https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards an assessment of safety and security interplay in automated driving systems.
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. RISE Research Institutes of Sweden. (Embedded Systems)ORCID iD: 0000-0001-6901-4986
2022 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

We are currently in the midst of significant changes in the road transport system, including the transformation to fossil-free propulsion and the shift to higher levels of automation. The next level in automation is soon upon us and is encompassed by the broader term Connected, Cooperative and Automated Mobility (CCAM) which is relevant for the entire transportation system. The introduction of CCAM has the potential to contribute significantly to crucial UN Sustainable Development Goals. For the automotive domain, the term Automated Driving Systems (ADS) is often used for highly automated vehicles. Notwithstanding the expected positive effects and the extraordinary efforts, highly automated driving systems are still not publicly available except in pilot programs.

The increased complexity in the higher automation levels can be ascribed to the shift from fail-safe operator support to fail-operational systems that assume the operator's role, utilising new sensors and algorithms for perception and the reliance on connectivity to solve the problem task. Here the solution is also the problem, i.e. complex systems. The complexity of the systems and difficulties in capturing a complete practical description of the environment where the systems are intended to operate pose difficulties in defining validation procedures for ADS technologies' safety, security, and trustworthiness.

Parallel to traditional safety issues, there is now a need to consider the quality of cybersecurity, e.g. due to external communication and environmental sensors being susceptible to remote attacks. A security problem may enable a hacker to incapacitate or fool an ADS resulting in unsafe behaviour. In addition to malicious misuse, the development of environment sensing has to consider functional insufficiencies of the employed sensor technologies. Therefore, both safety and security and their interplay must be addressed in developing the solutions.

The first step in gaining public confidence in the technologies involved is to raise user awareness. Therefore there is a need to be transparent and explicit on the evaluation targets and the associated supporting evidence of safe and secure ADS. An assessment of safety and security properties performed by an independent organisation can be an essential step towards establishing trust in ADS solutions, bridging the gap between the marketing portrayal and the actual performance of such systems in operating conditions.

This licentiate thesis contributes towards the overall goal of improving the assessment target and the associated supporting evidence of a safe and secure ADS in the automotive domain by (1) assessing requirements for safety, security and their interplay on key enabling technologies, (2) introducing an argument pattern enabling safety, security and interaction overlap to be jointly addressed, (3) proposing a method that enables assessment of security informed safety an independent agency.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2022.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 326
Keywords [en]
Functional Safety, Cybersecurity, Automotive, Automated Drivning, Assessment
National Category
Embedded Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-58110ISBN: 978-91-7485-554-8 (print)OAI: oai:DiVA.org:mdh-58110DiVA, id: diva2:1654160
Presentation
2022-06-09, Kappa, Mälardalens universitet, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2022-05-05 Created: 2022-04-26 Last updated: 2022-11-08Bibliographically approved
List of papers
1. Technical and functional requirements for V2X communication, positioning and cyber-security in the HEADSTART project
Open this publication in new window or tab >>Technical and functional requirements for V2X communication, positioning and cyber-security in the HEADSTART project
Show others...
2021 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Connected and AutomatedD riving (CAD) features rely on s e v er al key technologies to function safelyat the vehicle and compone nt level. HEADSTART (Harm onised European Solutions fo r TestingAutomated Road Transport) is a research project fund ed by the European Union tha t aims to definetesting and validation pro c e d ur e s for CAD features with a focus on three K ey Enabling Technologi es(KETs): Vehicle to eve rything (V2X) communication, Positioning and Cyber security. This paperpresent s the technical and functional requ i rements for these three KETs including w h a t is n e eded forthese technol ogies to work corre ctly (at vehicle and c omponent level) and what is needed to verify andvali d ate them in proving ground and simulation environment. The final aim is to satisfy t h e safetyrequirements to protect the veh i c l e i ts e lf and the other road users.

