SlideShare a Scribd company logo

2020 safecomp-sep18

K
Kenji Taguchi

Proposal for a novel security analysis method on safety concept (ISO 26262) modelled in SCDL (Safety Concept Description Language).

1 of 24
Download to read offline
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. THREAT ANALYSIS FRAMEWORK FOR SAFETY ARCHITECTURES IN SCDL KENJI TAGUCHI (CAV), RYO KURACHI (NAGOYA UNI), KIYOSHI SASAKI (MARELLI), NOBUHIKO NAKAMURA (VECTOR), KAZUKI TOMONAGA (MITUBISHI ELECTRIC), SHUHEI YAMASHITA (DNV) 18 SEP 2020
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Background • Cybersecurity threats have become a reality for safety critical systems such as automobiles, railways and avionics, witnessing cybersecurity incidents and POC reports from white hackers. • Threat analysis for safety critical systems needs to assess an effect caused by threats against safety. • How to integrate the system development lifecycle for functional safety and cybersecurity has not been well established yet.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Main Challenges • Proposal for Security threat analysis framework at the concept phase in ISO 26262 ‒ This assume that Identification of essential ingredients on threat analysis and their adaptation to the security threat analysis framework. Analysis on security threats against safety concepts (safety goals, functional safety requirements within abstract safety architecture). Analysis on effects of security threats against safety mechanism/architecture. Protection against safety goal violation Analysis on protection against security threats by safety mechanism/architecture.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. • Jeep Cherokee was remotely hacked by C. Miller and C. Valasek ‒ Black Hat 2015, Remote Exploitation of an Unaltered Passenger Vehicle, 2015 • Attack vectors ‒ Remote attack  No direct injection of CAN messages on the CAN Bus.  Remote access via Infotainment device ‒ Spoof CAN messages  Enforce an ECU into diagnostic mode and spoof the control messages from it. • Safety mechanism against security threat! ‒ An ECU can only be put under diagnostic mode at a low speed. ‒ A safety mechanism somehow defends an ECU from this attack vector. Jeep Cherokee Hack Tesla Model S Hack • Hack on Tesla Model S was remotely hacked by Tencent ‒ Black Hat 2016, Free-Fall: Hacking Tesla From Wireless to CAN Bus • Attack vectors ‒ Remote attack  via Infotainment system  Used vulnerabilities commonly found in IT ‒ Spoof CAN messages  Spoof control messages to ECUs • Defended by safety mechanism! ‒ Some ECUs do not respond under driving mode
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Safety Mechanisms Against Security Threats Safety mechanism against hazard hazard Safety mechanism Security threat causes hazard hazardthreat Jeep/Tesla Hack hazardthreat Safety mechanism
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Assumed Process • Several ways to integrate processes for the system development (for system function), safety development (for safety mechanisms) and security development (for security mechanism). • The process we assumed in this paper is basically the safety-first process, where safety architecture has been already modelled in SCDL. 1) Simultaneous development 2) Trade-off development Trade-off 3) Our process ISO 26262
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. SCDL (Safety Concept Description Language) • ISO 26262 requires the safety concept, which is “specification of the functional safety requirements, with associated information, their allocation to architectural elements, and their interaction necessary to achieve the safety goals”. • The SCDL aims to provide the intuitive semi-formal notation with the rigorous background (meta-model) for the safety concept which faithfully and precisely follows ISO 26262. • The language specification has been developed by the SCN-SG (Safety Concept Nation Study Group) formed by engineers from OEMs, suppliers, tool vendors, etc. • International standardization of the SCDL is under way at ASAM (Association for Standardization of Automation and Measuring Systems). • Some OEMs and suppliers have been using the SCDL for the development of safety concepts in ISO 26262. ‒ SCN-SG members from more than 100 companies and organizations ‒ First version of specification documents 650 downloads for far (2020 Feb) • Current status ‒ SCDL specification  English version v. 1.4, 2018  Japanese version v. 1.5, 2020 • Currently available toos. ‒ Add-in tool on Enterprise Architect (Sparx Systems) ‒ Safilia (Gaio Tech) ‒ Astah System Safety (Change vision)
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Basic Symbols of SCDL • Requirement notation ‒ Functionalities, roles, and behaviors ‒ Weighting (assigned ASIL) [Requirements] [Interaction] Example • Element notation ‒ Systems, sub-systems, components, units, modules, etc ‒ Weighting (assigned ASIL) [Elements] • Interaction notation ‒ Relationship between requirements such as information, signals, messages, etc. [System boundary interaction] • System boundary interaction notation ‒ Relationship between requirements and interactions from/to the outside of the system/item Remark: These figures are copyrighted by SCN-SG presentation slides.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Some Auxiliary Notations Unique to SCDL [Requirement group] • A collection of requirements within a certain grouping [Pairing] • Linking constraints to paring between requirements groups • Coexistence of requirements with different ASIL (no interference assumed) • the independence requirement in “Pairing” with constraints (no interference assumed) Remark: These figures are copyrighted by SCN-SG presentation slides.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Case Study • This is a very simplified system of “Parking Assist System” which consists of several elements with requirements and interactions among them. ‒ Parking Assist System (ITEM-1) = Smartphone (EL-1) + Vehicle (EL-2) ‒ Vehicle (EL-2) = Gateway (EL-3) + Parking Assist ECU (EL-4) + Control System (EL-5) + Locator ECU (EL-6) + Environment Recognition (EL-7) Non-functional safety requirement Main Functionality (Intended Functionality) Safety Mechanism
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Criteria on threat analysis 1. Where does an attack come from? => Attack surface 2. What should be protected from an attack? => Asset ‒ Assets are classified into functional assets and information assets 3. What boundary should be protected from an attack? => Trust boundary 4. How does an attack reach the target? => Attack path/Attack scenario 5. What kind of attacks are possible? => Attack identification 6. How many attacks are necessary? => Multiple attacks 1. Attack surface => Interactions and system boundary interactions 2. Asset => Requirements for functional assets and interactions for information assets 3. Trust boundary => Boundary of an element 4. Attack path => Any path comprising requirements and interactions 5. Attack identification => Typical attack categories such as STRIDE 6. Multiple attacks => Combination of attacks on attack surfaces and/or assets Interpretation of those modeling elements for threats in SCDL Remark: No explicit model element for data in SCDL
