Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner.

Published byLauren Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner."— Presentation transcript:

1 ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner

2 ISSSC 2015, 8.9.2015 09.00 – 12.00 Company Profile Accreditated iNTACS™ training provider for ISO/IEC 15504 and Automotive SPICE ® Accreditated VDA-QMC training provider and partner Moderator of the German SOQRATES initiative, where 23 leading Germany companies share knowledge concerning process improvement. EU Research Projects since 1995 2

3 ISSSC 2015, 8.9.2015 09.00 – 12.00 Company Profile ISCN Ltd Ireland (Coordination Office) founded 1994 in Ireland –Development and consulting offices in Austria ISCN Regionalstelle founded 1997 I.S.C.N. GesmbH founded 2001 –Further Offices in ISCN Group in different countries EuroSPI Conference and Network Coordinator since 1994 Vice President and Technology Provider for the European Certification and Qualification Association since 2005 SPICE Assessments and Improvement Projects since 1994 3

4 ISSSC 2015, 8.9.2015 09.00 – 12.00 Integrated Safety Design 4 Assembler Manufacturer SW Safety + Security Designer Mechatronic Designer Technical Project Leader HW Safety + Security Designer System Safety + Security Engineer

5 ISSSC 2015, 8.9.2015 09.00 – 12.00 Automotive Example 5 Understanding functional chains beyond and including the software steering wheel Driver steering torque Steering column (mechanical layout and torque) Torque-Index-Sensor Rack Powerpacktorque sensor signal transmission X mm = Y° Steering Angle Powerpack ECU SW Connec- tor E- Motor Item = Electric Power Steering CAN CL15 CL30 In – Vehicle Speed In – Ignition On Out – Steering Angle

6 ISSSC 2015, 8.9.2015 09.00 – 12.00 Automotive Example 6 Understanding functional chains beyond and including the software Item Extended by Steering Lock ECU SW E- Motor Connec- tor CAN CL15 Ignition On M Locking Bolt CL30 Battery

7 ISSSC 2015, 8.9.2015 09.00 – 12.00 Risk Classification

8 ISSSC 2015, 8.9.2015 09.00 – 12.00

9

10 Independent confirmation measures [ISO 26262-2, 6.4.7 Tab1]: Confirmation reviews F.Safety audit F.Safety assessment Independence of elements after decomposition: No dependent failures or Dependent failures have safety mechanism

11 ISSSC 2015, 8.9.2015 09.00 – 12.00 Automotive Example 11 Understanding functional chains beyond and including the software Item Extended by Steering Lock ECU SW E- Motor Connec- tor CAN CL15 In – Digital Ignition On 0/1 ASIL-B (D) In – Vehicle Speed ASIL-B (D) M Locking Bolt CL30 Lock-Control ASIL- D In – Ignition On ASIL-A (D)

12 ISSSC 2015, 8.9.2015 09.00 – 12.00 L1 Base Software L2 Speed versus Ignition On/Off L2 Motor Position Check Actuator Activation Vehicle Speed Ignition On/off Safe State Function- Software L3 System Diagnosis Processor still working, workflow control, etc. ASIL D: independent memory, 2 independent CPUs synchronised

13 ISSSC 2015, 8.9.2015 09.00 – 12.00 13 Building a Requirements Traceability as Part of the Safety Case Automotive Example Customer Requirements e.g. Life time 15 years of steeribng lock e.g. Lock the steering as standstill Hazard Analysis Identification and classification of safety risks and hazards. e.g. Safety Goal : no uncontrolled actuation of steering lock Risk: uncontrolled actuation can happen with wrong clamp 15 input FMEA / FMEDA Analysis of hazards and safety risks and measures by FMEA and FMEDA e.g. Measure: redundant digital ignition on/off is needed to assure that speed is < 3 km/h, otherwise steering lock stays open System Requirements Specification System Requirements e.g. Activating steering lock at stand still within 1 second e.g. during life time the system can manage up to 16000 locks/unlocks Safety Requirements e.g. we need to trust the speed information by ASILD e.g. In case of speed > 3 km/h do not activate the steering lock e.g. safe state is steering lock open, also to be reached in case of ECU failure

14 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Prio 1: Analyse IT Threats which can lead to the hazardouus failure Prio 2: Analyse additional IT Security Threats

15 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing CommandsMessages on CAN are used to simulate car is stopping. Checksum algorithm and message structure is hacked. Sending key-less-go off signal, and at the same time sending speed is 0 and rpm is 0. Denial of serviceMessages on CAN are used to simulate car is never stopping. Sending wrong digital on/off signal and speed always > 5 km/h (steering lock never actuates) TamperingChanging configuration data in a memory (setting speedlimit for activating steering lock) Changing from < 3 kmh to < 100 kmh during drive (activates when decreasing speed lower 100)

16 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Identity SpoofingSpoofing identity of garage Spoofing identity of message Presumptipon of above scenarios. Information DisclosureMemory dump and copying of data, gaining knolwedge about encryption keys, checksum algorithms. Presumptipon of above scenarios. Elevation of privilegeAccess to the gateway and access to the priviliged bus in the car Presumptipon of above scenarios.