Keywords
Connected and Automated Driving (CAD), V2X Communication, Positioning, Cybersecurity, Testing
National Category
Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-58129 (URN)
Conference
27th ITS World Congress, Hamburg, Germany, 11-15 October 2021
Projects
HEADSTART
Funder
EU, Horizon 2020, 824309
Available from: 2022-04-29 Created: 2022-04-29 Last updated: 2022-05-18Bibliographically approved
2. In search of synergies in a multi-concern development lifecycle: Safety and cybersecurity
Open this publication in new window or tab >>In search of synergies in a multi-concern development lifecycle: Safety and cybersecurity
2018 (English)In: Lecture notes in Computer Science, 2018, p. 302-313Conference paper, Published paper (Refereed)
Abstract [en]

The complexity of developing embedded electronic systems has been increasing especially in the automotive domain due to recently added functional requirements concerning e.g., connectivity. The development of these systems becomes even more complex for products - such as connected automated driving systems – where several different quality attributes (such as functional safety and cybersecurity) need to also be taken into account. In these cases, there is often a need to adhere to several standards simultaneously, each addressing a unique quality attribute. In this paper, we analyze potential synergies when working with both a functional safety standard (ISO 26262) and a cybersecurity standard (first working draft of ISO/SAE 21434). The analysis is based on a use case developing a positioning component for the automotive domain. The results regarding the use of multi-concern development lifecycle is on a high level, since most of the insights into co-engineering presented in this paper is based on process modeling. The main findings of our analysis show that on the design-side of the development lifecycle, the big gain is completeness of the analysis when considering both attributes together, but the overlap in terms of shared activities is small. For the verification-side of the lifecycle, much of the work and infrastructure can be shared when showing fulfillment of the two standards ISO 26262 and ISO/SAE 21434.

Keywords
Automotive, Co-engineering, Cybersecurity, Functional safety, Multi-concern, Automobile electronic equipment, Embedded systems, ISO Standards, Life cycle, Automated driving systems, Cyber security, Cybersecurity standards, Embedded electronic systems, Functional requirement, Safety engineering
National Category
Natural Sciences
Identifiers
urn:nbn:se:mdh:diva-58130 (URN)10.1007/978-3-319-99229-7_26 (DOI)000458807000026 ()2-s2.0-85053902497 (Scopus ID)9783319992280 (ISBN)
Conference
Search of Synergies in a Multi-concern Development Lifecycle: Safety and Cybersecurity: SAFECOMP 2018 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Västerås, Sweden, September 18, 2018, Proceedings
Note

Funding details: EU, Erzincan Üniversitesi; Funding details: 692474, VINNOVA; Funding text: This work is supported by the EU and VINNOVA via the ECSEL Joint Undertaking project AMASS (No 692474), but the contents of the paper only reflect the authors views.

Available from: 2022-04-29 Created: 2022-04-29 Last updated: 2022-06-07Bibliographically approved
3. Argument Patterns for Multi-Concern Assurance of Connected Automated Driving Systems
Open this publication in new window or tab >>Argument Patterns for Multi-Concern Assurance of Connected Automated Driving Systems
2019 (English)In: 4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019) / [ed] Mikael Asplund and Michael Paulitsch, Dagstuhl, 2019, p. 3:1-3:13, article id 3Conference paper, Published paper (Refereed)
Abstract [en]

Showing that dependable embedded systems fulfil vital quality attributes, e.g. by conforming to relevant standards, can be challenging. For emerging and increasingly complex functions, such as connected automated driving (CAD), there is also a need to ensure that attributes such as safety, cybersecurity, and availability are fulfilled simultaneously. Furthermore, such systems are often designed using existing parts, including 3rd party components, which must be included in the quality assurance. This paper discusses how to structure the argument at the core of an assurance case taking these considerations into account, and proposes patterns to aid in this task. The patterns are applied in a case study with an example automotive function. While the aim has primarily been safety and security assurance of CAD, their generic nature make the patterns relevant for multi-concern assurance in general.

Place, publisher, year, edition, pages
Dagstuhl: , 2019
Series
OpenAccess Series in Informatics (OASIcs), ISSN 2190-6807 ; 73
Keywords
Multi-concern assurance, connected automated driving, dependability, functional safety, cybersecurity, cyber-physical systems, critical embedded systems
National Category
Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-58131 (URN)10.4230/OASIcs.CERTS.2019.3 (DOI)2-s2.0-85070897092 (Scopus ID)978-3-95977-119-1 (ISBN)
Conference
4th International Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS 2019)
Projects
ESPLANADEAMASS
Funder
Vinnova, 2016-04268EU, Horizon 2020, ECSEL 692474
Available from: 2022-04-29 Created: 2022-04-29 Last updated: 2022-04-29Bibliographically approved
4. Synchronisation of an Automotive Multi-concern Development Process
Open this publication in new window or tab >>Synchronisation of an Automotive Multi-concern Development Process
2021 (English)In: COMPUTER SAFETY, RELIABILITY, AND SECURITY (SAFECOMP 2021) / [ed] Habli, I Sujan, M Gerasimou, S Schoitsch, E Bitsch, F, SPRINGER INTERNATIONAL PUBLISHING AG , 2021, Vol. 12853, p. 63-75Conference paper, Published paper (Refereed)
Abstract [en]

