Hostname: page-component-586b7cd67f-dsjbd Total loading time: 0 Render date: 2024-11-26T07:31:31.472Z Has data issue: false hasContentIssue false
  • English
  • Français

MODEL-BASED SYSTEMS ENGINEERING USING SECURITY DESIGN PATTERNS IN THE CONTEXT OF ISO/SAE 21434

Published online by Cambridge University Press:  19 June 2023

Sergej Japs ,
Faizan Faheem ,
Harald Anacker ,
Stephan Husung  and
Roman Dumitrescu
Sergej Japs*
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM;
Faizan Faheem
Affiliation:
Technische Universität Ilmenau;
Harald Anacker
Affiliation:
Fraunhofer Research Institute for Mechatronic Systems Design IEM;
Stephan Husung
Affiliation:
Technische Universität Ilmenau;
Roman Dumitrescu
Affiliation:
Universität Paderborn
*
Japs, Sergej, Fraunhofer Research Institute for Mechatronic Systems Design IEM, Germany, [email protected]

Abstract

Core share and HTML view are not available for this content. However, as you have access to this content, a full PDF is available via the ‘Save PDF’ action button.

The development of modern vehicles is complex, especially regarding compliance with security and safety. ISO/SAE 21434 considers security and safety along the entire product life cycle. According to the standard, a system architecture, a risk analysis, and the application of countermeasures are carried out in the early system design. Design patterns are solutions to known design problems. Security Design Patterns (SDP) describe countermeasures and are used to reduce risk. After our literature review, we did not find a suitable approach that presents SDPs that would be applicable in early system design. In this paper, we present 10 SDPs for early system design, which we evaluated during an 11-week student project with 28 teams. We present the results of the quantitative analysis and the evaluation of the feedback.

Keywords

ISO/SAE 21434Systems Engineering (SE)Knowledge managementRisk managementCase study
Type
Article
Information
Proceedings of the Design Society , Volume 3: ICED23 , July 2023 , pp. 2675 - 2684
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NCCreative Common License - ND
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives licence (http://creativecommons.org/licenses/by-nc-nd/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is unaltered and is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use or in order to create a derivative work.
Copyright
The Author(s), 2023. Published by Cambridge University Press

References

Amorim, et al. (2017), “Systematic pattern approach for safety and security co-engineering in the automotive domain”, In: International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2017), Trento, Italy, http://doi.org/10.1007/978-3-319-66266-4_22.Google Scholar
Anacker, H. et al. (2020), “Pattern based systems engineering - Application of solution patterns in the design of intelligent technical systems”, In: 16th International design conference, Cavat, Dubrovnik, Croatia, http://doi.org/10.1017/dsd.2020.107.CrossRefGoogle Scholar
Anacker, H., Japs, S. (2021), “Resolution of safety relevant security threats in the system architecture design phase on the example of automotive industry”, In: Proceedings of the design society, 1, http://doi.org/10.1017/pds.2021.517.Google Scholar
Anacker, H., Dumitrescu, R., Japs, S. (2021), “SAVE: Security & safety by model-based systems engineering on the example of automotive industry”, In: Procedia CIRP, vol. 100, 187192, http://doi.org/10.1016/j.procir.2021.05.053.Google Scholar
Cheng, et al. (2019), “Security patterns for automotive systems”, In: ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS-C), Munich, Germany, http://doi.org/10.1109/M0DELS-C.2019.00014.Google Scholar
Cheng, B. et al. (2020), “Security Patterns for Connected and Automated Automotive Systems”, In: Journal of Automotive Software Engineering, http://doi.org/10.2991/jase.d.200826.001.Google Scholar
Dori, D. (2016), “Model-Based Systems Engineering with OPM and SysML”, Springer.CrossRefGoogle Scholar
Fernandez-Buglioni, E. (2013), “Security Patterns in Practice: Designing Secure Architectures Using Software Patterns”, Wiley.Google Scholar
Gausemeier, J., Rammig, F.J., Schafer, W. (2014), “Design methodology for intelligent technical systems”, Springer, Berlin-Heidelberg, http://doi.org/10.1007/978-3-642-45435-6.Google Scholar
Husung, S. et al. (2021), “Using model-based systems engineering for need-based and consistent support of the design process”, In: Proceedings of the Design Society, 1, http://doi.org/10.1017/pds.2021.598.Google Scholar
Japs, S.(2020), “Security & safety by model-based requirements engineering”, In: IEEE 28th International Requirements Engineering Conference (RE), 422427. http://doi.org/10.1109/RE48521.2020.00062.Google Scholar
Japs, S. (2021), “Towards the development of the cybersecurity concept according to ISO/SAE 21434 using model-based systems engineering”, In: IEEE 29th International Requirements Engineering Conference (RE), 486491. http://doi.org/10.1109/RE51729.2021.00073.Google Scholar
Japs, S. et al. (2021), “D-REQs: Determination of security & safety requirements in workshops based on the use of model-based systems engineering”, In: IEEE 29th International Requirements Engineering Conference Workshops (REW), 412414. http://doi.org/10.1109/REW53955.2021.00073.Google Scholar
Martin, et al. (2020), “Combined automotive safety and security pattern engineering approach”, In: Reliability Engineering & System Safety, Volume 198, http://doi.org/10.1016/jj.ress.2019.106773.Google Scholar
TUV Thuringen (2022), “ISO/SAE 21434 - Standard zur Cybersecurity im Automobilbereich”, https://tuev-thueringen.de/blog/iso-sae-21434-standard-zur-cybersecurity-im-automobilbereich, last access: 2022-11-28.Google Scholar