Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Security WP29 / ITS 11-11-2015 Document No. ITS/AD-07-03-Rev1 (7th ITS/AD, 11 November 2015, agenda item 3-2)

Published byBertina Walker Modified over 8 years ago

Similar presentations

Presentation on theme: "Software Security WP29 / ITS 11-11-2015 Document No. ITS/AD-07-03-Rev1 (7th ITS/AD, 11 November 2015, agenda item 3-2)"— Presentation transcript:

1 Software Security WP29 / ITS 11-11-2015 Document No. ITS/AD-07-03-Rev1 (7th ITS/AD, 11 November 2015, agenda item 3-2)

2 Dangerous? Kristina Svechinskaya, creator Zeusbot, stolen 35 million euro

3 Definition Security Security = certain level of - confidentiality - integrity - availability

4 Approval system principles E.g. ISO 26262 is used by manufacturers for software development Software Security is not yet included in testing/certification for type approval ?

5 Impact software security Security affects safety, environment and functionality Proper security serves Liability and Privacy

6 Security threat increases More internet connected cars (and infra) More wireless More networks within vehicle More connection with Nomadic Devices Better tools for breaking codes Faster communication of hacking methods THERE IS AN INCREASING BUSINESS CASE

7 Aspects for security Architecture (hardware & software) Security level components (chips e.a) Software Process (SDLC) Software Updates (OTA? While driving?)) Memory capacity hardware Response time Quality level components and data Configuration management of parameters

8 Proposal to proceed Decide that software security should be part of Type Approval requirements Develop a seperate (modular) Regulation for Software security Determine Security requirements, preferably based on existing standards Define a flexible process to support future developments/requirements

9 Find the right balance If software combines functions, the highest level should be realized Considerations Practical useAssurance level FunctionAssurance levelExamples SafetyHighASIL C/D, EAL 6/5 EnvironmentMediumASIL A/B, EAL 4/3 Information (ie. Infotainment)No requirement-

10 Considerations (2) Importance of data analysis (surveillance) will increase as part of approval How about “self-learning software”

11 Considerations (3) Note: EAL Assurance levels could also depend on how “connected” a vehicle is Security should be considered for the complete system (vehicle & infra) SAE LevelAssurance levels for safety functions and components that could impact safety functions Assurance levels for environmental functions 0-2ASIL C/D, EAL 4/3EAL 4/3 3-5ASIL C/D, EAL 5/6EAL 4/3

12 Thoses who surrender freedom for security will not have, nor do they deserve, either one (Benjamin Franklin, 1706-1790) Thank you for your attention Peter Striekwold

Download ppt "Software Security WP29 / ITS 11-11-2015 Document No. ITS/AD-07-03-Rev1 (7th ITS/AD, 11 November 2015, agenda item 3-2)"

Similar presentations

SAR Overview Business Case Review Logical SARPhysical SAR Implementation Review 1.

SAR Overview Business Case Review Logical SARPhysical SAR Implementation Review 1.
IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS-21-06 (21st ITS,

IHRA-ITS UN-ECE WP.29 ITS Informal Group Geneva, March, 2013 Overview of International Activities to Limit Distraction Document No. ITS (21st ITS,
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
FIA Protection Against Mileage Fraud by Common Criteria UNECE 2015-05-05 Informal document GRSG-108-37 (108th GRSG, 4-8 May 2015, agenda item 3)

FIA Protection Against Mileage Fraud by Common Criteria UNECE Informal document GRSG (108th GRSG, 4-8 May 2015, agenda item 3)
1 Test Planning CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 9, 2007.

1 Test Planning CSSE 376, Software Quality Assurance Rose-Hulman Institute of Technology March 9, 2007.
Configuration management. Reasons for software configuration management  it facilitates the ability to communicate  status of documents, coding, changes.

Configuration management. Reasons for software configuration management  it facilitates the ability to communicate  status of documents, coding, changes.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Submitted by the experts from the informal working group on R-55 Informal document GRRF-79-03 (79th GRRF, 16 – 20 February 2015, agenda item 4) R55: Performance.

Submitted by the experts from the informal working group on R-55 Informal document GRRF (79th GRRF, 16 – 20 February 2015, agenda item 4) R55: Performance.
IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany IHP Im Technologiepark 25 15236 Frankfurt (Oder) Germany www.ihp-microelectronics.com © 2013 -

IHP Im Technologiepark Frankfurt (Oder) Germany IHP Im Technologiepark Frankfurt (Oder) Germany ©
Principles of Information Security, 2nd Edition1 Introduction.

Principles of Information Security, 2nd Edition1 Introduction.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Michael Westra, CISSP June 2012 2012 BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.

Michael Westra, CISSP June BSides Detroit Security Presentation: Vehicle Hacking “If you think technology can solve your security problems, then.
Innovation and Technology Transfer Diogo Mendonça João Sousa M. Sc. Programme – “ Enginnering Policy and Management of Technology”, 2001 Lesson 6 - Lecture.

Innovation and Technology Transfer Diogo Mendonça João Sousa M. Sc. Programme – “ Enginnering Policy and Management of Technology”, 2001 Lesson 6 - Lecture.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
Type approval Data- base and vehicle registration in The Netherlands EReg Luxembourg, 12 May 2010 P.E.Th. Striekwold Manager Type Approval Department.

Type approval Data- base and vehicle registration in The Netherlands EReg Luxembourg, 12 May 2010 P.E.Th. Striekwold Manager Type Approval Department.
Team Welcome to Woop Woop Project WiFi Clock. Introduction Team Members  Rosemary Peters  Kirby Wigton  Nate Perkins  Joe Haggberg Advisor Dr. Aziz.

Team Welcome to Woop Woop Project WiFi Clock. Introduction Team Members  Rosemary Peters  Kirby Wigton  Nate Perkins  Joe Haggberg Advisor Dr. Aziz.
Brussels, 1 June 2005 WP2005-2006 Strategic Objective 2.5.3 Embedded Systems Tom Bo Clausen.

Brussels, 1 June 2005 WP Strategic Objective Embedded Systems Tom Bo Clausen.
“Navigating IT Solutions. Delivering Results.” Bay State, Inc. ◊ 4201 Northview Drive, Suite 408, Bowie, MD 20716 ◊ t: 301-352-7878 ◊ www.bayst.com.

“Navigating IT Solutions. Delivering Results.” Bay State, Inc. ◊ 4201 Northview Drive, Suite 408, Bowie, MD ◊ t: ◊
OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.

OBJECT ORIENTED SYSTEM ANALYSIS AND DESIGN. COURSE OUTLINE The world of the Information Systems Analyst Approaches to System Development The Analyst as.
J. E. Marsden, Mack Trucks, Inc. - Aug. 6, 2003 Vehicle Implications of OBD Based on initial proposal for regulation from California ARB, July 25, 2003.

J. E. Marsden, Mack Trucks, Inc. - Aug. 6, 2003 Vehicle Implications of OBD Based on initial proposal for regulation from California ARB, July 25, 2003.

Similar presentations

Ads by Google