Concept of Using the MBSE Approach to Integrate Security Patterns in Safety-Related Projects for the Automotive Industry

IF 7.9 1区工程技术 Q1 ENGINEERING, CIVIL

IEEE Transactions on Intelligent Transportation Systems Pub Date : 2024-08-30 DOI:10.1109/TITS.2024.3444048

Piotr PiąTek;Piotr Mydłowski;Aleksander Buczacki;Szczepan Moskwa

{"title":"Concept of Using the MBSE Approach to Integrate Security Patterns in Safety-Related Projects for the Automotive Industry","authors":"Piotr PiąTek;Piotr Mydłowski;Aleksander Buczacki;Szczepan Moskwa","doi":"10.1109/TITS.2024.3444048","DOIUrl":null,"url":null,"abstract":"The automotive industry is undergoing significant changes due to increased connectivity, data usage, and vehicle autonomy, which pose new challenges and increase the attack surface of vehicles. To effectively address these challenges, all design tasks in automotive projects need to be well-coordinated and prioritize vehicle security. Model-Based Systems Engineering (MBSE) provides a comprehensive approach that allows multiple engineering disciplines to work concurrently. In this study, we propose the integration of well-established security solutions, such as Security Patterns, into safety-critical automotive systems using the MBSE approach. Our work presents a procedural flow for incorporating Security Patterns into the system model, emphasizing the inclusion of cybersecurity (CySe) and functional safety (FS) actions. To meet the regulatory requirements, we selected the IDS (Intrusion Detection System) pattern as a key component of our proposed CyberSafety Design Framework. In a real-world case study of an Advanced Emergency Braking System (AEBS), we evaluated the effectiveness of our framework by integrating the IDS pattern with TARA and HARA assessments. Our results demonstrate the feasibility of merging design processes within an MBSE framework, reducing design effort and aligning with the security by design principle. Future research should explore the application of different Security Patterns in conjunction with SOTIF systems, and industry efforts should be directed towards standardizing the collaboration between cybersecurity and safety.","PeriodicalId":13416,"journal":{"name":"IEEE Transactions on Intelligent Transportation Systems","volume":"25 11","pages":"15477-15492"},"PeriodicalIF":7.9000,"publicationDate":"2024-08-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Intelligent Transportation Systems","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10660657/","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, CIVIL","Score":null,"Total":0}

引用次数: 0

Abstract

The automotive industry is undergoing significant changes due to increased connectivity, data usage, and vehicle autonomy, which pose new challenges and increase the attack surface of vehicles. To effectively address these challenges, all design tasks in automotive projects need to be well-coordinated and prioritize vehicle security. Model-Based Systems Engineering (MBSE) provides a comprehensive approach that allows multiple engineering disciplines to work concurrently. In this study, we propose the integration of well-established security solutions, such as Security Patterns, into safety-critical automotive systems using the MBSE approach. Our work presents a procedural flow for incorporating Security Patterns into the system model, emphasizing the inclusion of cybersecurity (CySe) and functional safety (FS) actions. To meet the regulatory requirements, we selected the IDS (Intrusion Detection System) pattern as a key component of our proposed CyberSafety Design Framework. In a real-world case study of an Advanced Emergency Braking System (AEBS), we evaluated the effectiveness of our framework by integrating the IDS pattern with TARA and HARA assessments. Our results demonstrate the feasibility of merging design processes within an MBSE framework, reducing design effort and aligning with the security by design principle. Future research should explore the application of different Security Patterns in conjunction with SOTIF systems, and industry efforts should be directed towards standardizing the collaboration between cybersecurity and safety.

查看原文本刊更多论文

使用 MBSE 方法在汽车行业安全相关项目中整合安全模式的概念

由于连接性、数据使用和车辆自主性的提高，汽车行业正在经历重大变革，这带来了新的挑战，增加了车辆的攻击面。为了有效应对这些挑战，汽车项目中的所有设计任务都需要妥善协调，并优先考虑车辆安全性。基于模型的系统工程（MBSE）提供了一种允许多个工程学科同时工作的综合方法。在本研究中，我们建议使用 MBSE 方法将安全模式等成熟的安全解决方案集成到安全关键型汽车系统中。我们的工作介绍了将安全模式融入系统模型的程序流程，强调了网络安全（CySe）和功能安全（FS）行动的融入。为了满足监管要求，我们选择了 IDS（入侵检测系统）模式作为我们提出的网络安全设计框架的关键组成部分。在先进紧急制动系统（AEBS）的实际案例研究中，我们通过将 IDS 模式与 TARA 和 HARA 评估相结合，评估了我们的框架的有效性。我们的研究结果证明了在 MBSE 框架内合并设计流程的可行性，从而减少了设计工作量，并符合安全设计原则。未来的研究应探索不同安全模式与 SOTIF 系统的结合应用，行业应努力实现网络安全与安全合作的标准化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Intelligent Transportation Systems 工程技术-工程：电子与电气

CiteScore

14.80

自引率

12.90%

发文量

1872

审稿时长

7.5 months

期刊介绍： The theoretical, experimental and operational aspects of electrical and electronics engineering and information technologies as applied to Intelligent Transportation Systems (ITS). Intelligent Transportation Systems are defined as those systems utilizing synergistic technologies and systems engineering concepts to develop and improve transportation systems of all kinds. The scope of this interdisciplinary activity includes the promotion, consolidation and coordination of ITS technical activities among IEEE entities, and providing a focus for cooperative activities, both internally and externally.