SlideShare a Scribd company logo

Application of the Common Criteria to Building Trustworthy Automotive SDLC

Seungjoo Kim
Seungjoo Kim
Seungjoo KimProfessor at CIST, Korea University

Seungyeon Jeong, Sooyoung Kang, and Seungjoo Kim, "Application of the Common Criteria to Building Trustworthy Automotive SDLC", Proc. of The 19th ICCC 2020, The 19th International Common Criteria Conference, Virtual (online) Conference, November 16-18, 2020.

Application of the Common Criteria to Building Trustworthy Automotive SDLC

1 of 44
1/39
Application of the Common
Criteria to Building Trustworthy
Automotive SDLC
Seungyeon Jeong, Sooyoung Kang, Seungjoo Kim
sodon513@gmail.com
Department of Automotive
Convergence,
Korea University
bbang814@gmail.com
CIST (Center for Information
Security Technologies),
School of Cybersecurity,
Korea University
skim71@korea.ac.kr
*Corresponding Author
CIST (Center for Information
Security Technologies),
School of Cybersecurity,
Korea University
2/39
1. Motivation
2. Related works
3. CIA-Level Driven Secure SDLC
Framework
4. Trustworthy Automotive SDLC
5. Case Study
6. Conclusion
3/39
1. Motivation
4/39
1. Motivation
▪ History
1970s
2022
1980s
2015
2002
• The US government recognized that it is not possible to improve
the security of products by penetrate & patch approach.
• The US government recognized that the product development
process itself must be systematically and strictly managed(a.k.a.
security-by-design) in order to improve the security of products.
※ Security-by-design: to reduce the complexity of the product by considering security from the initial phase of development process to achieve trustworthiness of the
product
5/39
1. Motivation
▪ History
※ Secure SDLC(Secure Software/System Development Life Cycle): The development process containing the security-by-design philosophy
※ UNECE (United Nations Economic Commission for Europe)
• In the industry, Microsoft and IBM have been interested in secure
SDLC at first and spread it to the industry.
• The Department of Defense(DoD) demands an evaluation and
improvement of cybersecurity of weapons systems based on
operational requirements such as the Risk Management
Framework(RMF).
• UNECE requires the application of secure SDLC on vehicles by
enacting UNECE automotive cybersecurity regulation(UNECE
regulation).
1970s
2022
1980s
2015
2002
6/39
1. Motivation
▪ From the early 1970s, the U.S. government has begun to recognize that it is
impossible to improve the security of products only by penetration test.
• They recognized that the development process should be systematically and strictly managed.
▪ From the 1980s, various standards related to security-by-design.
• Development methodologies and evaluation and procurement system has begun to be
published.
▪ In 2013, RMF was released aiming to manage the development and
evaluation/procurement of computer systems of military.
• According to the DoD Cyber Strategy announced in 2015, the scope of RMF has been expanded
from computer systems to advanced weapons systems.
▪ In 2020, UNECE regulation is enacted, and from 2022 vehicles that do not
comply with it cannot be exported to Europe.
We propose a specific security-by-design methodology that can be applied in
automotive development by using Common Criteria(CC) standard.
Published standards or guidelines do not provide a detailed methodology of
security-by-design, so it is very difficult to use them in the actual field.
Ad

Recommended

Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessSeungjoo Kim
 
Verification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLVerification of IVI Over-The-Air using UML/OCL
Verification of IVI Over-The-Air using UML/OCLSeungjoo Kim
 
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin LeeLG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin Lee
LG vs. Samsung Smart TV: Which Is Better for Tracking You? by Sangmin LeeCODE BLUE
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...Seungjoo Kim
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
Smartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileSmartphone Applications - Common Criteria is going Mobile
Smartphone Applications - Common Criteria is going MobileJens Oberender
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 

More Related Content

What's hot

Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureAlan Tatourian
 
Common Criteria and a Mutually-Recognized International Cryptographic Standard
Common Criteria and a Mutually-Recognized International Cryptographic StandardCommon Criteria and a Mutually-Recognized International Cryptographic Standard
Common Criteria and a Mutually-Recognized International Cryptographic StandardAmy Nicewick, CISSP, CCSP, CEH
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentOnward Security
 
Systems architecture with the functional safety/security emphasis
Systems architecture with the functional safety/security emphasisSystems architecture with the functional safety/security emphasis
Systems architecture with the functional safety/security emphasisAlan Tatourian
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive softwareAlan Tatourian
 
Functional Safety and Security process alignment
Functional Safety and Security process alignmentFunctional Safety and Security process alignment
Functional Safety and Security process alignmentAlan Tatourian
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityOnward Security
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology  Security Techniques Evaluation Criteria For It Secrit...Information Technology  Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...Vishnu Kesarwani
 
Enisa report guidelines for securing the internet of things
Enisa report   guidelines for securing the internet of thingsEnisa report   guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsnajascj
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析Onward Security
 
A Thorough Study on Video Integrity using Blockchain
A Thorough Study on Video Integrity using BlockchainA Thorough Study on Video Integrity using Blockchain
A Thorough Study on Video Integrity using Blockchainijtsrd
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...qqlan
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systemsAlan Tatourian
 
IRJET- Vehicle Security System using IoT Application
IRJET-  	  Vehicle Security System using IoT ApplicationIRJET-  	  Vehicle Security System using IoT Application
IRJET- Vehicle Security System using IoT ApplicationIRJET Journal
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security StandardsConferencias FIST
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonPatricia M Watson
 

What's hot (20)

Securing future connected vehicles and infrastructure
Securing future connected vehicles and infrastructureSecuring future connected vehicles and infrastructure
Securing future connected vehicles and infrastructure
 
Common Criteria and a Mutually-Recognized International Cryptographic Standard
Common Criteria and a Mutually-Recognized International Cryptographic StandardCommon Criteria and a Mutually-Recognized International Cryptographic Standard
Common Criteria and a Mutually-Recognized International Cryptographic Standard
 
Cybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT EquipmentCybersecurity Implementation and Certification in Practice for IoT Equipment
Cybersecurity Implementation and Certification in Practice for IoT Equipment
 
Automotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still ExistsAutomotive Cybersecurity: The Gap Still Exists
Automotive Cybersecurity: The Gap Still Exists
 
Systems architecture with the functional safety/security emphasis
Systems architecture with the functional safety/security emphasisSystems architecture with the functional safety/security emphasis
Systems architecture with the functional safety/security emphasis
 
Highly dependable automotive software
Highly dependable automotive softwareHighly dependable automotive software
Highly dependable automotive software
 
Functional Safety and Security process alignment
Functional Safety and Security process alignmentFunctional Safety and Security process alignment
Functional Safety and Security process alignment
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
The Present and Future of IoT Cybersecurity
The Present and Future of IoT CybersecurityThe Present and Future of IoT Cybersecurity
The Present and Future of IoT Cybersecurity
 
Information Technology Security Techniques Evaluation Criteria For It Secrit...
Information Technology  Security Techniques Evaluation Criteria For It Secrit...Information Technology  Security Techniques Evaluation Criteria For It Secrit...
Information Technology Security Techniques Evaluation Criteria For It Secrit...
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
 
Enisa report guidelines for securing the internet of things
Enisa report   guidelines for securing the internet of thingsEnisa report   guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析
 
A Thorough Study on Video Integrity using Blockchain
A Thorough Study on Video Integrity using BlockchainA Thorough Study on Video Integrity using Blockchain
A Thorough Study on Video Integrity using Blockchain
 
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
 
High dependability of the automated systems
High dependability of the automated systemsHigh dependability of the automated systems
High dependability of the automated systems
 
IRJET- Vehicle Security System using IoT Application
IRJET-  	  Vehicle Security System using IoT ApplicationIRJET-  	  Vehicle Security System using IoT Application
IRJET- Vehicle Security System using IoT Application
 