17 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle 17 Understanding interference from IT Security Maintenab nce tools, listening tools Information Disclosure Elevation of Priviliges Vehicle Bus and Gateway Spoofing Identity Vehicle Steering Related ECUs Spoofing of Commands Tampering Vehicle Function Steering Lock Denial of service Spoofing of Commands leading to locking Automotive Defense Layer 1 Automotive Defense Layer 2 Automotive Defense Layer 3 ASIL-D

18 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing CommandsMessages on CAN are used to simulate car is stopping. Checksum algorithm and message structure is hacked. Sending key-less-go off signal, and at the same time sending speed is 0 and rpm is 0. Denial of serviceMessages on CAN are used to simulate car is never stopping. Sending wrong digital on/off signal and speed always > 5 km/h (steering lock never actuates) TamperingChanging configuration data in a memory (setting speedlimit for activating steering lock) Changing from < 3 kmh to < 100 kmh during drive (activates when decreasing speed lower 100) ASIL-D

19 ISSSC 2015, 8.9.2015 09.00 – 12.00 Traceability Threat Specification per Safety Goal

20 ISSSC 2015, 8.9.2015 09.00 – 12.00 Exercise Steering system – self steering – use the ASIL-D rated case Threat analysis using the table Threat analysis diagram with Automotive Defense Layers (AutoDLs)

21 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Spoofing Commands Denial of service Tampering

22 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle Understanding interference from IT Security Attack TypeImpactHow Identity Spoofing Information Disclosure Elevation of privilege

23 ISSSC 2015, 8.9.2015 09.00 – 12.00 Dependable vehicle 23 Understanding interference from IT Security Information Disclosure Elevation of Priviliges Spoofing Identity Spoofing of Commands Tampering Vehicle Function Denial of service Spoofing of Commands leading to locking Automotive Defense Layer 1 Automotive Defense Layer 2 Automotive Defense Layer 3

Download ppt "ISSSC 2015, 8.9.2015 09.00 – 12.00 Functional Safety and IT Security Example Dr Richard Messnarz Dr Christian Kreiner."

Similar presentations

EU-Certificates Association: Introducing EQN Project of EU Leonardo da Vinci Programme A.Soloviev (EDNES/GC RAS, Russia), R.Messnarz (Coordinator, ISCN,

EU-Certificates Association: Introducing EQN Project of EU Leonardo da Vinci Programme A.Soloviev (EDNES/GC RAS, Russia), R.Messnarz (Coordinator, ISCN,
Automotive Embedded System Development in AUTOSAR

Automotive Embedded System Development in AUTOSAR
The Fully Networked Car Geneva, 3-4 March 2010 Security risk analysis approach for on-board vehicle networks 1 Alastair Ruddle Consultant, MIRA Limited.

The Fully Networked Car Geneva, 3-4 March 2010 Security risk analysis approach for on-board vehicle networks 1 Alastair Ruddle Consultant, MIRA Limited.
TOOL BOX TALKS Safe Working at External Locations.

TOOL BOX TALKS Safe Working at External Locations.
Vehicle Dynamics – It’s all about the Calculus… J. Christian Gerdes Associate Professor Mechanical Engineering Department Stanford University.

Vehicle Dynamics – It’s all about the Calculus… J. Christian Gerdes Associate Professor Mechanical Engineering Department Stanford University.
Division Mobile Working Machinery Prof. Dr.-Ing. Dr. h.c. K.-Th. Renius c/o Institute of Automotive Engineering Prof. Dr.-Ing. B. Heißing Technische Universität.

Division Mobile Working Machinery Prof. Dr.-Ing. Dr. h.c. K.-Th. Renius c/o Institute of Automotive Engineering Prof. Dr.-Ing. B. Heißing Technische Universität.
Car Hacking Patrick, James, Penny.

Car Hacking Patrick, James, Penny.
Service Training K-VK-36 mz 06/01 Convenience system remote central locking and anti-theft system 1.

Service Training K-VK-36 mz 06/01 Convenience system remote central locking and anti-theft system 1.
Hydraulic Anti-Lock Braking System For Trucks, Buses and Motor Homes.

Hydraulic Anti-Lock Braking System For Trucks, Buses and Motor Homes.
Steering Columns.

Steering Columns.
Sensors used in ABS (Anti-Lock Braking System)

Sensors used in ABS (Anti-Lock Braking System)
Chapter 3 Basic Vehicle Control

Chapter 3 Basic Vehicle Control
CPSC 875 John D. McGregor Security. Write down the AADL specification for a simple queue.

CPSC 875 John D. McGregor Security. Write down the AADL specification for a simple queue.
FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)

FIA Protection Against Mileage Fraud by Common Criteria UNECE Informal document GRSG (108th GRSG, 4-8 May 2015, agenda item 3)
Overview of MultipleInput Power Steering Software Engineering CSE 435 Michigan State University Fall 2014 Team members: Project Manager: Gregory Andrew.

Overview of MultipleInput Power Steering Software Engineering CSE 435 Michigan State University Fall 2014 Team members: Project Manager: Gregory Andrew.
E- 579 Mechatronics Modeling and Simulation Term Project - “ Steer By Wire” Instructor Dr. Shuvra Das Divesh Mittal.

E- 579 Mechatronics Modeling and Simulation Term Project - “ Steer By Wire” Instructor Dr. Shuvra Das Divesh Mittal.
Emerging Trends in Computer Science Dr. Gurvinder Singh Reader, Deptt of Computer Science & Engineering, GNDU, Amritsar.

Emerging Trends in Computer Science Dr. Gurvinder Singh Reader, Deptt of Computer Science & Engineering, GNDU, Amritsar.
The Australian/New Zealand Standard on Risk Management

The Australian/New Zealand Standard on Risk Management
ABS(Antilock braking system)

ABS(Antilock braking system)
Motor Vehicle Level 3 Electronics and Electronic Components Resource 1.

Motor Vehicle Level 3 Electronics and Electronic Components Resource 1.

Similar presentations

Ads by Google