Look both ways before crossing the street: combined safety and security analysis for autonomous vehicles
Veröffentlichungsdatum
2024-02-16
Autoren
Betreuer
Gutachter
Zusammenfassung
With the advent of autonomous driving, machines are taking over vital functions previously performed by a human driver. Therefore, ensuring their safety and security is paramount.
While safety has always been a primary concern in automotive development, with the increasing use of software-based electronic components, proving it is becoming an exceedingly difficult task.
At the same time, security concerns are rising since more and more interconnected devices are being installed to enhance the automated driving function.
While this risk has not remained unrecognized, security is still not targeted satisfactorily. Furthermore, it is still widely adopted to analyse safety and security separately in practice.
This is a misjudged approach, given the fact that the two properties are intertwined: A security attack on a component endangers its correct operation and thus the system safety. Vice versa, a safety failure of a cryptography module increases the vulnerability of the components relying on it, favouring security attacks.
The present dissertation addresses this issue with the development of a quantitative analysis method that is capable of modelling complex, critical systems and viewing the occurrence of safety failures and security attacks in parallel, as well as in dependence to one another.
Therefore, a graph-based modelling of system level components and their dependencies is developed and a transformation into a Continuous-Time Markov Chain formalized.
In that, the occurrences of single failures and attacks of the individual components are modelled by state changes due to defined probability rates and their consequences to the system's capability of remaining functional are reflected.
The goal is to prepare for a quantitative analysis that yields the system failure probability over a specified period, e.g. the system's lifetime.
The results are meant to support the development and the certification process of new vehicular architectures.
In order to allow for a comfortable modelling and an automated evaluation of complex systems, this method is implemented in a tool called ERIS.
While safety has always been a primary concern in automotive development, with the increasing use of software-based electronic components, proving it is becoming an exceedingly difficult task.
At the same time, security concerns are rising since more and more interconnected devices are being installed to enhance the automated driving function.
While this risk has not remained unrecognized, security is still not targeted satisfactorily. Furthermore, it is still widely adopted to analyse safety and security separately in practice.
This is a misjudged approach, given the fact that the two properties are intertwined: A security attack on a component endangers its correct operation and thus the system safety. Vice versa, a safety failure of a cryptography module increases the vulnerability of the components relying on it, favouring security attacks.
The present dissertation addresses this issue with the development of a quantitative analysis method that is capable of modelling complex, critical systems and viewing the occurrence of safety failures and security attacks in parallel, as well as in dependence to one another.
Therefore, a graph-based modelling of system level components and their dependencies is developed and a transformation into a Continuous-Time Markov Chain formalized.
In that, the occurrences of single failures and attacks of the individual components are modelled by state changes due to defined probability rates and their consequences to the system's capability of remaining functional are reflected.
The goal is to prepare for a quantitative analysis that yields the system failure probability over a specified period, e.g. the system's lifetime.
The results are meant to support the development and the certification process of new vehicular architectures.
In order to allow for a comfortable modelling and an automated evaluation of complex systems, this method is implemented in a tool called ERIS.
Schlagwörter
Safety and Security Analysis
;
Quantitative Methods
;
Autonomous Vehicles
Institution
Fachbereich
Dokumenttyp
Dissertation
Sprache
Englisch
Dateien![Vorschaubild]()
Lade...
Name
dissertation_rinaldo_pdfA_final.pdf
Size
3.28 MB
Format
Adobe PDF
Checksum
(MD5):0813ae7f846f1791d04264123783ab91