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesUnderstanding IoT Security: How to Quantify Security Risk of IoT Technologies
Understanding IoT Security: How to Quantify Security Risk of IoT Technologies
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 

Similar to Application of the Common Criteria to Building Trustworthy Automotive SDLC

Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262Torben Haagh
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsIRJET Journal
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicCloudHesive
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc   cosac - 201...Enumerating software security design flaws throughout the ssdlc   cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Embitel Technologies (I) PVT LTD
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testingAxel Rennoch
 
Lecture Course Outline and Secure SDLC.ppt
Lecture Course Outline and Secure SDLC.pptLecture Course Outline and Secure SDLC.ppt
Lecture Course Outline and Secure SDLC.pptDrBasemMohamedElomda
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Kenji Taguchi
 
Eric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingEric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingPositive Hack Days
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleRishi Kant
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Dilum Bandara
 
Module-3_Design thinking in IT Industries.pdf
Module-3_Design thinking in IT Industries.pdfModule-3_Design thinking in IT Industries.pdf
Module-3_Design thinking in IT Industries.pdfvijimech408
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile processZubair Rahim
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 

Similar to Application of the Common Criteria to Building Trustworthy Automotive SDLC (20)

Requirements of ISO 26262
Requirements of ISO 26262Requirements of ISO 26262
Requirements of ISO 26262
 
Comparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC ModelsComparitive Analysis of Secure SDLC Models
Comparitive Analysis of Secure SDLC Models
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc   cosac - 201...Enumerating software security design flaws throughout the ssdlc   cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint Why safety plan is critical in development of iso 26262 complaint
Why safety plan is critical in development of iso 26262 complaint
 
Model-based security testing
Model-based security testingModel-based security testing
Model-based security testing
 
Lecture Course Outline and Secure SDLC.ppt
Lecture Course Outline and Secure SDLC.pptLecture Course Outline and Secure SDLC.ppt
Lecture Course Outline and Secure SDLC.ppt
 
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020
 
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Eric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core BankingEric Anklesaria. Secure SDLC - Core Banking
Eric Anklesaria. Secure SDLC - Core Banking
 
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'24may 1200 valday eric anklesaria 'secure sdlc – core banking'
24may 1200 valday eric anklesaria 'secure sdlc – core banking'
 
Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...Security Culture from Concept to Maintenance: Secure Software Development Lif...
Security Culture from Concept to Maintenance: Secure Software Development Lif...
 
Module-3_Design thinking in IT Industries.pdf
Module-3_Design thinking in IT Industries.pdfModule-3_Design thinking in IT Industries.pdf
Module-3_Design thinking in IT Industries.pdf
 
Integrating of security activates in agile process
Integrating of security activates in agile processIntegrating of security activates in agile process
Integrating of security activates in agile process
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 

More from Seungjoo Kim

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리Seungjoo Kim
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. SyllabusSeungjoo Kim
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...Seungjoo Kim
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto BlockchainSeungjoo Kim
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart ContractSeungjoo Kim
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and MetaverseSeungjoo Kim
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other AltcoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark CoinsSeungjoo Kim
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...Seungjoo Kim
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Seungjoo Kim
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Seungjoo Kim
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsSeungjoo Kim
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Seungjoo Kim
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Seungjoo Kim
 
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -Seungjoo Kim
 
Security Paradigm Change in Industry 4.0
Security Paradigm Change in Industry 4.0Security Paradigm Change in Industry 4.0
Security Paradigm Change in Industry 4.0Seungjoo Kim
 
New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)Seungjoo Kim
 
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)Seungjoo Kim
 

More from Seungjoo Kim (20)

블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리블록체인의 본질과 동작 원리
블록체인의 본질과 동작 원리
 
[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus[Blockchain and Cryptocurrency] 01. Syllabus
[Blockchain and Cryptocurrency] 01. Syllabus
 
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
[Blockchain and Cryptocurrency] 02. Blockchain Overview and Introduction - Te...
 
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
[Blockchain and Cryptocurrency] 03. Blockchain's Theoretical Foundation, Cryp...
 
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
[Blockchain and Cryptocurrency] 04. Bitcoin and Nakamoto Blockchain
 
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
[Blockchain and Cryptocurrency] 05. Ethereum and Smart Contract
 
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse[Blockchain and Cryptocurrency] 06. NFT and Metaverse
[Blockchain and Cryptocurrency] 06. NFT and Metaverse
 
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
[Blockchain and Cryptocurrency] 07. Cardano(ADA) and Other Altcoins
 
[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins[Blockchain and Cryptocurrency] 08. Dark Coins
[Blockchain and Cryptocurrency] 08. Dark Coins
 
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
[Blockchain and Cryptocurrency] 09. Blockchain Usage Beyond Currency - Way to...
 
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
Why is it getting harder to train the cybersecurity workforce? (ExtendedVersion)
 
Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)Kid Blockchain - Everything You Need to Know - (Part 2)
Kid Blockchain - Everything You Need to Know - (Part 2)
 
Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)Kid Blockchain - Everything You Need to Know - (Part 1)
Kid Blockchain - Everything You Need to Know - (Part 1)
 
How South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber ThreatsHow South Korea Is Fighting North Korea's Cyber Threats
How South Korea Is Fighting North Korea's Cyber Threats
 
Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?Blockchain for Cyber Defense: Will It Be As Good As You Think?
Blockchain for Cyber Defense: Will It Be As Good As You Think?
 
Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화Post-Coronavirus 시대 보안 패러다임의 변화
Post-Coronavirus 시대 보안 패러다임의 변화
 
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -
프라이버시 딜레마 - HTTPS 차단, 약인가 독인가? -
 
Security Paradigm Change in Industry 4.0
Security Paradigm Change in Industry 4.0Security Paradigm Change in Industry 4.0
Security Paradigm Change in Industry 4.0
 
New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)New Threat Trends in CII(Critical Information Infrastructure)
New Threat Trends in CII(Critical Information Infrastructure)
 
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)
JTBC 차이나는 클라스 [62강] '블록체인, 신세계인가? 신기루인가?' (2018.5.23)
 

Recently uploaded

Student Challange as Google Developers at NKOCET
Student Challange as Google Developers at NKOCETStudent Challange as Google Developers at NKOCET
Student Challange as Google Developers at NKOCETGDSCNKOCET
 
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptx
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptxDeep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptx
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptxpmgdscunsri
 
PM24_Oral_Presentation_Template_Guidelines.pptx
PM24_Oral_Presentation_Template_Guidelines.pptxPM24_Oral_Presentation_Template_Guidelines.pptx
PM24_Oral_Presentation_Template_Guidelines.pptxnissamant
 
Shankar communication assignment no1 .pdf
Shankar communication assignment no1 .pdfShankar communication assignment no1 .pdf
Shankar communication assignment no1 .pdfshankaranarayanan972
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSbinuvijay1
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...GauravBhartie
 
Into the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxInto the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxGDSCYCCE
 
Deluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfDeluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfartpoa9
 
chap. 3. lipid deterioration oil and fat processign
chap. 3. lipid deterioration oil and fat processignchap. 3. lipid deterioration oil and fat processign
chap. 3. lipid deterioration oil and fat processignteddymebratie
 
Gate-Level Simulation Methodology Improving Gate-Level Simulation Performance
Gate-Level Simulation Methodology Improving Gate-Level Simulation PerformanceGate-Level Simulation Methodology Improving Gate-Level Simulation Performance
Gate-Level Simulation Methodology Improving Gate-Level Simulation Performancesuddentrike2
 
Get start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiGet start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiAshishChanchal1
 
Architectural Preservation - Heritage, focused on Saudi Arabia
Architectural Preservation - Heritage, focused on Saudi ArabiaArchitectural Preservation - Heritage, focused on Saudi Arabia
Architectural Preservation - Heritage, focused on Saudi ArabiaIgnacio J. Palma, Arch PhD.
 
self introduction sri balaji
self introduction sri balajiself introduction sri balaji
self introduction sri balajiSriBalaji891607
 
Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0RaishKhanji
 
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfPlant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfMianHusnainIqbal2
 
my goal is place in mnc's companies and got good salary
my goal is place in mnc's companies and got good salarymy goal is place in mnc's companies and got good salary
my goal is place in mnc's companies and got good salarymonoarul2004
 
Pre-assessment & Data Sheet presentation template - 2023.pptx
Pre-assessment & Data Sheet presentation template - 2023.pptxPre-assessment & Data Sheet presentation template - 2023.pptx
Pre-assessment & Data Sheet presentation template - 2023.pptxssuserc79a6f
 
biofilm fouling of the membrane present in aquaculture
biofilm fouling of the membrane present in aquaculturebiofilm fouling of the membrane present in aquaculture
biofilm fouling of the membrane present in aquacultureVINETUBE2
 
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.pptMohanumar S
 
Introduction communication assignmen.pdf
Introduction communication assignmen.pdfIntroduction communication assignmen.pdf
Introduction communication assignmen.pdfKannigaSaraswathyM
 

Recently uploaded (20)

Student Challange as Google Developers at NKOCET
Student Challange as Google Developers at NKOCETStudent Challange as Google Developers at NKOCET
Student Challange as Google Developers at NKOCET
 
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptx
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptxDeep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptx
Deep Learning For Computer Vision- Day 3 Study Jams GDSC Unsri.pptx
 
PM24_Oral_Presentation_Template_Guidelines.pptx
PM24_Oral_Presentation_Template_Guidelines.pptxPM24_Oral_Presentation_Template_Guidelines.pptx
PM24_Oral_Presentation_Template_Guidelines.pptx
 
Shankar communication assignment no1 .pdf
Shankar communication assignment no1 .pdfShankar communication assignment no1 .pdf
Shankar communication assignment no1 .pdf
 
UNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGSUNIT I INTRODUCTION TO INTERNET OF THINGS
UNIT I INTRODUCTION TO INTERNET OF THINGS
 
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
Microstrip Bandpass Filter Design using EDA Tolol such as keysight ADS and An...
 
Into the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptxInto the World of AI GDSC YCCE PPTX.pptx
Into the World of AI GDSC YCCE PPTX.pptx
 
Deluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdfDeluck Technical Works Company Profile.pdf
Deluck Technical Works Company Profile.pdf
 
chap. 3. lipid deterioration oil and fat processign
chap. 3. lipid deterioration oil and fat processignchap. 3. lipid deterioration oil and fat processign
chap. 3. lipid deterioration oil and fat processign
 
Gate-Level Simulation Methodology Improving Gate-Level Simulation Performance
Gate-Level Simulation Methodology Improving Gate-Level Simulation PerformanceGate-Level Simulation Methodology Improving Gate-Level Simulation Performance
Gate-Level Simulation Methodology Improving Gate-Level Simulation Performance
 
Get start with Machine Learning and Vertexai
Get start with Machine Learning and VertexaiGet start with Machine Learning and Vertexai
Get start with Machine Learning and Vertexai
 
Architectural Preservation - Heritage, focused on Saudi Arabia
Architectural Preservation - Heritage, focused on Saudi ArabiaArchitectural Preservation - Heritage, focused on Saudi Arabia
Architectural Preservation - Heritage, focused on Saudi Arabia
 
self introduction sri balaji
self introduction sri balajiself introduction sri balaji
self introduction sri balaji
 
Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0Introduction about Technology roadmap for Industry 4.0
Introduction about Technology roadmap for Industry 4.0
 
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdfPlant Design for bioplastic production from Microalgae in Pakistan.pdf
Plant Design for bioplastic production from Microalgae in Pakistan.pdf
 
my goal is place in mnc's companies and got good salary
my goal is place in mnc's companies and got good salarymy goal is place in mnc's companies and got good salary
my goal is place in mnc's companies and got good salary
 
Pre-assessment & Data Sheet presentation template - 2023.pptx
Pre-assessment & Data Sheet presentation template - 2023.pptxPre-assessment & Data Sheet presentation template - 2023.pptx
Pre-assessment & Data Sheet presentation template - 2023.pptx
 
biofilm fouling of the membrane present in aquaculture
biofilm fouling of the membrane present in aquaculturebiofilm fouling of the membrane present in aquaculture
biofilm fouling of the membrane present in aquaculture
 
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt
20CE501PE – INDUSTRIAL WASTE MANAGEMENT.ppt
 
Introduction communication assignmen.pdf
Introduction communication assignmen.pdfIntroduction communication assignmen.pdf
Introduction communication assignmen.pdf
 

