Application of the Common Criteria to Building Trustworthy Automotive SDLC (A21a)
The car industry’s digital transformation exposes new cybersecurity threats. In order to solve this, various standardizations on automotive cybersecurity are in progress, the most representative of which are the UNECE cybersecurity regulations and ISO/SAE 21434 international standards that will take effect in 2022. Security-by-design concept is a core requirement of these standards. That is because the inherent complexity of vehicle platforms, with their long development cycles and complex supply chains, do not allow for late-stage architectural changes. The problem, however, is that no specific detailed methodologies are presented in these standards. Thus, in this paper, by using our own “CIA(Functional Correctness / Safety Integrity / Security Assurance)-level driven method for integrating security into SDLC process”, we propose a trustworthy automotive SDLC.