Framework for developing a cybersecurity concept according to ISO/SAE 21434 using model-based systems engineering / by M.Sc. Sergej Japs ; Referees: Prof. Dr.-Ing. Roman Dumitrescu, Prof. Dr. rer. nat. Frank Kargl. Paderborn, 2024
Inhalt
- Preliminary work
- 1 Introduction
- 2 Problem analysis
- 2.1 Relevant regulations and standards
- 2.1.1 UN Regulation No. 155 - Cybersecurity and Cybersecurity Management System
- 2.1.2 ISO/SAE 21434: Road Vehicles - Cybersecurity Engineering
- 2.2 Model-Based Systems Engineering
- 2.2.1 Advantages of MBSE
- 2.2.2 Components for describing the system model
- 2.2.3 CONSENS
- 2.2.4 Effect Chain Modeling Language
- 2.2.5 Systems Modeling Language
- 2.3 Domain-specific approaches
- 2.3.1 Determination of the Automotive Safety Integrity Level
- 2.3.2 Fault Tree Analysis
- 2.3.3 Attack Potential-Based Approach
- 2.3.4 Cybersecurity Assurance Level
- 2.4 Problem delimitation
- 2.5 Thesis requirements
- 3 Research method
- 4 State of the art
- 4.1 Considered approaches
- 4.1.1 ThreatSurf: Threat surface assessment
- 4.1.2 Attack surface assessment
- 4.1.3 TARA+ for L3 automated driving systems
- 4.1.4 SARA: Security automotive risk analysis method
- 4.1.5 Attack surface analysis
- 4.1.6 THREATGET: Automated attack tree analysis
- 4.1.7 Multi-concern development lifecycle
- 4.1.8 Model-based attack tree generation
- 4.1.9 Mutually supporting safety and security analyses
- 4.1.10 Model-based safety assessment with SysML
- 4.1.11 Security-driven automotive development lifecycle
- 4.1.12 HEAVENS 2.0: An automotive risk assessment model
- 4.1.13 Cybersecurity threat analysis
- 4.1.14 Automotive SPICE for cybersecurityassessment model
- 4.2 Literature rating
- 5 Developing a Cybersecurity Concept According to ISO/SAE 21434
- 5.1 Overview of the framework
- 5.2 3D environment for identification of damage scenarios
- 5.2.1 Conducting workshops as part of the concept phase
- 5.2.2 Analysis of tools that can be used in the concept phase
- 5.2.3 Systematic identification of damage scenarios
- 5.2.4 Evaluation summary and identified limitations
- 5.3 Data-driven risk assessment in workshops
- 5.3.1 Need to use statistics at concept phase
- 5.3.2 Related approaches using statistical data
- 5.3.3 Data aggregation approach
- 5.3.4 Risk assessment based on statistical data
- 5.3.5 Evaluation summary and identified limitations
- 5.4 Model transformation
- 5.4.1 Need for the use of the ECML
- 5.4.2 Mapping ECML to SysML
- 5.4.3 Explanation of the ECML to SysML mapping using an example
- 5.4.4 Requirements for the prototype
- 5.4.5 Description of the implemented prototype
- 5.4.6 Evaluation summary and identified limitations
- 5.5 Threat identification in workshops
- 5.5.1 Background and necessity of threat identification in workshops
- 5.5.2 Analysis of related approaches
- 5.5.3 Overview of the method and introduction of the application example
- 5.5.4 Identify threats at the system boundary
- 5.5.5 White box threat refinement
- 5.5.6 White-box threat prioritisation
- 5.5.7 Evaluation summary and identified limitations
- 5.6 Threat resolution in workshops
- 5.6.1 Need for systematic reuse of solution knowledge
- 5.6.2 Analysis of related approaches
- 5.6.3 Selecting appropriate security design patterns
- 5.6.4 Threat resolution using design patterns
- 5.6.5 Evaluation summary and identified limitations
- 5.7 Security design patterns
- 5.7.1 The need to use security design patterns in early system design
- 5.7.2 Analysis of related approaches
- 5.7.3 Evaluation summary and identified limitations
- 5.8 Derivation of requirements from models
- 5.8.1 Need to derive security requirements from models
- 5.8.2 Analysis of related approaches
- 5.8.3 Derivation of security black box requirements
- 5.8.4 Derivation of security white box requirements
- 5.8.5 Evaluation summary and identified limitations
- 5.9 Procedure model for the development of a cybersecurity concept
- 6 Evaluation
- 6.1 Evaluation 1: Conducting initial workshops
- 6.2 Evaluation 2: A - Dortmund International Summer School
- 6.2.1 Project characterization
- 6.2.2 Evaluation goal
- 6.2.3 Evaluation results
- 6.2.4 Summary of results
- 6.2.5 Lessons learned
- 6.3 Evaluation 2: B - MBSE 2020
- 6.3.1 Project characterization
- 6.3.2 Evaluation goal
- 6.3.3 Evaluation of the results from Activity 1
- 6.3.4 Evaluation of the results from Activity 2
- 6.3.5 Evaluation of the results from Activity 3
- 6.3.6 Evaluation of the results from Activity 4
- 6.3.7 Evaluation of the overall project
- 6.3.8 Lessons learned
- 6.4 Evaluation 3: MBSE 2021
- 6.4.1 Project characterization
- 6.4.2 Evaluation goal
- 6.4.3 Evaluation of the competence test
- 6.4.4 Quantitative comparison between two test groups
- 6.4.5 Evaluation of feedback
- 6.4.6 Evaluation of the whole project
- 6.4.7 Lessons learned
- 6.5 Evaluation 4: A - Improved/New approaches
- 6.5.1 Evaluation of using a 3D environment
- 6.5.2 Evaluation of the use of statistical data
- 6.5.3 Evaluation of using a tool for model transformation
- 6.5.4 Lessons learned
- 6.6 Evaluation 4: B - Evaluation with subject matter experts
- 6.6.1 Overview
- 6.6.2 Application example - Intelligent Speed Assistance
- 6.6.3 Phase 1: System analysis at environment level
- 6.6.4 Phase 2: Impact analysis at environment level
- 6.6.5 Phase 3: Security analysis at environment level
- 6.6.6 Phase 4: Analysis at system level
- 6.6.7 Phase 5: Security analysis at environment level
- 6.6.8 SysML profile for ISO/SAE 21434
- 6.6.9 Real life test
- 6.6.10 Workshops
- 6.7 Evaluation of the work according to the requirements
- 7 Conclusion and future work
- References
- Online references
- Research and teaching projects
- Supervised student works
- Industry projects
- A Supplements to the framework
- A.1 3DE extension: Data-driven modeling of damage scenarios
- A.2 Initial Security Design Pattern Catalogue
- B Supplements to the evaluation
- B.1 Complete application example
- B.1.1 Phase 1: System analysis at environment level
- B.1.2 Phase 2: Impact analysis at environment level
- B.1.3 Phase 3: Security analysis at environment level
- B.1.4 Phase 4: Analysis at system level
- B.1.5 Phase 5: Security analysis at environment level
- B.2 Physical access to digital signage systems