과제정보
이 논문은 2020년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임(No.2017-0-00184, 자기학습형 사이버 면역 기술 개발).
참고문헌
- R. Bell, "Introduction to IEC 61508," ACM International Conference Proceeding Series, Vol.162, pp.3-12, 2006.
- Amiso M. George, "Japan (Toyota)," in Case studies in crisis communication: International perspectives on hits and misses, Part III, pp.227-252, 1997.
- R. Debouk, "Overview of the 2nd Edition of ISO 26262: Functional safety-road vehicles," General Motors Company, Warren, MI, USA, 2018.
- Craigen, Dan, Nadia Diakun-Thibault, and Randy Purse., "Defining cybersecurity," Technology Innovation Management Review, Vol.4, No.10, 2014.
- J. M ssinger, "Software in automotive systems," IEEE Software, Vol.27, No.2, pp.92-94, 2010. https://doi.org/10.1109/MS.2010.55
- C. Miller and C. Valasek. "Remote exploitation of an unaltered passenger vehicle," in Black Hat USA, pp.91, 2015.
- Mathias Dehm, Markus Tschersich, "Road Vehicles' Life-Cycle: Mapping of relevant standards and regulations for automotive cybersecurity," in ESCAR Europe, 2019.
- H. Khattri, N. K. V. Mangipudi, and S. Mandujano, "Hsdl: A security development lifecycle for hardware technologies," 2012 IEEE International Symposium on HardwareOriented Security and Trust, pp.116-121, 2012.
- P. Salini and S. Kanmani. "Survey and analysis on security requirements engineering," Computers & Electrical Engineering, Vol.38, No.6, pp.1785-1797, 2012. https://doi.org/10.1016/j.compeleceng.2012.08.008
- S. Khou, L. O. Mailloux, J. M. Pecarina, and M. Mcevilley, "A customizable framework for prioritizing systems security engineering processes, activities, and tasks," IEEE Access, Vol.5, pp.12878-12894, 2017. https://doi.org/10.1109/ACCESS.2017.2714979
- N. M. Mohammed, M. Niazi, M. Alshayeb, and S. Mahmood, "Exploring software security approaches in software development lifecycle: A systematic mapping study," Computer Standards & Interfaces, Vol.50, pp.107-115, 2017. https://doi.org/10.1016/j.csi.2016.10.001
- T. Loruenser, H. C. Pohls, L. Sell, and T. Laenger, "CryptSDLC: Embedding cryptographic engineering into secure software development lifecycle," Proceedings of the 13th International Conference on Availability, Reliability and Security, pp.1-9, 2018.
- Ruggieri, Maxwell, Tzu-Tang Hsu, and Md Liakat Ali. "Security Considerations for the Development of Secure Software Systems," 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), pp.1187-1193, 2019.
- E. Venson, X. Guo, Z. Yan, and B. Boehm, "Costing Secure Software Development: A Systematic Mapping Study," Proceedings of the 14th International Conference on Availability, Reliability and Security, pp.1-11, 2019.
- V. Casola, A. De Benedictis, M. Rak, and U. Villano, "A novel Security-by-Design methodology: Modeling and assessing security by SLAs with a quantitative approach," Jounal of Systems and Software, Vol.163, pp.110537, 2020. https://doi.org/10.1016/j.jss.2020.110537
- A. Avizienis, J. C. Laprie, B. Randell, and C. Landwehr, "Basic concepts and taxonomy of dependable and secure computing," IEEE Transactions on Dependable and Secure Computing, Vol.1, No.1, pp.11-33, 2004. https://doi.org/10.1109/TDSC.2004.2
- A. Michailidis, U. Spieth, T. Ringler, B. Hedenetz, and S. Kowalewski, "Test front loading in early stages of automotive software development based on AUTOSAR," 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010), pp.435-440, 2010.
- R. Y. Takahira, L. R. Laraia, F. A. Dias, S. Y. Abraham, P. T. Nascimento, and A. S. Camargo, "Scrum and Embedded Software development for the automotive industry," Proceedings of PICMET'14 Conference: Portland International Center for Management of Engineering and Technology; Infrastructure and Service Integration, pp.2664-2672, 2014.