Application of the Common Criteria to Building Trustworthy Automotive SDLC

  • 1. 1/39 Application of the Common Criteria to Building Trustworthy Automotive SDLC Seungyeon Jeong, Sooyoung Kang, Seungjoo Kim sodon513@gmail.com Department of Automotive Convergence, Korea University bbang814@gmail.com CIST (Center for Information Security Technologies), School of Cybersecurity, Korea University skim71@korea.ac.kr *Corresponding Author CIST (Center for Information Security Technologies), School of Cybersecurity, Korea University
  • 2. 2/39 1. Motivation 2. Related works 3. CIA-Level Driven Secure SDLC Framework 4. Trustworthy Automotive SDLC 5. Case Study 6. Conclusion
  • 4. 4/39 1. Motivation ▪ History 1970s 2022 1980s 2015 2002 • The US government recognized that it is not possible to improve the security of products by penetrate & patch approach. • The US government recognized that the product development process itself must be systematically and strictly managed(a.k.a. security-by-design) in order to improve the security of products. ※ Security-by-design: to reduce the complexity of the product by considering security from the initial phase of development process to achieve trustworthiness of the product
  • 5. 5/39 1. Motivation ▪ History ※ Secure SDLC(Secure Software/System Development Life Cycle): The development process containing the security-by-design philosophy ※ UNECE (United Nations Economic Commission for Europe) • In the industry, Microsoft and IBM have been interested in secure SDLC at first and spread it to the industry. • The Department of Defense(DoD) demands an evaluation and improvement of cybersecurity of weapons systems based on operational requirements such as the Risk Management Framework(RMF). • UNECE requires the application of secure SDLC on vehicles by enacting UNECE automotive cybersecurity regulation(UNECE regulation). 1970s 2022 1980s 2015 2002
  • 6. 6/39 1. Motivation ▪ From the early 1970s, the U.S. government has begun to recognize that it is impossible to improve the security of products only by penetration test. • They recognized that the development process should be systematically and strictly managed. ▪ From the 1980s, various standards related to security-by-design. • Development methodologies and evaluation and procurement system has begun to be published. ▪ In 2013, RMF was released aiming to manage the development and evaluation/procurement of computer systems of military. • According to the DoD Cyber Strategy announced in 2015, the scope of RMF has been expanded from computer systems to advanced weapons systems. ▪ In 2020, UNECE regulation is enacted, and from 2022 vehicles that do not comply with it cannot be exported to Europe. We propose a specific security-by-design methodology that can be applied in automotive development by using Common Criteria(CC) standard. Published standards or guidelines do not provide a detailed methodology of security-by-design, so it is very difficult to use them in the actual field.
  • 8. 8/39 2. Related works ▪ Research papers • We analyzed 66 research papers related to automotive security development. ✓ Papers published from 2010 to 2020, and only papers published in 4 major digital library of (i) ACM (ii) IEEE (iii) Springer, and (iv) Elsevier. ✓ Papers with 'Automotive' or 'CPS' as a keyword and have the subject of the entire process('Process’, 'Lifecycle’, 'Development'), some phases('Requirements analysis') or some activities('Fuzz test'). Phase Description Num Req/Des Requirement Analysis/ Design 56 Imp/ Veri Implementation/ Verification 5 Rel/ Oper Release/ Operation 1 Entire Entire process 4 Total 66 Req/Des(auto), 14 Imp/Veri(auto), 3 Rel/Oper(auto), 1 Entire(auto), 5 Req/Des Imp/Veri Rel/Oper Entire 0 10 20 30 40 50 60 Phase Number of studies CPS security development studies CPS Automotive ※ CPS(Cyber Physical System)
  • 9. 9/39 2. Related works ▪ Research papers(Examples) • Setting Expectations for CC in the Software Development Lifecycle(ICCC, 2008) ✓ This research performed mapping between SDLC and CC but does not present specific SDLC activities. • Verification of IVI Over-The-Air using UML/OCL (ICCC, 2019) ✓ This research mentioned secure SDLC, but only covers the requirements analysis and design phases.
  • 10. 10/39 2. Related works ▪ Secure SDLC standards & guidelines • Well-known secure SDLC standards and guidelines are extended and utilized in various fields. Software Microsoft SDL Secure SDLC developed by Microsoft and applied directly to operating systems and database products Not include disposal phase Lack of activity for implementation phaseNIST SSDLC Secure SDLC on Software and hardware developed by NISTSystem Best practices OWASP CLASP Secure SDLC to strengthen security in the early phases with 5 views and 24 activities Lack of information because the project period expired Vehicles SAE J3061 Secure SDLC guideline suggesting ways to ensure the security of automotive development Not include training and disposal phase ※ OWASP(Open Web Application Security Project), CLASP(Comprehensive, Lightweight Application Security Process), SAE(Society of Automotive Engineers) Target Secure SDLC Description Cons ※ SDL(Software Development Lifecycle), NIST(National Institute of Standards and Technology), SSDLC(Secure System Development Life Cycle)
  • 11. 11/39 2. Related works ▪ Automotive Cybersecurity Regulation • UNECE is enacting automotive cybersecurity regulation to ensure security for the entire development process. ✓ Expected to take effect for new vehicles from 2022 and for the existing vehicles from 2024.
  • 12. 12/39 2. Related works ▪ Automotive Cybersecurity Regulation • UNECE regulation is expected to expand as UAM development becomes active in the future. • Hyundai Motor Group has started to develop an innovative Urban Air Mobility(UAM) infrastructure. ✓ They decided to invest $1.5 billion over the next five years in infrastructure such as private air vehicles(PAVs) and hubs for UAM. • Global companies expect that the UAM market will experience explosive growth over the next 20 years. ✓ The Porsche Group predicts that the UAM market will grow rapidly from 2025, and the market demand will reach about 16,000 units worldwide by 2035. ✓ Morgan Stanley, an investment bank of the US, predicts that the autonomous mobility market, including UAM, will reach $1.5 trillion by 2040.
  • 13. 13/39 3. CIA-Level Driven Secure SDLC Framework
  • 14. 14/39 3. CIA-Level Driven Secure SDLC Framework ▪ Security-by-Design • To reduce the complexity of a product by considering security from the early phases of development(such as requirements analysis or design) and consequently to achieve the product's trustworthiness. • The trustworthiness is to achieve all aspects of the correctness, safety, and security of the product's functions. ▪ CIA • Trustworthiness which is the goal of security-by-design can be named after CIA. Functional Correctness Safety Integrity Security Assurance + + CIA-Level Driven Secure SDLC Framework
  • 15. 15/39 3. CIA-Level Driven Secure SDLC Framework ▪ CIA-Level Driven Secure SDLC Framework(CIA-Level Framework) • Security-by-design methodology integrating secure SDLCs and evidence- based approaches • It combines 10 types of secure SDLCs and 3 types of evidence-based approaches. • It concretizes the secure SDLC to derive related processes, security activities, detailed security activities, and evidence templates. ※ Evidence-based approaches: A standard that provides a concrete way of performing a process by presenting detailed requirements(such as evidences, detailed activities, etc.) for each activities of the development process ※ CC(Common Criteria, ISO 15408) ※ PIMS(Privacy Impact Management System, ISO 27701) ※ ISMS(Information Security Management System, ISO 27001) • Microsoft SDL • NIST SSDLC • CSA SDF • SAFECode • MgGraw Touchpoints • OWASP CLASP • Cigital BSIMM • OWASP SAMM • NIST RMF • SAE J3061 Secure SDLC • CC • PIMS Evidence-based approach • ISMS Customized secure SDLC Process, Activities, Evidence Templates CIA-Level Framework
  • 16. 16/39 3. CIA-Level Driven Secure SDLC Framework ▪ CIA-Level Framework • It quantitatively analyzes the difference in the level of secure SDLC process between enterprises and their competitors. • It can be useful when the enterprise wants to build secure SDLC in the actual field by easily eliciting requirements(security activities, detailed security activities, and evidence templates) to build secure SDLC at the desired level. CIA-Level Extractor Customized Secure SDLC Constructor Activity-Evidence Mapper Standards, Laws, Rules, and Regulations Customized Secure SDLC Process, Activities, Detailed Activities, Evidence Templates • Standards, Laws, Rules, and Regulations: Common Criteria, ISMS, PIMS, etc. • Activity-Evidence Mapper: Mapping Secure SDLC activities and evidences by CIA-Level Target Market
  • 17. 17/39 ▪ Module that maps secure SDLCs and evidence-based approaches • It considers 10 types of secure SDLC standards and guidelines that are widely used in each field. ✓ It compares and analyzes those secure SDLCs and generalizes them into 10 phases. ✓ It derives 66 security activities by summing up all the security activities that need to be performed in each phase and removing redundant security activities. 3. CIA-Level Driven Secure SDLC Framework Activity-Evidence Mapper Analyze and normalize all the activities of each phase of every standard Integrate them into one single Secure SDLC Map secure SDLC and the SAR components of CC to the normalized activities Define detailed activities and build a template for each normalized activity Supplement the unmapped activities with other standards Standards, Laws, Rules, and Regulations Integrated Secure SDLC Process with detailed activities and evidence templates CC, CEM ISMS, PIMS, etc. ※ SAR(Security Assurance Requirements), CEM(Common Evaluation Methodology)
  • 18. 18/39 3. CIA-Level Driven Secure SDLC Framework ▪ Integrated Secure SDLC Process – Security activities • CIA-Level Framework consists of a total of 66 activities for 10 phases and 28 evidence templates. 1. Security Training 2. Initiation 3. Requirements analysis 4. Acquisition 5. Design 6. Implement-ation 7. Verification 8. Production& Release 9. Operation 10. Disposal 1.1 Basic security training 3 9 9 3 12 3 8 7 7 5 1.2 Advanced security training 1.3 Plan training schedules 2.1 Project categorization 2.2 Role identification 2.3 Project tools selection 2.4 Security requirements source identification 2.5 Minimum quality level definition 2.6 Prepare compensation system for handling security issues 2.7 Plan project schedule 2.8 Security goals setting by field 2.9 Verifying consistency & completeness of goals 3.1 Estimating scope of project security analysis 3.2 Impact assessment for privacy 3.3 Impact assessment for business 3.4 Impact assessment for safety 3.5 Existing software assessment 3.6 Functional requirements elicitation 3.7 Security requirements elicitation 3.8 Conformity & conflict check on requirements by field 3.9 Verifying requirements based on security goals 4.1 Plan third-party components acquisition 4.2 Requirements definition for third- party components 4.3 Assessment & test for third-party components 10.1 Transfer & disposal procedure planning 10.2 Important information disposal 10.3 Media Erase 10.4 Hardware and software disposal 10.5 System shutdown 9.1 Monitoring planning 9.2 Continuous monitoring 9.3 Vulnerability report 9.4 Vulnerabilities assessment 9.5 Solution establishment 9.4 Vulnerability disclosure & patch/update 9.5 Configuration management after release 8.1 Final security review 8.2 Final privacy review 8.3 Requirements elicitation for production 8.4 Production procedure determination 8.5 Verification of production 8.4 Accident response planning 8.5 Security review for deployment procedure 7.1 Final security review 7.2 Final privacy review 7.3 Requirements elicitation for production 7.4 Production procedure determination 7.5 Verification of production 7.6 Accident response planning 7.7 Security review for deployment procedure 7.8 Security review for deployment procedure 5.1 Functions & design specification 5.2 Compliance with design best practices and principles 5.3 Structural design for the integration process 5.4 Asset identification 5.5 Create data flow diagram 5.6 Threat elicitation 5.7 Attack Library Collection 5.8 Risk analysis by field 5.9 Mitigation elicitation by field 5.10 Privacy analysis 5.11 Use case and misuse case identification 5.12 Verifying design based on requirements 6.1 Compliance with secure coding guidelines 6.2 Creation for deployment guide document and tools 6.3 Implementation verification according to design
  • 19. 19/39 3. CIA-Level Driven Secure SDLC Framework ▪ Integrated Secure SDLC Process – Evidence templates • CIA-Level Framework consists of a total of 66 activities for 10 phases and 28 evidence templates. Phase Evidence Num. Phase Evidence Num. 1 Security Training • Security training plan • Training attendee list 2 6 Impleme- ntation • Source code • Unit test plan and test scenario • Unit test results 3 2 Initiation • Current process analysis • Current system analysis • Project plan • Software Requirements Specification 4 7 Verification • Integrated/system/acquisition test plan and test scenario • Integrated/system/acquisition test results • Vulnerability analysis 3 3 Require- ments Analysis • Impact assessment • Interface definition 2 8 Production & Release • Rehearsal plan and rehearsal result • Release request • Emergency incident response plan • Emergency accident response result 4 4 Acquisition • Acquisition confirmation document 1 9 Operation • Preparation result • Operator instructions • User guide • Vulnerability Response Plan • Vulnerability patch result 5 5 Design • Software design specification • Software architecture design and System architecture design specification • Integrated test plan and integrated test scenario 3 10 Disposal • System execution plan and system execution result 1
  • 20. 20/39 3. CIA-Level Driven Secure SDLC Framework ▪ Repository that stores the mapping results and related details of Activity- Evidence Mapper • Database consists of a 4-table scheme. ✓ Table of 10 generalized secure SDLC phases ✓ Table of 66 security activities that must be performed at each phase ✓ Table of detailed security activity lists and descriptions ✓ Table of document templates that need to be produced Database Database scheme Integrated Secure SDLC Phase Activities Detailed Activities Evidence Document Templates CC (SAR & CEM) ISMS PIMS AAA BBB CCC DDD
  • 21. 21/39 ▪ CIA-Level Extractor: Module that extracts the CIA-Level of a company's secure SDLC • It quantitatively analyzes the security activities of the secure SDLC and calculates CIA-Level. ✓ CIA-Level: Indicator of trustworthiness that composed of Level 1 to Level 7 ✓ It means that the secure SDLC is systematically and strictly managed as the level increases. ▪ GAP Analyzer: Module that analyzes the gap of secure SDLC level between the company and its competitors Integrated Secure SDLC Phase Activities Detailed Activities Evidence Document Templates CC (SAR & CEM) ISMS PIMS AAA BBB CCC DDD 3. CIA-Level Driven Secure SDLC Framework CIA-Level Extractor & GAP Analyzer Predict competitor’s secure SDLC process, Activities, Detailed Activities etc. Analyze the differences of each activity between the company and competitors Gap Analysis Report Average CIA-level of Competitor’s Flagship Products Company’s secure SDLC Process, Activities, Detailed Activities, Evidences, Tools, etc.
  • 22. 22/39 3. CIA-Level Driven Secure SDLC Framework ▪ Module that provides detailed information on the level desired by the company • It provides secure SDLC process, security activities, detailed security activities, and evidence templates. ✓ It quantitative analyze on only relevant security activities out of a total of 66 security activities, considering the business sector and characteristics. ✓ It ensures traceability of the entire Secure SDLC by easily deriving documents that need to be produced. Customized Secure SDLC Constructor Select the phases according to the characteristics of the products of the company Choose the detailed activities and the evidence templates according to CIA level Customized Secure SDLC Process, Activities, Detailed Activities Evidence Templates CIA-Level Database
  • 24. 24/39 4. Trustworthy Automotive SDLC ▪ Trustworthy Automotive SDLC(TA_SDLC) • Specific security-by-design methodology for automotive development • It is an application of CIA-Level Framework that is extended and utilized for automotive development. • It is assumed that automotive OEMs have a safety development process(Safety SDLC) according to ISO 26262. Security Level Extractor Safety & Security Integrator OEM’s Safety SDLC (ISO 26262 safety development process) Safety Level Extractor CIA-Level Framework Safety & Security Integrator TA_SDLC Requirements Requirements of UNECE regulation & ISO/SAE 21434 Customized TA_SDLC Process, Activities, Evidence Templates ※ ISO(International Organization for Standardization), ISO 26262: International standard for functional safety of electrical/electronic systems in road vehicles ※ OEM(Original Equipment Manufacturer)
  • 25. 25/39 4. Trustworthy Automotive SDLC ▪ TA_SDLC Requirements • A total of 4 requirements of TA_SDLC were derived. ✓ They were selected based on the characteristics of automotive development. ※ Third-party component: components developed and utilized by other companies ※ Traceability: To ensure consistency in the results between phases so that we can trace back to the initial cause when a security problem occurs ※ Depth: Indicators for the degree of activities detail defined in this study ① Targets on system ② Includes the procedure of third-party components acquisition ③ Ensures traceability between phases ④ Provides detailed activities and the evidence templates for every phase of the process(depth=2) Depth = 0 Depth = 1 Depth = 2
  • 26. 26/39 4. Trustworthy Automotive SDLC ASIL level of ISO 26262 ▪ Safety Level Extractor: Module that extracts the safety level of a company’s safety SDLC • We assume that automotive OEMs have a safety SDLC according to ISO 26262. ✓ ASIL: safety-related risk level defined by the ISO 26262 ✓ ASIL required for developing major functions of vehicles is C level or higher. ▪ Security Level Extractor: Module that extracts the security level corresponding to the safety level of the existing safety SDLC • It should satisfy EAL 5 to sufficient security for automotive development. ✓ EAL: security assurance level defined by CC ✓ ASIL C corresponds to the EAL 5 level of CC. Safety Level Extractor & Security Level Extractor ASIL C or higher ※ ASIL(Automotive Safety Integrity Level):, EAL(Evaluation Assurance Level), ISO/SAE 21434: International standard for security of E/E systems in road vehicles
  • 27. 27/39 4. Trustworthy Automotive SDLC ▪ Framework that derives detailed secure SDLC for the target company • It derives secure SDLC suitable for automotive development by inserting TA_SDLC requirements and security level to the CIA-Level Framework. ▪ Module that integrates TA_SDLC derived from CIA-Level Framework and existing automotive safety SDLC • It derives Customized TA_SDLC suitable for ISO 26262’s safety SDLC. Safety & Security Integrator CIA-Level Framework EAL 5 CIA-Level Framework Safety & Security Integrator Customized TA_SDLC Process, Activities, Evidence Templates ISO 26262’s Safety SDLCTrustworthy Automotive SDLC Requirements Requirements of UNECE regulation & ISO/SAE 21434
  • 28. 28/39 4. Trustworthy Automotive SDLC ▪ TA_SDLC Process – Activities • TA_SDLC consists of a total of 50 activities for 10 phases and 26 evidence templates. 1. Training 1.1 Perform training 1.1.1 Basic training 1.1.2 Advanced training 1.2 Plan training schedules 1.2.1 Training schedules planning 2. Initiation 2.1 Configure project environment 2.1.1 Project categorization 2.1.2 Role identification 2.1.3 Project tools selection 2.1.4 Requirements source identification 2.1.5 Minimum quality level definition 2.2 Plan project schedule 2.2.1 Project schedules planning 2.2.2 Project analysis coverage definition 2.3 Set & verify goals 2.3.1 Goals setting 2.3.2 Verifying consistency & completeness of goals 3. Requirements analysis 3.1 Assess impact level 3.1.1 Impact assessment 3.1.2 Conformity & conflict check on impact assessment results 3.1.3 Existing system assessment 3.2 Elicit requirements 3.2.1 Requirements elicitation 3.3 Verify requirements 3.3.1 Verifying requirements based on goals 3.2.2 Conformity & conflict check on requirements 4. Acquisition 4.1 Plan third-party components acquisition 4.1.1 Acquisition scope setting & planning 4.1.2 Requirements definition for third-party components 4.2 Use third-party components 4.2.1 Assessment & test for third-party components 5. Design 5.1 Design architecture 5.1.1 Functions & design specification 5.1.2 Design integrated structure 5.2 Analyze risk 5.2.1 Risk analysis 5.2.2 Mitigation elicitation 5.2.3 Conformity & conflict check on mitigations 5.3 Verify design 5.3.1 Verifying design based on requirements 6. Implementation 6.1 Build an implementation environment 6.1.1 Coding guidelines compliance 6.1.2 Guideline & tools creation 6.2 Verify Implementation 6.2.1 Verifying implementation based on design 7. Verification 7.1 Test 7.1.1 Static analysis 7.1.2 Dynamic analysis 7.2 Review before production 7.2.1 Final review 7.2.2 Documents review & update 7.1.3 Integration & acceptance test 7.1.4 Penetration test 8. Production& Release 8.1 Produce 8.1.1 Requirements elicitation for production 8.1.2 Production procedure determination 8.2 Establish response plans 8.2.1 Accident response planning 8.1.3 Verification of production 8.3 Review deployment procedure 8.3.1 Security review for deployment procedure 9. Operation 9.1 Monitor 9.1.1 Monitoring planning 9.1.2 Continuous monitoring 9.2 Respond to Incident 9.2.1 Vulnerability report 9.3 Manage configuration 9.3.1 Configuration management after release 9.2.2 Vulnerabilities assessment 9.2.3 Solution establishment 9.2.4 Vulnerability disclosure & patch/update 10. Disposal 10.1 Plan transfer & disposal procedure 10.1.1 Transfer & disposal procedure planning 10.2 Build transfer & disposal environment 10.2.1 Providing guidelines for transfer & disposal procedures 3 9 6 3 6 3 6 5 7 2
  • 29. 29/39 4. Trustworthy Automotive SDLC ▪ TA_SDLC Process – Evidence templates • TA_SDLC consists of a total of 50 activities for 10 phases and 26 evidence templates. Phase Evidence Num. Phase Evidence Num. 1 Training • Training plan • List of attendance at training 2 6 Impleme- ntation • System implementation report • User's manual or tool • Project implementation verification report 3 2 Initiation • Project plan • Project goal verification report 2 7 Verification • Test plan • Test result report • Vulnerability Analysis report • Final review report 4 3 Require- ments Analysis • Impact assessment report • Requirements definition report • Project requirements verification report 3 8 Production & Release · Production plan · Production verification report · Accident response plan 3 4 Acquisition • Acquisition plan • Acquisition inspection report 2 9 Operation · System monitoring report · Accident response report 2 5 Design • Design specification • Architecture specification • System Risk Analysis report • Project design verification report 4 10 Disposal · Guidelines for system transfer and disposal 1
  • 31. 31/39 5. Case Study – CIA-Level Framework(Company A) ▪ To prove the effectiveness of the CIA-Level Framework, we applied it to a representative software development company(A) in Korea. ▪ We selected competitors of company A and performed the following process. • After selecting the competitor as Microsoft, we selected CIA-Level 4 based on the CC certification cases. 1. Identify the characteristics of the enterprise 2. Select competitors based on the result of #1 3. Deviate average CIA-level of competitors 4. Select phase and security activities associated with the enterprise 5. Deviate CIA-level for each enterprise security activity 6. Analyze secure SDLC level gap between competitor and enterprise 7. Elicit gap analysis report and result graph 8. Share analysis results to security managers 8. Select CIA-level that enterprise wants 10. Provide suitable secure SDLC process, security activities, detailed security activities, artifacts, etc Product name EAL Year DB Microsoft SQL Server 2014 EAL2+ 2015 Microsoft SQL Server 2014 EAL4+ 2015 Microsoft SQL Server 2016 EAL4+ 2017 Microsoft SQL Server 2016 Database Engine Enterprise Edition EAL2+ 2017 Microsoft SQL Server 2017 EAL4+ 2020 OS Microsoft Windows 10 EAL1 2016 Windows 10 Anniversary Update and Microsoft Windows Server 2016 EAL1 2017 Microsoft Windows 10 EAL1 2018 Windows 10 and Windows Server EAL1 2018 Windows 10 and Windows Server EAL1 2019 Windows 10 and Windows Server 2019 version 1809 EAL1 2019 Windows 10 and Server version 1903 EAL1 2019
  • 32. 32/39 5. Case Study – CIA-Level Framework(Company A) ▪ We selected 8 of the 10 phases: security training, initiation, requirements analysis, design, implementation, verification, release, and operation. • Out of 66 security activities, 58 were selected, and company A determined that only 6 out of 58 security activities had the same level as Microsoft. ▪ We suggested a secure SDLC suitable for company A by applying CIA-Level Framework. • Afterward, the effectiveness of the framework has been proved as company A applied the improved process to the actual environment. 0 1 2 3 4 5 6 7 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 Level Activity Company A Microsoft Security Training Initiation Requirements Analysis Design Implemen -tation Verification Release Operation
  • 33. 33/39 5. Case Study – TA_SDLC(Company B) ▪ In order to prove the effectiveness of TA_SDLC, we applied it to a representative automotive OEM(B) in Korea targeting the European market. ▪ We performed the following process based on company B's development process. • We estimated the satisfaction level of company B's development process for each activity of TA_SDLC. ▪ Company B does not have a systematic security development process and performs security activities sporadically. • We collected information mainly based on expert interviews to understand the security activities performed by company B. 1. Identify company B's development process and activities 2. Estimate satisfaction level of company B's development process with TA_SDLC’s phases and activities 3. Derive improvements of company B's development process for automotive security-by-design
