SAFE is a unique and comprehensive architecture framework developed by CTSA Consulting for automotive companies to address new cybersecurity challenges in the connected and digital era. Modern automotive architecture must address the increasing complexity exacerbated by new connectivity and automotive technologies, and make cybersecurity the vital attribute of the automotive product to ensure the safety and security of the customers.
Good automotive system architects should possess extensive experience from both the technology and automotive industries. They should have an in-depth understanding of software, connectivity, digital technologies, as well as automotive systems; however, to effectively build a secure and safe vehicle, they must also be capable of identifying and mitigating current and future automotive cybersecurity risks. SAFE provides a systematic framework for automotive system architects to build and maintain automotive cybersecurity through the automotive product life cycle.
The SAFE framework follows the latest automotive cybersecurity standards and uses a holistic approach to design automotive architecture with four cybersecurity core pillars. First, SAFE uses a threat modeling method designed for automotive products to identify the vulnerabilities within the automotive architecture. SAFE then focuses on enforcing the fundamental security principles and designs of embedded systems, fortifying external interfaces to minimize the attacking surfaces, and elevating the security measures of the in-vehicle networks.
The SAFE framework employs a comprehensive yet efficient approach to address the automotive cybersecurity challenges from models, components, external interfaces, and in-vehicle network. Thus, provides the complete coverage to identify, protect, detect, respond, and recover the cybersecurity volatilities now and in the future.
Adaptive Threat Modeling (ATM) is a crucial pillar of the SAFE framework. It uses the latest threat modeling techniques and extends with automotive use cases. STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) is a security threat modeling methodology developed by Microsoft. Although STRIDE provides the great categorization of computer security vulnerabilities and associated counter-measures, it requires adaptations to use in the automotive industry. ATM extends STRIDE with other modeling techniques and automotive specific contexts to model the automotive threats. With the thorough and systematic analysis of the architecture, ATM can identify and prioritize the potential cyber attacks and design mitigation plans early in the design. ATM provides a foundation to create a modern automotive architecture with built-in cybersecurity and reduces the overall cost.
Secure Embedded Systems (SES) addresses the component vulnerabilities in the current automotive products. Many Electronic Control Units (ECUs) inside the vehicles do not have adequate security designs in their embedded systems, and those unprotected ECUs are easy targets for the intruders after gaining access inside the car. SES provides a thorough list of guidelines and effective security countermeasures for embedded systems used in ECUs. SES allows detection and prevention as well as response and recovery while minimizing the damages caused by unwarranted exploitations.
Fortified External Interfaces (FEI) minimizes the attack surfaces and provides temporal and spatial isolations to fortify the most vulnerable external interfaces. The new wireless connectivity technologies such as cellular, wi-fi, DSRC (Dedicated Short-Range Communications), and bluetooth open up once closed automotive systems, which attracts cyber-attackers with more attack surfaces and, more importantly, the remote access capability. FEI addresses the external vulnerabilities and fortifies the interfaces by utilizing the latest cryptographic technologies to eliminate the intrusions and providing intelligent surveillance and anomaly detection.
Elevated Network Security (ENS) elevates the in-vehicle network and ensures that the network communication is secure and protected. The automotive in-vehicle network is getting more complicated as more ECUs use different network types from traditional CAN (Control Area Network), FlexRay, LIN (Local Interconnect Network), MOST (Media Oriented System Transport) to Automotive Ethernet. The communication within and between the subnet networks must be secure in term of authentication, authorization, and encryption.
SAFE provides a holistic framework to embed the cybersecurity in each component as well as the network communications internal and external to the vehicle via four cybersecurity pillars. SAFE is an evolving framework for automotive companies to build better automotive architectures with more advanced and promising technologies such as artificial intelligence. For more information, please contact CTSA Consulting.
by George Huan, founder and principal of CTSA Consulting LLC.