Sophisticated functionality and ever-increasing perfection of embedded and distributed IT systems have been made possible through an increasing amount of interconnected components. Open interfaces, standardized platforms, and a variety of heterogeneous networks drive complexity and security risks. For any given system it is only a question of time before the resulting security vulnerabilities are systematically identified and exploited at the harm and expense of users and manufacturers.
Security is a quality attribute which interacts heavily with other such attributes, including availability, safety, and robustness. It is the sum of all of the attributes of an information system or product which contributes towards ensuring that processing, storing, and communicating of information sufficiently protects confidentiality, integrity, and authenticity. Cyber security implies that it is not possible to do anything with the processed or managed information which is not explicitly intended by the specification of the embedded system.
Currently used security engineering concepts, such as proprietary subsystems, the protection of components, firewalls between components, and the validation of specific features are necessary basics but insufficient to ensure end-to-end security at the systems-level. Intelligent attack scenarios evolve from different directions, such as attacks on unprotected networks, introduction of dangerous code segments through open interfaces, changes to configurations, and prove that security has to become a topic throughout the entire organization and with high management attention.
Cyber security needs evolve fast with the advent of the Internet of Things (IoT). Let us look to modern automotive systems as an example of connectivity and IoT. Distributed networks such as inside cars and from car to roadside are an essential part for our today’s modern infrastructures with their needs for safety and comfort. Besides the further development of innovative sensors like radar and camera systems and the analysis of the signals in highly complex systems, the connected cars will be a driving factor for tomorrow‘s innovation. Internet connections will not only provide the need for information to the passenger - functions like eCall, communication between cars, and car to infrastructure (vehicle2x) shows high potential for revolutionizing the individual traffic. The advantages are obvious, such as improvement of the traffic flow controlled by intelligent traffic lights, warnings from roadside stations, or brake indication of adjacent cars towards enhanced driver assistant systems and automated driving. But the connection to the outer world also bears the risk for attacks to the car.
Based on our experiences with clients worldwide, we show which security engineering activities are required to create secure systems and how these activities can be performed efficiently in the automotive domain. Key points in the development of protected systems are the proper identification of security requirements, the systematic realization of security functions, and a security validation to demonstrate that security requirements have been met. Here some obvious items from the cyber security checklist:
- Standardized process models for a systematic approach which is anchored in the complete development process. This starts in the requirements analysis phase, and continues through the design and development to the test and integration of components and the network.
- Quick software updates to close vulnerabilities in the deployed and operational software.
- Reliable protocols that are state-of-the-art and meet long-term security demands. Related to security, this is often combined with cryptographic keys. So a key management over the lifecycle of the vehicle must be maintained.
- In-vehicle networks and a system architecture that provide flexibility and scalability and are designed with consideration of security aspects.
The results of security risk and hazard analysis starting with asset identification to misuse, abuse and confuse cases and the entire security protection scheme should be well-documented. It is of utmost interest to understand the approach specifically when modifications are made at a later point. Form a legal perspective complete and maintained documentation is necessary for governance and compliance reasons. Security threats and resulting damages impact the safety of products and the integrity of private data, and are thus directly endangering the financial health of a company. Our guidance: Document the security case similarly to the safety case by means of a ALM/PLM environment. Maintain the related documentation and enhance it with regression test scenarios for future updates.
Security requires an end-to-end perspective. Security engineering must start with a clear focus on security requirements and related critical quality requirements, such as safety, footprint, or performance and how they map to functional requirements. Software component suppliers and integrators first define the key functional requirements. These requirements are then analyzed for security risks and impacts. Security requirements are expanded into further functional requirements or additional security guidelines and validation steps. Security concepts are subsequently and consistently (i.e. traceable) implemented throughout the development process. Finally, security is validated on the basis of previously defined security requirements and test cases.
Today, cyber security by design is in the foreground due to safety, legislative and intellectual property concerns. We recommend a life-cycle perspective which takes a systems engineering perspective and drives security starting with security requirements and the related test cases, while stepwise and comprehensively building the security case in line with the impacted functional requirements and quality requirements. After all it does not help much if transactions are piecemeal encrypted and thus slow down performance.
No comments:
Post a Comment