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Security Analysis: Trust Boundary and Attack Surface • The trust boundary of this system can be regarded as Vehicle itself, e.g., EL-2. • Any interactions between this boundary and outside can be regarded as an entry point of potential attacks (Attack surfaces). ‒ Map Data (System boundary interaction) ‒ Positioning Information (System boundary interaction) ‒ Sensor Input (System boundary interaction) ‒ On/NOGO (Interaction) Attack Surfaces Trust boundary
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Security Analysis: Assets • Assets are classified under functional and information assets. [Information assets] [Functional assets] [Identified attack surfaces]
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Identified potential attacks by STRIDE : Attack Surfaces • STRIDE is a collection of typical threats, i.e., Spoofing, Tampering, Repudiation, Information disclosure, Denial of Services and Elevation of privilege used in SDL (Secure Development Lifecycle) by Microsoft. • STRIDE is applied to identified attack surfaces and assets Spoofing Positioning Information (e.g., GSP spoofing) Typical examples: Tampering Map data (e.g., tampering coordinates) Information disclosure of GO/NOGO commands (e.g., eavesdropping the command GO/NOGO) Denial of Service of Sensor Input (e.g., Disturbance against ultrasonic sensor)
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Identified potential attacks by STRIDE: Assets Tampering Command Checking (e.g., change its functionality) Typical examples: Denial of Service of Control value generation (e.g., delay the function) Escalation of privilege against Monitor (e.g., Override the function)
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Safety Goal and Safety Goal violation • Safety Goal ‒ The item does not generate unintended control values (actuation) against user intention. ‒ The safety goal violation could be judged by the outer-most output, in this case Control values (actuation) User intention Control values (actuation)
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #1 Attack starting with “Spoofing User operation” could be prevented by “FR-6: Judgement”. 1: Spoof User operation 2: GO/NOGO is transferred 3: Pre command is transferred FR-6 judges whether the parking place is appropriate using Map Data and Location Data.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #2 Multiple attacks with “Spoofing User operation” and “Tampering Map Data” could be prevented by “FSR-3: Control Value Generation” with “Environment Recognition Data”. 1-1: Spoof User operation 1-2: GO/NOGO is transferred 1-3: Pre command is transferred FSR-3 senses the surrounding environment from Sensor Input and might detect some obstacles. 2-1:Tamper Map Data 2-2:Map Data is transferred 2-3: GO/NOGO is transffered
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #3 Multiple attacks with “Spoofing User operation”, “Tampering Map Data” and “Spoof Sensor Input” could not be prevented by any safety mechanism and causes the safety goal violation. 1-1: Spoof User operation 1-2: GO/NOGO is transferred 1-3: Pre command is transferred 2-1:Tamper Map Data 2-2:Map Data is transferred 2-3: GO/NOGO is transferred 3-1:Spoof Sensor Input 3-2: Environment Recognition Data is transferred The rest of interactions are all transferred. Unintended control value/actuation is generated
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Related Work • Only limited to Architecture Description Language (AD) with security extension related to automotive systems. • EAST-ADL ‒ Developed under ITEA EAST-EEA ‒ Integration of AUTOSAR ‒ SAM (Security Abstraction Model) for a meta-model for security properties. ‒ No specific threat analysis technique for safety architecture nor any relationship between safety and security. • AADL ‒ Developed by SAE and CMU/SEI ‒ Error Mode Annex for error models and Security Annex for security model ‒ Security Annex is based on MILS architecture and applied to avionics ‒ No work on safety and security interactions. • SysML ‒ cp/TARA is an integrated threat analysis tool ‒ Security extensions of SysML block definition diagrams (assets, attack surfaces, etc) and requirements diagrams (functional security req. following SAE J3061). ‒ No work on safety and security interactions.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Concluding Remarks and Future Directions • We proposed the security threat analysis framework for SCDL, which can help identify potential threats against safety concepts modelled in SCDL. ‒ Effects by security threats against safety architecture/mechanism can be analyzed. ‒ This framework provides TARA (Threat Analysis and Risk Assessment) at the concept phase in ISO 26262. RA part has not been achieved yet. • Future directions include the followings: ‒ Feedback loop to functional safety activities after threat analysis is carried out (including feasibility study on cybersecurity concept in SCDL). ‒ Possible yet effective integration of functional safety (ISO 26262) and security processes (ISO/SAE 21434). ‒ Further adaptation of this framework towards activities to follow (e.g., system level) in ISO 26262.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Thank you for your attention! Acknowledgements to all members of SCDL Security SWG, particularly Mr. T. Muramatsu and F. Kohno for the discussion on the issues addressed in this paper.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Basic Concept Related to Safety • Safety related concepts such as hazard, accident, risk, failure have different definitions and understanding in industries and countries. • Definitions (from ISO 26262) ‒ Hazard  potential source of harm caused by malfunctioning behaviour of the item ‒ Safety mechanism  technical solution implemented by E/E functions or elements, or by other technologies, to detect faults or control failures in order to achieve or maintain a safe state.  Remark: Safety mechanism includes simple monitor-arbitration logic to more complex fault tolerant/redundancy mechanisms hazard Safety mechanism Examples of hazard: 1) Overheat of battery charging device causes its explosion and/or make burns. 2) ECU produces unintended assist torque. The following simplified figure is used to represent safety mechanism against hazard.
copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Threat and Hazard: How Do They Interact Each Other? • There is no clear and definitive definition on how threat and hazard are related each other. • Definitions (from J3061) ‒ Threat  A circumstance or event with the potential to cause harm, where harm may be with respect to financial, reputation, privacy, safety, or operational. • We take that a hazard may be caused by threat as a working assumption. Hazard: Overheat of battery charging device causes its explosion and/or makes burns. Threat (action): Malware causes malfunction of battery charging device. Hazard: ECU produces unintended assist torque. Threat (action): Control message is spoofed. hazardthreat That a threat causes a hazard relationship

