuring safety is the most important objective of security in the automotive domain. However, security analyses often lack systematic input from functional safety. We provide a method for integrating safety goals identified in the Hazard Analysis and Risk Assessment (HARA) from functional safety in a well-established Threat Analysis and Risk Assessment (TARA) for security. Our method treats safety goals as additional security goals and analyzes them in the same way as the other security goals identified by the TARA. By this means, violations of safety goals by a malicious attack are evaluated with respect to their feasibility in terms of attack potential according to Common Criteria. Furthermore, we propose a metric to quantify the security risk with safety impact based on the severity and controllability values from the Automotive Safety Integrity Level (ASIL) ratings done by safety experts in the HARA. We apply our proposal to an Automated Emergency Braking system to demonstrate how it increases the completeness and accuracy of security analyses with respect to vehicle/system safety based on expert safety ratings.
Author: | David FörsterGND, Claudia LoderhoseGND, Thomas BruckschlöglGND, Franziska WiemerGND |
---|---|
URN: | urn:nbn:de:hbz:294-66570 |
DOI: | https://doi.org/10.13154/294-6657 |
Parent Title (English): | 17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung) |
Subtitle (English): | a method to assess malicious attacks with safety impact |
Document Type: | Part of a Book |
Language: | English |
Date of Publication (online): | 2019/10/29 |
Date of first Publication: | 2019/10/29 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | Safety Goals; Safety Security Co-engineering; Threat Analysis and Risk Assessment |
First Page: | 74 |
Last Page: | 88 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
Konferenz-/Sammelbände: | 17th escar Europe : embedded security in cars |
Licence (German): | Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |