Following the White Rabbit: Integrity Verification Based on Risk Analysis Results

Abstract

Security is a cross-cutting issue in the automotive development process. The nature of cross-cutting issues demands constant coordination between different stakeholders. Changes in the vehicle functionalities lead to reoccurring security analysis steps, rising the complexity of progress tracking. While those process steps are typically done on function level, the vehicle architecture has to be verified as a composite, too. This is mostly done late in the development process by testing. Thus, architectural mismatches between functionalities security demands are often revealed too late. Starting from the definition of integrity as a system property in the information flow, we present the link from the MoRA approach to the architectural modeling and analysis approach. Verifying the no command-up policy is transferred to the temporal logic TLA+ allowing an early and fast architecture verification.