Recommended

Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
Medical Device Threat Modeling with Templates
Medical Device Threat Modeling with TemplatesMedical Device Threat Modeling with Templates
Medical Device Threat Modeling with Templates
Priyanka Aash
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
Real-Time Innovations (RTI)
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Embitel Technologies (I) PVT LTD
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinar
محمدعبد الحى
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd Edition
Cedric Heller
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
Tonex
 
ASIL
ASILASIL
ASIL
Kapil Deb
 

Recommended

Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Waise 2021 Uber ATG Safety Case Framework and ANSI/UL 4600
Kenji Taguchi
 
Medical Device Threat Modeling with Templates
Medical Device Threat Modeling with TemplatesMedical Device Threat Modeling with Templates
Medical Device Threat Modeling with Templates
Priyanka Aash
 
ISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software ComponentsISO 26262 Approval of Automotive Software Components
ISO 26262 Approval of Automotive Software Components
Real-Time Innovations (RTI)
 
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional SafetyFrequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Frequently Asked Question (FAQ's) on ISO 26262 Functional Safety
Embitel Technologies (I) PVT LTD
 
Iso26262 component reuse_webinar
Iso26262 component reuse_webinarIso26262 component reuse_webinar
Iso26262 component reuse_webinar
محمدعبد الحى
 
ISO 26262 2nd Edition
ISO 26262 2nd EditionISO 26262 2nd Edition
ISO 26262 2nd Edition
Cedric Heller
 
Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019Automotive functional safety iso 26262 training bootcamp 2019
Automotive functional safety iso 26262 training bootcamp 2019
Tonex
 
