4-6 November | Sheraton Grand Doha, Qatar

Automotive Safety and Cybersecurity Convergence With CC AVA_VAN (M20c)

05 Nov 2024
10:00 am

Automotive Safety and Cybersecurity Convergence With CC AVA_VAN (M20c)

The Functional Safety and Cybersecurity requirements originating from the acclaimed standards ISO 26262 and ISO/SAE 21434 go hand in hand in many aspects such as the process phase V-cycle for in-context development of automotive-grade products. However, in the case of out-of-context development, it remains an ever-present challenge to streamline the development aspects to comply with the needs of both standards.

While ISO 26262 through its various parts presents requirements and metrics at all levels including hardware, software, firmware, and processes, ISO/SAE 21434 focuses mainly on process aspects with organizational-level cybersecurity readiness, except for the TARA and pen-testing aspects that dive deeper into cybersecurity readiness and assurance levels (Cybersecurity Assurance Levels or CALs) with quantitative analysis of threats, attacks (Targeted Attack Feasibility or TAF), impacts, and mitigation of those threats.

From the IP vendor or supplier point of view, it is always a challenge to:
1. Streamline development in a multi-compliance driven approach.
2. Focus on both cybersecurity and functional safety at the same time to ensure full compliance with both standards.

In this context, a use-case based on a return of experiment on cybersecurity products where the components serve as “safety-related” functions will be explicit. For instance, the cybersecurity root-of-trust components in an Advanced Driver Assistance Systems (ADAS).

It is in this aspect where Common Criteria AVA_VAN can be leveraged to mitigate challenges in complying with both.

From empirical evidence and analysis, it was found that there is a synergy of compliance with these automotive standards, especially the TARA attack feasibility calculation with the AVA_VAN level compliance. This talk will focus mainly on expressing the:
1. Utilization of the attack potential-based feasibility calculation of different threats from a cybersecurity point of view, leveraging AVA_VAN methodology, and
2. How compliance with the functional safety aspects of the product can also be achieved.

The standards or protection profiles included in this study are CC PP0114 C2C V2X, ISO 26262, and ISO/SAE 21434.