Content area
Full Text
STANDARDS AND MODELS
Driven by the rapidly increasing share of embedded automotive systems implementing functions for powertrain control, comfort, and driver assistance, the automotive industry has driven the establishment and deployment of standards for ensuring the quality of both the related products and the development processes. While Automotive SPICE (ASPICE) has been transforming the development processes of automotive embedded systems since 2003, the ISO 26262 standard has been applied to cover the integration of functional safety into these systems since 2011. This has become necessary, since an increasing number of automotive embedded systems are safety critical; that is, their malfunctioning might lead to hazards in particular situations.
The next particular challenge automotive original equipment manufacturers (OEMs) and their suppliers are facing is cyberscurity, that is, the protection of vehicles and their highly networked electronics subsystems from IT security threats. This article gives a contribution to the OEMs' and suppliers' increasing efforts to achieve the integration of ASPICE, functional safety, and cybersecurity in their development processes. Building on their works aiming at the integration of ASPICE and functional safety published previously in SOP, the authors suggest methods to integrate cybersecurity considerations as well.
KEY WORDS
automotive embedded systems, Automotive SPICE, cybersecurity, functional safety
INTRODUCTION
Each of the automotive standards related to system and software process quality, functional safety, and cybersecurity has its own focus. Still, all these standards influence the system, software, and hardware design. Automotive SPICE (ASPICE) focuses on the bilateral traceability of the requirements to design and test. The coverage metrics applied by ASPICE provide an overview of how many requirements are analyzed, designed, tested, and released.
Functional safety (ISO 2011; Riel et al. 2012; Messnarz et al. 2015; 2013a; Leveson 2012) addresses faults in the hardware or software, as well as actuators that can lead to a hazardous failure of the system on the vehicle level. Functional safety focuses on faults that can lead to hazards, and preventive design strategies lead to redundant systems, diagnostic coverage, hardware quality metrics, fault-based test methods, and so on, which ensure that hazardous failures will be detected and prevented.
The new cybersecurity standard SAE J3061 (2016) addresses cybersecurity threats and potential attacks that can lead to (hazardous) failures of the system. The automotive industry is...