ASIL
ASILASIL
ASIL
Kapil Deb
 
Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
CISEC
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
How to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU'sHow to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU's
Renesas America
 
Autosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptxAutosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptx
fallleaf1104
 
ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)
Hongseok Lee
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Intland Software GmbH
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
Intland Software GmbH
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
Intland Software GmbH
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCORE
ARCCORE
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
Bryan Len
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
Bernhard Kaiser
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
WillianMachadoFonsec
 
Resume
ResumeResume
Resume
naveen kumar
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
ICS
 
Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
Kenji Taguchi
 
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Kenji Taguchi
 

More Related Content

What's hot

Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
Seungjoo Kim
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
CISEC
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
DevOps.com
 
How to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU'sHow to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU's
Renesas America
 
Autosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptxAutosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptx
fallleaf1104
 
ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)
Hongseok Lee
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Intland Software GmbH
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
Intland Software GmbH
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
Intland Software GmbH
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
Automotive IQ
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCORE
ARCCORE
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
Bryan Len
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
Bernhard Kaiser
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
WillianMachadoFonsec
 
Resume
ResumeResume
Resume
naveen kumar
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
ICS
 

What's hot (20)

Assurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC ProcessAssurance-Level Driven Method for Integrating Security into SDLC Process
Assurance-Level Driven Method for Integrating Security into SDLC Process
 
20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc20131216 cisec-standards-jp blanquart-jmastruc
20131216 cisec-standards-jp blanquart-jmastruc
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
 
How to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU'sHow to Apply Functional Safety to Autosar ECU's
How to Apply Functional Safety to Autosar ECU's
 
Autosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptxAutosar-software-component_0hg.pptx
Autosar-software-component_0hg.pptx
 
ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)ISO26262-6 Software development process (Ver 3.0)
ISO26262-6 Software development process (Ver 3.0)
 
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
Compliance with medical standards iec 62304, iso 14971, iec 60601, fda title ...
 
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance 19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
19 Jun 2018 - Hazard Analysis and Functional Safety Compliance
 
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous VehiclesISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
ISO/PAS 21448 (SOTIF) in the Development of ADAS and Autonomous Vehicles
 
MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines - MISRA Safety Case Guidelines -
MISRA Safety Case Guidelines -
 
Autosar basics by ARCCORE
Autosar basics by ARCCOREAutosar basics by ARCCORE
Autosar basics by ARCCORE
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in AzureSecure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
 
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity EngineeringISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
ISO Automotive,SAE 21434 Training, Road Vehicles Cybersecurity Engineering
 
An integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safetyAn integrative solution towards SOTIF and AV safety
An integrative solution towards SOTIF and AV safety
 
Industrial_Cyber_Security
Industrial_Cyber_SecurityIndustrial_Cyber_Security
Industrial_Cyber_Security
 
Resume
ResumeResume
Resume
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up Secure Your Medical Devices From the Ground Up
Secure Your Medical Devices From the Ground Up
 

Similar to 2020 safecomp-sep18

Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
Kenji Taguchi
 
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
Kenji Taguchi
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
CA_Module_2.pdf
CA_Module_2.pdfCA_Module_2.pdf
CA_Module_2.pdf
EhabRushdy1
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kuniyasu Suzaki
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
Alan Tatourian
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
IRJET Journal
 
Security engineering
Security engineeringSecurity engineering
Security engineering
OWASP Indonesia Chapter
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020
Abhik Roychoudhury
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
BATbern
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
Ignyte Assurance Platform
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...
Vsevolod Shabad
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
IRJET Journal
 

Similar to 2020 safecomp-sep18 (20)

Cav Taguchi autosec china slides
Cav Taguchi autosec china slidesCav Taguchi autosec china slides
Cav Taguchi autosec china slides
 
WESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV TaguchiWESPr 18 presentation slides CAV Taguchi
WESPr 18 presentation slides CAV Taguchi
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Slide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and MitigationsSlide Griffin - Practical Attacks and Mitigations
Slide Griffin - Practical Attacks and Mitigations
 
CA_Module_2.pdf
CA_Module_2.pdfCA_Module_2.pdf
CA_Module_2.pdf
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Safe and secure autonomous systems
Safe and secure autonomous systemsSafe and secure autonomous systems
Safe and secure autonomous systems
 
Advance security in cloud computing for military weapons
Advance security in cloud computing for military weaponsAdvance security in cloud computing for military weapons
Advance security in cloud computing for military weapons
 
Security engineering
Security engineeringSecurity engineering
Security engineering
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...How can a successful SOC2-compliant ISMS be built without power, money and a...
How can a successful SOC2-compliant ISMS be built without power, money and a...
 
Comparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment ToolsComparative study of Cyber Security Assessment Tools
Comparative study of Cyber Security Assessment Tools
 

Recently uploaded

EV Charging at MFH Properties by Whitaker Jamieson
EV Charging at MFH Properties by Whitaker JamiesonEV Charging at MFH Properties by Whitaker Jamieson
EV Charging at MFH Properties by Whitaker Jamieson
Forth
 
Expanding Access to Affordable At-Home EV Charging by Vanessa Warheit
Expanding Access to Affordable At-Home EV Charging by Vanessa WarheitExpanding Access to Affordable At-Home EV Charging by Vanessa Warheit
Expanding Access to Affordable At-Home EV Charging by Vanessa Warheit
Forth
 
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
MarynaYurchenko2
 
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdfMODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
ShanthiniSellamuthu
 
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
afkxen
 
EV Charging at Multifamily Properties by Kevin Donnelly
EV Charging at Multifamily Properties by Kevin DonnellyEV Charging at Multifamily Properties by Kevin Donnelly
EV Charging at Multifamily Properties by Kevin Donnelly
Forth
 
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
78tq3hi2
 
Charging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
Charging and Fueling Infrastructure Grant: Round 2 by Brandt HertensteinCharging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
Charging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
Forth
 
Charging Fueling & Infrastructure (CFI) Program by Kevin Miller
Charging Fueling & Infrastructure (CFI) Program by Kevin MillerCharging Fueling & Infrastructure (CFI) Program by Kevin Miller
Charging Fueling & Infrastructure (CFI) Program by Kevin Miller
Forth
 
Here's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDsHere's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDs
jennifermiller8137
 
Hand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptxHand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptx
wstatus456
 
Kaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality EngineerspptxKaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality Engineerspptx
vaibhavsrivastava482521
 
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) RaipurAadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects
 
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
afkxen
 
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
78tq3hi2
 
EN Artificial Intelligence by Slidesgo.pptx
EN Artificial Intelligence by Slidesgo.pptxEN Artificial Intelligence by Slidesgo.pptx
EN Artificial Intelligence by Slidesgo.pptx
aichamardi99
 
Charging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
Charging Fueling & Infrastructure (CFI) Program Resources by Cat PleinCharging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
Charging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
Forth
 
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdfRACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
xmasmen4u
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
g1inbfro
 
Catalytic Converter theft prevention - NYC.pptx
Catalytic Converter theft prevention - NYC.pptxCatalytic Converter theft prevention - NYC.pptx
Catalytic Converter theft prevention - NYC.pptx
Blue Star Brothers
 

Recently uploaded (20)

EV Charging at MFH Properties by Whitaker Jamieson
EV Charging at MFH Properties by Whitaker JamiesonEV Charging at MFH Properties by Whitaker Jamieson
EV Charging at MFH Properties by Whitaker Jamieson
 
Expanding Access to Affordable At-Home EV Charging by Vanessa Warheit
Expanding Access to Affordable At-Home EV Charging by Vanessa WarheitExpanding Access to Affordable At-Home EV Charging by Vanessa Warheit
Expanding Access to Affordable At-Home EV Charging by Vanessa Warheit
 
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
53286592-Global-Entrepreneurship-and-the-Successful-Growth-Strategies-of-Earl...
 
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdfMODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
MODULE ONE PRPC19 Design of Machine Elements- 1 .pdf
 
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
一比一原版(Columbia文凭证书)哥伦比亚大学毕业证如何办理
 
EV Charging at Multifamily Properties by Kevin Donnelly
EV Charging at Multifamily Properties by Kevin DonnellyEV Charging at Multifamily Properties by Kevin Donnelly
EV Charging at Multifamily Properties by Kevin Donnelly
 
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
快速办理(napier毕业证书)英国龙比亚大学毕业证在读证明一模一样
 
Charging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
Charging and Fueling Infrastructure Grant: Round 2 by Brandt HertensteinCharging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
Charging and Fueling Infrastructure Grant: Round 2 by Brandt Hertenstein
 
Charging Fueling & Infrastructure (CFI) Program by Kevin Miller
Charging Fueling & Infrastructure (CFI) Program by Kevin MillerCharging Fueling & Infrastructure (CFI) Program by Kevin Miller
Charging Fueling & Infrastructure (CFI) Program by Kevin Miller
 
Here's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDsHere's Why Every Semi-Truck Should Have ELDs
Here's Why Every Semi-Truck Should Have ELDs
 
Hand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptxHand Gesture Control Robotic Arm using image processing.pptx
Hand Gesture Control Robotic Arm using image processing.pptx
 
Kaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality EngineerspptxKaizen SMT_MI_PCBA for Quality Engineerspptx
Kaizen SMT_MI_PCBA for Quality Engineerspptx
 
AadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) RaipurAadiShakti Projects ( Asp Cranes ) Raipur
AadiShakti Projects ( Asp Cranes ) Raipur
 
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
一比一原版(WashU文凭证书)圣路易斯华盛顿大学毕业证如何办理
 
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
原版制作(Exeter毕业证书)埃克塞特大学毕业证完成信一模一样
 
EN Artificial Intelligence by Slidesgo.pptx
EN Artificial Intelligence by Slidesgo.pptxEN Artificial Intelligence by Slidesgo.pptx
EN Artificial Intelligence by Slidesgo.pptx
 
Charging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
Charging Fueling & Infrastructure (CFI) Program Resources by Cat PleinCharging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
Charging Fueling & Infrastructure (CFI) Program Resources by Cat Plein
 
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdfRACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
RACI Matrix Managed Services on Cloud 08-11-19_AS.pdf
 
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
原版制作(澳洲WSU毕业证书)西悉尼大学毕业证文凭证书一模一样
 
Catalytic Converter theft prevention - NYC.pptx
Catalytic Converter theft prevention - NYC.pptxCatalytic Converter theft prevention - NYC.pptx
Catalytic Converter theft prevention - NYC.pptx
 

2020 safecomp-sep18

  • 1. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. THREAT ANALYSIS FRAMEWORK FOR SAFETY ARCHITECTURES IN SCDL KENJI TAGUCHI (CAV), RYO KURACHI (NAGOYA UNI), KIYOSHI SASAKI (MARELLI), NOBUHIKO NAKAMURA (VECTOR), KAZUKI TOMONAGA (MITUBISHI ELECTRIC), SHUHEI YAMASHITA (DNV) 18 SEP 2020
  • 2. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Background • Cybersecurity threats have become a reality for safety critical systems such as automobiles, railways and avionics, witnessing cybersecurity incidents and POC reports from white hackers. • Threat analysis for safety critical systems needs to assess an effect caused by threats against safety. • How to integrate the system development lifecycle for functional safety and cybersecurity has not been well established yet.
  • 3. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Main Challenges • Proposal for Security threat analysis framework at the concept phase in ISO 26262 ‒ This assume that Identification of essential ingredients on threat analysis and their adaptation to the security threat analysis framework. Analysis on security threats against safety concepts (safety goals, functional safety requirements within abstract safety architecture). Analysis on effects of security threats against safety mechanism/architecture. Protection against safety goal violation Analysis on protection against security threats by safety mechanism/architecture.
  • 4. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. • Jeep Cherokee was remotely hacked by C. Miller and C. Valasek ‒ Black Hat 2015, Remote Exploitation of an Unaltered Passenger Vehicle, 2015 • Attack vectors ‒ Remote attack  No direct injection of CAN messages on the CAN Bus.  Remote access via Infotainment device ‒ Spoof CAN messages  Enforce an ECU into diagnostic mode and spoof the control messages from it. • Safety mechanism against security threat! ‒ An ECU can only be put under diagnostic mode at a low speed. ‒ A safety mechanism somehow defends an ECU from this attack vector. Jeep Cherokee Hack Tesla Model S Hack • Hack on Tesla Model S was remotely hacked by Tencent ‒ Black Hat 2016, Free-Fall: Hacking Tesla From Wireless to CAN Bus • Attack vectors ‒ Remote attack  via Infotainment system  Used vulnerabilities commonly found in IT ‒ Spoof CAN messages  Spoof control messages to ECUs • Defended by safety mechanism! ‒ Some ECUs do not respond under driving mode
  • 5. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Safety Mechanisms Against Security Threats Safety mechanism against hazard hazard Safety mechanism Security threat causes hazard hazardthreat Jeep/Tesla Hack hazardthreat Safety mechanism
  • 6. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Assumed Process • Several ways to integrate processes for the system development (for system function), safety development (for safety mechanisms) and security development (for security mechanism). • The process we assumed in this paper is basically the safety-first process, where safety architecture has been already modelled in SCDL. 1) Simultaneous development 2) Trade-off development Trade-off 3) Our process ISO 26262
  • 7. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. SCDL (Safety Concept Description Language) • ISO 26262 requires the safety concept, which is “specification of the functional safety requirements, with associated information, their allocation to architectural elements, and their interaction necessary to achieve the safety goals”. • The SCDL aims to provide the intuitive semi-formal notation with the rigorous background (meta-model) for the safety concept which faithfully and precisely follows ISO 26262. • The language specification has been developed by the SCN-SG (Safety Concept Nation Study Group) formed by engineers from OEMs, suppliers, tool vendors, etc. • International standardization of the SCDL is under way at ASAM (Association for Standardization of Automation and Measuring Systems). • Some OEMs and suppliers have been using the SCDL for the development of safety concepts in ISO 26262. ‒ SCN-SG members from more than 100 companies and organizations ‒ First version of specification documents 650 downloads for far (2020 Feb) • Current status ‒ SCDL specification  English version v. 1.4, 2018  Japanese version v. 1.5, 2020 • Currently available toos. ‒ Add-in tool on Enterprise Architect (Sparx Systems) ‒ Safilia (Gaio Tech) ‒ Astah System Safety (Change vision)
  • 8. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Basic Symbols of SCDL • Requirement notation ‒ Functionalities, roles, and behaviors ‒ Weighting (assigned ASIL) [Requirements] [Interaction] Example • Element notation ‒ Systems, sub-systems, components, units, modules, etc ‒ Weighting (assigned ASIL) [Elements] • Interaction notation ‒ Relationship between requirements such as information, signals, messages, etc. [System boundary interaction] • System boundary interaction notation ‒ Relationship between requirements and interactions from/to the outside of the system/item Remark: These figures are copyrighted by SCN-SG presentation slides.
  • 9. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Some Auxiliary Notations Unique to SCDL [Requirement group] • A collection of requirements within a certain grouping [Pairing] • Linking constraints to paring between requirements groups • Coexistence of requirements with different ASIL (no interference assumed) • the independence requirement in “Pairing” with constraints (no interference assumed) Remark: These figures are copyrighted by SCN-SG presentation slides.
  • 10. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Case Study • This is a very simplified system of “Parking Assist System” which consists of several elements with requirements and interactions among them. ‒ Parking Assist System (ITEM-1) = Smartphone (EL-1) + Vehicle (EL-2) ‒ Vehicle (EL-2) = Gateway (EL-3) + Parking Assist ECU (EL-4) + Control System (EL-5) + Locator ECU (EL-6) + Environment Recognition (EL-7) Non-functional safety requirement Main Functionality (Intended Functionality) Safety Mechanism
  • 11. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Criteria on threat analysis 1. Where does an attack come from? => Attack surface 2. What should be protected from an attack? => Asset ‒ Assets are classified into functional assets and information assets 3. What boundary should be protected from an attack? => Trust boundary 4. How does an attack reach the target? => Attack path/Attack scenario 5. What kind of attacks are possible? => Attack identification 6. How many attacks are necessary? => Multiple attacks 1. Attack surface => Interactions and system boundary interactions 2. Asset => Requirements for functional assets and interactions for information assets 3. Trust boundary => Boundary of an element 4. Attack path => Any path comprising requirements and interactions 5. Attack identification => Typical attack categories such as STRIDE 6. Multiple attacks => Combination of attacks on attack surfaces and/or assets Interpretation of those modeling elements for threats in SCDL Remark: No explicit model element for data in SCDL