  • 34. 34/39 5. Case Study – TA_SDLC(Company B) ▪ We determined that company B performs only 34 activities out of the 50 activities of TA_SLDC, and 16 additional activities should be performed to achieve automotive security-by-design. • Afterward, we suggested that automotive OEMs could improve the company's development process to satisfy UNECE regulation and develop vehicles with trustworthiness. Phase Number of activities (B/TA_SDLC) 1 Training 2/3 2 Initiation 8/9 3 Requirements Analysis 3/6 4 Acquisition 3/3 5 Design 5/6 6 Implementation 2/3 7 Verification 3/6 8 Production & Release 4/5 9 Operation 4/7 10 Disposal 0/2 Total 34/50
  • 36. 36/39 6. Conclusion ▪ Since the 1980s, the US government has recognized that the development process must be systematically and strictly managed to improve security. ▪ Afterward, Secure SDLC which applies the security-by-design philosophy has begun to be used. • However, it is difficult to use them in the actual field since they are too general. ▪ In this study, we proposed a CIA-Level Framework that derives detailed secure SDLC by integrating existing secure SDLCs and evidence-based approaches. ▪ We also proposed TA_SDLC, a specific automotive security-by-design methodology derived by CIA-Level Framework. ▪ In addition, we did case studies of CIA-Level Framework and TA_SDLC. • By applying CIA-Level Framework to a representative software development company, the effectiveness of CIA-Level Framework was verified. • By applying TA_SDLC to a representative automotive OEM, the possibility of developing vehicles with trustworthiness was presented.
  • 37. 37/39 Reference 1. Abdo, H., et al. "A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie–combining new version of attack tree with bowtie analysis." Computers & Security 72 (2018): 175-195. 2. Apvrille, Ludovic, and Letitia W. Li. "Harmonizing safety, security and performance requirements in embedded systems." 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2019. 3. Asplund, Fredrik, et al. "Rapid Integration of CPS Security and Safety." IEEE Embedded Systems Letters 11.4 (2018): 111-114. 4. Bhalla, Nishchal, et al. "Security risk identification in a secure software lifecycle." U.S. Patent Application No.15784072. 2019 5. Bramberger, Robert, et al. "Co-engineering of Safety and Security Life Cycles for Engineering of Automotive Systems." ACM SIGAda Ada Letters 39.2 (2020): 41-48. 6. Brunner, Michael, et al. "Towards an integrated model for safety and security requirements of cyber-physical systems." 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2017. 7. Casola, Valentina, et al. "A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach." Journal of Systems and Software 163 (2020): 110537. 8. Chen, Earl, et al. "Designing security into software during the development lifecycle." U.S. Patent Application No. 13619581. 2013. 9. Chowdhury, Thomas, et al. "Safe and secure automotive over-the-air updates." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2018. 10. Cigital, "Building Security in Maturity Model 1.0." 11. CSA, “security-by-design Framework version 1.0”. 2017 12. Dobaj, Jürgen, et al. "Towards Integrated Quantitative Security and Safety Risk Assessment." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019. 13. Fowler, Daniel S., et al. "A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example." 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2019. 14. Futcher, Lynn, and Rossouw von Solms. "SecSDM: a model for integrating security into the software development life cycle." IFIP World Conference on Information Security Education. Springer, New York, NY, 2007. 15. Geismann, Johannes, Christopher Gerking, and Eric Bodden. "Towards ensuring security-by-design in cyber-physical systems engineering processes." Proceedings of the 2018 International Conference on Software and System Process. 2018. 16. Huang, Kaixing, et al. "Assessing the physical impact of cyberattacks on industrial cyber-physical systems." IEEE Transactions on Industrial Electronics 65.10 (2018): 8153-8162. 17. ISO/IEC 15408, "Information technology - Security techniques - Evaluation criteria for IT security(CC)." 18. ISO/IEC 27001, "Information Security Management(ISMS)." 19. ISO/IEC 27701, "Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management (PIMS).“ 20. Koschuch, Manuel, et al. "Safety & Security in the Context of Autonomous Driving." 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE). IEEE, 2019. 21. Kriaa, Siwar, et al. "A survey of approaches combining safety and security for industrial control systems." Reliability engineering & system safety 139 (2015): 156-178. 22. Kriaa, Siwar, et al. "A survey of approaches combining safety and security for industrial control systems." Reliability engineering & system safety 139 (2015): 156-178. 23. Lee, Younghwa, Jintae Lee, and Zoonky Lee. "Integrating software lifecycle process standards with security engineering." Computers & Security 21.4 (2002): 345-355. 24. Lisova, Elena, Irfan Šljivo, and Aida Čaušević. "Safety and security co-analyses: A systematic literature review." IEEE Systems Journal 13.3 (2018): 2189-2200. 25. Mellado, Daniel, Eduardo Fernández –Medina, and Mario Piattini. " A common criteria based security requirements engineering process for the development of secure information systems." Computer standards & interfaces 29.2 (2007): 244-253. 26. Mesquida, Antoni Lluís, and Antonia Mas. "Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension." Computers & Security 48 (2015): 19-34. 27. Michailidis, Alexander, et al. "Test front loading in early stages of automotive software development based on AUTOSAR." 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010). IEEE, 2010. 28. Microsoft, "Security Development Lifecycle - SDL Process Guidance Version 5.2", 2012
  • 38. 38/39 Reference 29. Mir, Talhah Munawar, et al. "Threat analysis and modeling during a software development lifecycle of a software application." U.S. Patent No.8091065. 2012. 30. Mohammed, Nabil M., et al. "Exploring software security approaches in software development lifecycle: A systematic mapping study." Computer Standards & Interfaces 50 (2017): 107-115. 31. Morrison, Patrick, et al. "Mapping the field of software life cycle security metrics." Information and Software Technology 102 (2018): 146-159. 32. Nayerifard, Tahereh, Nasser Modiri, and Sam Jabbehdari. "An Approach for Software Security Evaluation Based on ISO/IEC 15408 in the ISMS Implementation." International Journal of Computer Science and Information Security 11.9 (2013): 7. 33. NIST, "NIST Special Publication 800-37 Revision 2 – Risk Management Framework for Information Systems and Organizations." 34. Oka, Dennis Kengo, Tommi Makila, and Rikke Kuipers. "Integrating Application Security Testing Tools into ALM Tools in the Automotive Industry." 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2019. 35. OWASP, "Comprehensive, Lightweight Application Security Process." 36. OWASP, "Software Assurance Maturity Model 2.0 – A guide to building." 37. Pricop, Emil, Sanda Florentina Mihalache, and Jaouhar Fattahi. "Innovative fuzzy approach on analyzing industrial control systems security." Recent Advances in Systems Safety and Security. Springer, Cham, 2016. 223-239. 38. Sabaliauskaite, Giedre, Sridhar Adepu, and Aditya Mathur. "A six-step model for safety and security analysis of cyber-physical systems." International Conference on Critical Information Infrastructures Security. Springer, Cham, 2016. 39. SAE, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems” 40. SAFECode, “Fundamental Practices for Secure Software Development 2nd Edition” 41. Sánchez-Gordón, Mary-Luz, et al. "Towards the Integration of Security Practices in the Software Implementation Process of ISO/IEC 29110: A Mapping." European Conference on Software Process Improvement. Springer, Cham, 2017. 42. Schilder, Marius, et al. "Secure device state apparatus and method and lifecycle management." U.S. Patent No.10223531. 2018. 43. Schmittner, Christoph, Zhendong Ma, and Erwin Schoitsch. "Combined safety and security development lifecylce." 2015 IEEE 13th International Conference on Industrial Informatics (INDIN). IEEE, 2015. 44. Sheikhpour, Razieh, and Nasser Modiri. "A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management." Indian journal of science and technology 5.2 (2012): 2170-2176. 45. Silke Holtmanns and Rune Lindholm, "Enhanced lifecycle management of security module", Patent Application No.CN103988530A. 2018. 