TY - GEN

T1 - Integration of Cybersecurity Related Development Processes by Using a Quantification Method

AU - Noun, Hassan

AU - Rehm, Florian

AU - Zeller, Guillaume

AU - Rajesh, G.

AU - Lachmayer, Roland

PY - 2022

Y1 - 2022

N2 - The international standard ISO 21434 is used to derive new development processes, work products and roles during product development in the automotive industry. For a suitable development of security relevant vehicle systems, the new work steps must be integrated into the existing development process. The challenge is to apply a proper method for an integration of these additional activities. For the integration a quantification of the process maturity of the security relevant development processes supports thereby, in order to make a statement about the precondition for the treatment of security relevant vehicle systems. Furthermore, this identifies development fields in the process integration. This paper shows how a coefficient for measuring process maturity is established. Therefore, the functional security related activities are identified and isolated. In the next step supporting processes are defined. Further, weighted means are determined. The aim is to have an indicator for the security relevant development processes already at the beginning of the development and thus to be able to take appropriate measures in advance. As an application example, an automotive project for ADAS system is considered. This is followed by differentiated derivations of measures based on the established coefficients for the individual domains.

AB - The international standard ISO 21434 is used to derive new development processes, work products and roles during product development in the automotive industry. For a suitable development of security relevant vehicle systems, the new work steps must be integrated into the existing development process. The challenge is to apply a proper method for an integration of these additional activities. For the integration a quantification of the process maturity of the security relevant development processes supports thereby, in order to make a statement about the precondition for the treatment of security relevant vehicle systems. Furthermore, this identifies development fields in the process integration. This paper shows how a coefficient for measuring process maturity is established. Therefore, the functional security related activities are identified and isolated. In the next step supporting processes are defined. Further, weighted means are determined. The aim is to have an indicator for the security relevant development processes already at the beginning of the development and thus to be able to take appropriate measures in advance. As an application example, an automotive project for ADAS system is considered. This is followed by differentiated derivations of measures based on the established coefficients for the individual domains.

KW - Cybersecurity

KW - Integration method

KW - Process integration

KW - System security

UR - http://www.scopus.com/inward/record.url?scp=85140445107&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-17551-0_15

DO - 10.1007/978-3-031-17551-0_15

M3 - Conference contribution

AN - SCOPUS:85140445107

SN - 9783031175503

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 233

EP - 242

BT - Science of Cyber Security - 4th International Conference, SciSec 2022, Revised Selected Papers

A2 - Su, Chunhua

A2 - Sakurai, Kouichi

A2 - Liu, Feng

PB - Springer Science and Business Media Deutschland GmbH

T2 - 4th International Conference on Science of Cyber Security, SciSec 2022

Y2 - 10 August 2022 through 12 August 2022

ER -