  • 12. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Security Analysis: Trust Boundary and Attack Surface • The trust boundary of this system can be regarded as Vehicle itself, e.g., EL-2. • Any interactions between this boundary and outside can be regarded as an entry point of potential attacks (Attack surfaces). ‒ Map Data (System boundary interaction) ‒ Positioning Information (System boundary interaction) ‒ Sensor Input (System boundary interaction) ‒ On/NOGO (Interaction) Attack Surfaces Trust boundary
  • 13. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Security Analysis: Assets • Assets are classified under functional and information assets. [Information assets] [Functional assets] [Identified attack surfaces]
  • 14. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Identified potential attacks by STRIDE : Attack Surfaces • STRIDE is a collection of typical threats, i.e., Spoofing, Tampering, Repudiation, Information disclosure, Denial of Services and Elevation of privilege used in SDL (Secure Development Lifecycle) by Microsoft. • STRIDE is applied to identified attack surfaces and assets Spoofing Positioning Information (e.g., GSP spoofing) Typical examples: Tampering Map data (e.g., tampering coordinates) Information disclosure of GO/NOGO commands (e.g., eavesdropping the command GO/NOGO) Denial of Service of Sensor Input (e.g., Disturbance against ultrasonic sensor)
  • 15. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Identified potential attacks by STRIDE: Assets Tampering Command Checking (e.g., change its functionality) Typical examples: Denial of Service of Control value generation (e.g., delay the function) Escalation of privilege against Monitor (e.g., Override the function)
  • 16. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Safety Goal and Safety Goal violation • Safety Goal ‒ The item does not generate unintended control values (actuation) against user intention. ‒ The safety goal violation could be judged by the outer-most output, in this case Control values (actuation) User intention Control values (actuation)
  • 17. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #1 Attack starting with “Spoofing User operation” could be prevented by “FR-6: Judgement”. 1: Spoof User operation 2: GO/NOGO is transferred 3: Pre command is transferred FR-6 judges whether the parking place is appropriate using Map Data and Location Data.
  • 18. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #2 Multiple attacks with “Spoofing User operation” and “Tampering Map Data” could be prevented by “FSR-3: Control Value Generation” with “Environment Recognition Data”. 1-1: Spoof User operation 1-2: GO/NOGO is transferred 1-3: Pre command is transferred FSR-3 senses the surrounding environment from Sensor Input and might detect some obstacles. 2-1:Tamper Map Data 2-2:Map Data is transferred 2-3: GO/NOGO is transffered
  • 19. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Attack Scenario #3 Multiple attacks with “Spoofing User operation”, “Tampering Map Data” and “Spoof Sensor Input” could not be prevented by any safety mechanism and causes the safety goal violation. 1-1: Spoof User operation 1-2: GO/NOGO is transferred 1-3: Pre command is transferred 2-1:Tamper Map Data 2-2:Map Data is transferred 2-3: GO/NOGO is transferred 3-1:Spoof Sensor Input 3-2: Environment Recognition Data is transferred The rest of interactions are all transferred. Unintended control value/actuation is generated
  • 20. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Related Work • Only limited to Architecture Description Language (AD) with security extension related to automotive systems. • EAST-ADL ‒ Developed under ITEA EAST-EEA ‒ Integration of AUTOSAR ‒ SAM (Security Abstraction Model) for a meta-model for security properties. ‒ No specific threat analysis technique for safety architecture nor any relationship between safety and security. • AADL ‒ Developed by SAE and CMU/SEI ‒ Error Mode Annex for error models and Security Annex for security model ‒ Security Annex is based on MILS architecture and applied to avionics ‒ No work on safety and security interactions. • SysML ‒ cp/TARA is an integrated threat analysis tool ‒ Security extensions of SysML block definition diagrams (assets, attack surfaces, etc) and requirements diagrams (functional security req. following SAE J3061). ‒ No work on safety and security interactions.
  • 21. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Concluding Remarks and Future Directions • We proposed the security threat analysis framework for SCDL, which can help identify potential threats against safety concepts modelled in SCDL. ‒ Effects by security threats against safety architecture/mechanism can be analyzed. ‒ This framework provides TARA (Threat Analysis and Risk Assessment) at the concept phase in ISO 26262. RA part has not been achieved yet. • Future directions include the followings: ‒ Feedback loop to functional safety activities after threat analysis is carried out (including feasibility study on cybersecurity concept in SCDL). ‒ Possible yet effective integration of functional safety (ISO 26262) and security processes (ISO/SAE 21434). ‒ Further adaptation of this framework towards activities to follow (e.g., system level) in ISO 26262.
  • 22. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Thank you for your attention! Acknowledgements to all members of SCDL Security SWG, particularly Mr. T. Muramatsu and F. Kohno for the discussion on the issues addressed in this paper.
  • 23. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Basic Concept Related to Safety • Safety related concepts such as hazard, accident, risk, failure have different definitions and understanding in industries and countries. • Definitions (from ISO 26262) ‒ Hazard  potential source of harm caused by malfunctioning behaviour of the item ‒ Safety mechanism  technical solution implemented by E/E functions or elements, or by other technologies, to detect faults or control failures in order to achieve or maintain a safe state.  Remark: Safety mechanism includes simple monitor-arbitration logic to more complex fault tolerant/redundancy mechanisms hazard Safety mechanism Examples of hazard: 1) Overheat of battery charging device causes its explosion and/or make burns. 2) ECU produces unintended assist torque. The following simplified figure is used to represent safety mechanism against hazard.
  • 24. copyright@2020 CAV Technologies Co., Ltd. all rights reserved. Threat and Hazard: How Do They Interact Each Other? • There is no clear and definitive definition on how threat and hazard are related each other. • Definitions (from J3061) ‒ Threat  A circumstance or event with the potential to cause harm, where harm may be with respect to financial, reputation, privacy, safety, or operational. • We take that a hazard may be caused by threat as a working assumption. Hazard: Overheat of battery charging device causes its explosion and/or makes burns. Threat (action): Malware causes malfunction of battery charging device. Hazard: ECU produces unintended assist torque. Threat (action): Control message is spoofed. hazardthreat That a threat causes a hazard relationship