46. Skoglund, Martin, Fredrik Warg, and Behrooz Sangchoolie. "In Search of Synergies in a Multi-concern Development Lifecycle: Safety and Cybersecurity." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2018. 47. Takahira, Ricardo Y., et al. "Scrum and Embedded Software development for the automotive industry." Proceedings of PICMET'14 Conference: Portland International Center for Management of Engineering and Technology; Infrastructure and Service Integration. IEEE, 2014. 48. Tiirik, Karl. "Comparison of SDL and Touchpoints." Last retrieved 11 (2004): 16-18. 49. United States Congress, "NIST SP 800-64 Revision 2 – Security Considerations in the System Development Life Cycle", 2019 50. Verma, Siddhartha, et al. "Combined Approach for Safety and Security." International Conference on Computer Safety, Reliability, and Security. Springer, Cham, 2019. 51. Vincent, Benjamin, and Ariel Gordon. "Security configuration lifecycle account protection for minors." U.S. Patent Application No.16022554. 2020 52. Wilcock, Lawrence, et al. "Automated lifecycle management of a computer implemented service." U.S. Patent No.8312419. 2012. 53. Wolff, Carsten, et al. "AMALTHEA—Tailoring tools to projects in automotive software development." 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). Vol. 2. IEEE, 2015. 54. Yi, Shengwei, et al. "A safety-security assessment approach for communication-based train control (cbtc) systems based on the extended fault tree." 2018 27th International Conference on Computer Communication and Networks (ICCCN). IEEE, 2018. 55. Young, William, and Nancy G. Leveson. "An integrated approach to safety and security based on systems theory." Communications of the ACM 57.2 (2014): 31-35. 56. Zhang, Yanan, et al. "Test and Evaluation System for Automotive Cybersecurity." 2018 IEEE International Conference on Computational Science and Engineering (CSE). IEEE, 2018.
  • 39. 39/39 Application of the Common Criteria to Building Trustworthy Automotive SDLC This research was supported by the MSIT(Ministry of Science and ICT), Korea, under the ITRC(Information Technology Research Center) support program(IITP-2020-2015-0- 00403)supervised by the IITP(Institute for Information &communications Technology Planning &Evaluation) Seungyeon Jeong, Sooyoung Kang, Seungjoo Kim sodon513@gmail.com Department of Automotive Convergence, Korea University bbang814@gmail.com CIST (Center for Information Security Technologies), School of Cybersecurity, Korea University skim71@korea.ac.kr *Corresponding Author CIST (Center for Information Security Technologies), School of Cybersecurity, Korea University
  • 40. 40/39 Appendix A ▪ Effectiveness of TA_SDLC • Comparative analysis with existing researches ✓ We compared TA_SDLC with existing researches by TA_SDLC requirements. ✓ TA_SDLC considers the aspect of trustworthiness and consists of detailed activities derived by the existing secure SDLC standards and evidence-based approaches. Features Existing secure SDLC Relevant studies TA_SDLCMicrosoft SDL NIST SSDLC OWASP CLASP SAE J3061 Takahir a et al. Young et al. Schmi- ttner et al. Skogl- und et al. Kosch- uch et al 1 Targets on system X O X O O O O O O O 2 Includes the procedure of third-party components acquisition X O O O X X X X X O 3 Considers aspect of trustworthiness X X X O O O O O O O 4 Satisfies the level of safety and security required by automotive development X X X X X X X X X O 5 Ensures traceability between phases O O X O X X O X X O 6 Provides detailed activities for every phase of the process (phase num./activity num.) 8/34 9/36 9/21 9/26 6/13 0/0 7/28 2/8 0/0 10/50
  • 41. 41/39 Appendix A ▪ Effectiveness of TA_SDLC • Comparative analysis with UNECE regulation requirements ✓ We mapped a total of 16 requirements of UNECE regulation related to the development process to each TA_SDLC activity. ✓ TA_SDLC can be used for certification of the UNECE regulation. UNECE regulation requirements (7.2. Requirements for the CSMS(Cyber Security Management System)) TA_SDLC activities(activity number) 1 The vehicle manufacturer shall have a CSMS in place and shall comply with this Regulation. Total 2 The vehicle manufacturer shall demonstrate that their CSMS applies to the development phase. Total 3 CSMS shall include the processes used within the manufacturer’s organization to manage cyber security. Total 4 CSMS shall include the processes used for the identification of risks to vehicles. 3.1.1/3.1.2/5.2.1/ 5.2.3 5 CSMS shall include the processes used for the assessment, categorization and treatment of the risks identified. 5.2.2/5.2.3 6 The vehicle manufacturer shall demonstrate how their CSMS will manage dependencies that may exist with contracted suppliers, service providers or manufacturer’s sub-organizations. 4.1.1/4.1.2/4.2.1 7 CSMS ensure security shall include the processes used for testing the cyber security of a vehicle. 7.1.1/7.1.2/7.1.3/7.1.4 8 CSMS ensure security shall include the processes in place to verify that the risks identified are appropriately managed. 7.2.1/9.1.1/9.1.2/9.3.1 9 The vehicle manufacturer shall demonstrate that their CSMS applies to the production phase. 8.1.1/8.1.2/8.1.3 10 The vehicle manufacturer shall demonstrate that the processes that include the capability to analyze and detect cyber threats, vulnerabilities and cyber-attacks from vehicle data and vehicle logs. 9.1.1/9.1.2/9.2.1 11 CSMS shall include the processes used for ensuring that the risk assessment is kept current. 9.2.4/9.3.1 12 CSMS shall include the processes used to monitor for, detect and respond to cyber-attacks, cyber threats and vulnerabilities on vehicles. 9.1.1/9.1.2/9.2.1/9.2.2/9.2.3/9.2.4/9.3.1 13 CSMS shall include the processes used to assess whether the cyber security measures implemented are still effective in the light of new cyber threats and vulnerabilities that have been identified. 7.2.1/9.2.3 14 The vehicle manufacturer shall demonstrate that the processes used within their CSMS will ensure that cyber threats and vulnerabilities which require a response from the vehicle manufacturer shall be mitigated within a reasonable timeframe. 9.2.1/9.2.2/9.2.3/9.2.4 15 The vehicle manufacturer shall demonstrate that the processes that include vehicles after first registration in the monitoring. 9.1.1/9.1.2 16 The vehicle manufacturer shall demonstrate that their CSMS applies to the post-production phase. 8.1.1/8.1.2/8.1.3/8.2.1/8.3.1/9.1.1/9.1.2/9.2.1/9.2.2/9.2. 3/9.2.4/9.3.1/10.1.1/10.2.1
  • 42. 42/39 Appendix B ▪ TA_SDLC Requirements • A total of 4 requirements of TA_SDLC were derived. ✓ They were selected based on the characteristics of automotive development. ※ Third-party component: components developed and utilized by other companies Hardware Software System OEMs do not develop all components of a vehicle on their own but acquire components from partners such as 1-tier and 2-tier. ① Targets on a system(Software and Hardware) ② Includes the procedure of third-party components acquisition ① Targets on system ② Includes the procedure of third-party components acquisition ③ Ensures traceability between phases ④ Provides detailed activities and the evidence templates for every phase of the process(depth=2)
  • 43. 43/39 Appendix B ▪ TA_SDLC Requirements • A total of 4 requirements of TA_SDLC were derived. ✓ They were selected based on the characteristics of automotive development. ※ Traceability: To ensure consistency in the results between phases so that we can trace back to the initial cause when a security problem occurs ※ Depth: Indicators for the degree of activities detail defined in this study Depth = 0 Depth = 1 Depth = 2 Verification Implemen- tation Design Requirements Analysis Operation Traceability Problem occurs ③ Ensures traceability between phases ④ Provides detailed activities and the evidence templates for every phase of the process(depth=2) ① Targets on system ② Includes the procedure of third-party components acquisition ③ Ensures traceability between phases ④ Provides detailed activities and the evidence templates for every phase of the process(depth=2)
  • 44. 44/39 Appendix C ▪ Trustworthiness • Functional Correctness + Safety Integrity + Security Assurance • Functional Correctness ✓ The product operates exactly as designed • Safety Integrity ✓ Errors that occur inside the product are not exposed externally and can harm users • Security Assurance ✓ confidentiality: authorized users only have access to information assets of the system ✓ integrity: the system is fully preserved without inappropriate change or destruction of information ✓ availability: access to and use of system information at any time users want C IFunctional Safety = Functional Correctness + Safety Integrity A Security Assurance = Confidentiality + Integrity + Availability = + +