Standardisation has a primary role in establishing common ground and providing technical guidance on best practices. However, as the methods for Autonomous Driving Systems design, validation and assurance are still in their initial stages, and several of the standards are under development or have been recently published, an established practice for how to work with several complementary standards simultaneously is still lacking. To bridge this gap, we present a unified chart describing the processes, artefacts, and activities for three road vehicle standards addressing different concerns: ISO 26262 - functional safety, ISO 21448 - safety of the intended functionality, and ISO 21434 - cybersecurity engineering. In particular, the need to ensure alignment between the concerns is addressed with a synchronisation structure regarding content and timing.

Place, publisher, year, edition, pages
SPRINGER INTERNATIONAL PUBLISHING AG, 2021
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keywords
Functional safety, Cybersecurity, Multi-concern, SOTIF, Automotive, ISO 26262, ISO 21448, ISO 21434
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:mdh:diva-56119 (URN)10.1007/978-3-030-83906-2_5 (DOI)000694725200005 ()2-s2.0-85115141797 (Scopus ID)9783030839062 (ISBN)
Conference
SAFECOMP Conference, SEP 07, 2021, ELECTR NETWORK
Available from: 2021-10-07 Created: 2021-10-07 Last updated: 2022-04-29Bibliographically approved
5. Black-Box Testing for Security-Informed Safety of Automated Driving Systems
Open this publication in new window or tab >>Black-Box Testing for Security-Informed Safety of Automated Driving Systems
2021 (English)In: IEEE Vehicular Technology Conference, Institute of Electrical and Electronics Engineers Inc. , 2021, article id 9448691Conference paper, Published paper (Refereed)
Abstract [en]

An evaluation of safety and security properties performed by an independent organisation can be an important step towards establishing trust in Automated Driving Systems (ADS), bridging the gap between the marketing portrayal and the actual performance of such systems in real operating conditions. However, due to the complexity of an ADS's behaviour and dangers involved in performing real environment security attacks, we believe assessments that can be performed with a combination of simulation and validation at test facilities is the way forward.In this paper, we outline an approach to derive test suites applicable to generic ADS feature classes, where classes would have similar capabilities and comparable assessment results. The goal is to support black box testing of such feature classes as part of an independent evaluation. By the means of co-simulation of post-attack behaviour and critical scenarios, we derive a representative set of physical certification tests, to gain an understanding of the interplay between safety and security. During the initial tests an ADS is subjected to various attacks and its reactions recorded. These reactions such as reduced functionality, fall back etc., together with relevant scenarios for the class is further analysed to check for safety implications. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2021
Keywords
Automated Driving Systems, Black-box testing, Dependability, Safety, Safety Assessment, Security, Deceleration, Safety testing, Certification tests, Real environments, Real operating conditions, Safety and securities, Security attacks, Simulation and validation, Various attacks
National Category
Embedded Systems
Identifiers
urn:nbn:se:mdh:diva-55649 (URN)10.1109/VTC2021-Spring51267.2021.9448691 (DOI)000687839600060 ()2-s2.0-85112418651 (Scopus ID)9781728189642 (ISBN)
Conference
93rd IEEE Vehicular Technology Conference, VTC 2021-Spring, 25 April 2021 through 28 April 2021
Available from: 2021-08-26 Created: 2021-08-26 Last updated: 2022-04-29Bibliographically approved

Open Access in DiVA

fulltext(676 kB)360 downloads
File information
File name FULLTEXT02.pdfFile size 676 kBChecksum SHA-512
4f0585a0280e6ae72d035bcf2c9894e768e8745752b4934f550f2cd083e2b034c5bb7f6736d102d19758393d467affc0795232db440e7b8574653de05e38e395
Type fulltextMimetype application/pdf

Authority records

Skoglund, Martin

Search in DiVA

By author/editor
Skoglund, Martin
By organisation
Embedded Systems
Embedded Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 360 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 862 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf