Für die Optimierung dieser Website verwenden wir Cookies. Durch die weitere Nutzung stimmen Sie der Verwendung von Cookies zu: Cookies akzeptieren. Weitere Informationen finden Sie hier.
Bitte aktivieren Sie das Setzen von Cookies für diese Website.

Mitteilungen und Termine Vector Consulting Services GmbH

News & Termine

Vector presents at international Automotive Safety and Security Conference (Stuttgart, 30. May 2017)

Risk-Oriented Security Engineering

Speakers:
Dominik Lieckfeldt, Vector Consulting Services
Christof Ebert, Vector Consulting Services

Automotive Safety and Security 2017, Stuttgart
Date: Tue. 30. May 2017

Topic:
Risk-Oriented Security Engineering

Safety needs Security. Functional safety and cyber security are increasingly converging. Critical functions with back-end and cloud services require that safety is considered together with security. Functional safety requires cyber security, whether it comes to vehicles, medical technology and automation. Here are requirements for safety and thus a comprehensible with consistent and continuous Requirements Engineering at its center. The aim of the integrated development of Safety and Security is to develop functions that react as robust as possible on technical and human errors as well as external attacks and so limit the risk of hazardous situations to an acceptable level.

Risk-oriented security addresses security risk in a "best-possible" way, thus balancing the critical needs for robustness and hardening systems, while balancing cost trade-off. We orient our approach towards alignment with functional safety, thus combining principlesd of TARA with HARA and achieving a cost-efficient solution.

With risk-oriented security, safety-critical solutions are systematically developes and evaluated for functional safety and cyber security in parallel. Methodological procedures for ensuring consistency, traceability, verification, testing and modeling guidance should be applied together. Procedures such as "Common Criteria" in information technology can be extended for functional safety and specific applications - and are thus cost-reflective. A semiformal specification of safety and security requirements together with a suitable tool support helps to keep the complexity and expenses manageable.

Our presentation shows with practical industry experience of Vector and Hella how the dependencies and interactions between safety and security requirements in Safety-Security Engineering methodically and systematically be considered. First, we describe a practical approach to the safety requirements. We limit these excerpts deliberately to the creation of the security functional requirements, as the early stages are characteristic for the rest of the procedure. On this basis we integrate development for safety and security requirements. The advantages of an integrated safety and security engineering methodology are illustrated tool based on a specific example.

Here are the key benefits of our joint safety and security engineering:

  • Completeness. Since quality requirements interact with functional requirements, integrated development allows completeness checks.
  • Consistency. Solutions often build a weak compromise or because the details are not yet fully aligned. Thus one can not design a system. Security checks are helpful because of their negative view in the application of scenarios such superficialities and call for more accuracy.
  • Testability. Quality requirements can be accurate and complete, yet not testable because certain conditions have not yet been clarified quantitatively. Testers are especially keen to know the later acceptance criteria in the requirements. In the safety and security analysis boundary conditions and quality requirements are the same questions as functional requirements. With the boundary conditions then the essential conditions for testing and validation, and thus an efficient, yet effective testing are also prepared equal. 
  • Cost effectiveness. Often security and saety are fully split and thus handled ineffiiciently. Early analysis of the requirements for safety and security together with the functional requirements of a system will take all assumptions about solutions and constraints, and thus allow for cost effective engineering - all the way through service.

This presentation provides a good overview of the methodology and state of the art of Securty Engineering. Many lessons learned from practical help to transfer to your own environment. Come meet our Vector experts and discuss your chalenges.

Target audience:
Engineers, safety and security experts, architects, developers, project managers

Pre-Conditions:
Basic knowledge of Safety and Security

Benefits for audience:

  • Overview of the methodology and state of the art for safety- and security-oriented Engineering
  • Industrial experience from different sectors help to transfer in their own environment
  • Specific application examples and tips show the pitfalls as well as the methodology is implemented effectively.


Agenda:
1) Motivation, introduction to the topic and challenges
2) development of safety and security requirements
3) Interactive Case Study
4) examination and consistent implementation
5) practical example to ADAS
6) experiences, benefits and best practices
7) implementation in their own practice

Authors:

Dominik Lieckfeldt is a consultant at Vector. He helps companies worldwide with functional safety and cyber-security. Previously, he worked in engineering positions, most recently in software security.

Christof Ebert is managing director at Vector. He helps companies worldwide to improve their product development and product strategy, and change management. Previously, he worked for ten years in international management positions, most recently with worldwide responsibility for software platforms. Prof. Dr. Ebert sits on various supervisory boards, teaches at the University of Stuttgart and is author of the German standard book "Systematic Requirements Engineering".

Read our white papers and experience reports on Safety and Cyber Security