- Young, William, and Nancy G. Leveson. "An integrated approach to safety and security based on systems theory," Communications of the ACM, Vol.57, No.2, pp.31-35, 2014. https://doi.org/10.1145/2556938
- S. Kriaa, L. Pietre-Cambacedes, M. Bouissou and Y. Halgand, "A survey of approaches combining safety and security for industrial control systems," Reliability Engineering & System Safety, Vol.139, pp.156-178, 2015. https://doi.org/10.1016/j.ress.2015.02.008
- C. Wolff, L. Krawczyk, R. Hottger, C. Brink, U. Lauschner, D. Fruhner, ... and B. Igel, "AMALTHEA-Tailoring tools to projects in automotive software development," 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Vol.2, pp.515-520, 2015.
- Schmittner, Christoph, Zhendong Ma, and Erwin Schoitsch. "Combined safety and security development lifecylce," 2015 IEEE 13th International Conference on Industrial Informatics (INDIN), pp.1408-1415, 2015.
- Sabaliauskaite, Giedre, Sridhar Adepu, and Aditya Mathur, "A six-step model for safety and security analysis of cyber-physical systems," International Conference on Critical Information Infrastructures Security, pp.189-200, 2016.
- Pricop, Emil, Sanda Florentina Mihalache, and Jaouhar Fattahi, "Innovative fuzzy approach on analyzing industrial control systems security," Recent Advances in Systems Safety and Security, pp.223-239, 2016.
- M. Brunner, M. Huber, C. Sauerwein, and R. Breu, "Towards an integrated model for safety and security requirements of cyber-physical systems," 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp.334-340, 2017.
- Y. Zhang, P. Shi, C. Dong, Y. Liu, X. Shao, and C. Ma, "Test and Evaluation System for Automotive Cybersecurity," 2018 IEEE International Conference on Computational Science and Engineering (CSE), pp.201-207, 2018.
- S. Yi, H. Wang, Y. Ma, F. Xie, P. Zhang, and L. Di, "A safety-security assessment approach for communicationbased train control (cbtc) systems based on the extended fault tree," 2018 27th International Conference on Computer Communication and Networks (ICCCN), pp.1-5, 2018.
- H. Abdo, M. Kaouk, J. M. Flaus, and F. Masse, "A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie- combining new version of attack tree with bowtie analysis," Computers & Security, Vol.72, pp.175-195, 2018. https://doi.org/10.1016/j.cose.2017.09.004
- Skoglund, Martin, Fredrik Warg, and Behrooz Sangchoolie, "In Search of Synergies in a Multi-concern Development Lifecycle: Safety and Cybersecurity," International Conference on Computer Safety, Reliability, and Security, pp.302-313, 2018.
- T. Chowdhury, E. Lesiuta, K. Rikley, C. W. Lin, E. Kang, B. Kim, ... and A. Wassyng, "Safe and secure automotive over-the-air updates," International Conference on Computer Safety, Reliability, and Security, pp.172-187, 2018.
- F. Asplund, J. McDermid, R. Oates, and J. Roberts, "Rapid Integration of CPS Security and Safety," IEEE Embedded Systems Letters, Vo.11, No.4, pp.111-114, 2018. https://doi.org/10.1109/les.2018.2879631
- Lisova, Elena, Irfan Sljivo, and Aida Causevic, "Safety and security co-analyses: A systematic literature review," IEEE Systems Journal, Vol.13, No.3, pp.2189-2200, 2018. https://doi.org/10.1109/jsyst.2018.2881017
- Geismann, Johannes, Christopher Gerking, and Eric Bodden, "Towards ensuring security by design in cyber-physical systems engineering processes," Proceedings of the 2018 International Conference on Software and System Process, pp.123-127, 2018.
- K. Huang, C. Zhou, Y. C. Tian, S. Yang, and Y. Qin, "Assessing the physical impact of cyberattacks on industrial cyber-physical systems," IEEE Transactions on Industrial Electronics, Vol.65, No.10, pp.8153-8162, 2018. https://doi.org/10.1109/tie.2018.2798605
- D. S. Fowler, J. Bryans, M. Cheah, P. Wooderson, and S. A. Shaikh, "A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example," 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp.1-8, 2019.
- Oka, Dennis Kengo, Tommi Makila, and Rikke Kuipers, "Integrating Application Security Testing Tools into ALM Tools in the Automotive Industry," 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp.42-45, 2019.
- S. Verma, T. Gruber, C. Schmittner, and P. Puschner, "Combined Approach for Safety and Security," International Conference on Computer Safety, Reliability, and Security, pp.87-101, 2019.
- Apvrille, Ludovic, and Letitia W. Li, "Harmonizing safety, security and performance requirements in embedded systems," 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp.1631-1636, 2019.
- J. Dobaj, C. Schmittner, M. Krisper, and G. Macher, "Towards Integrated Quantitative Security and Safety Risk Assessment," International Conference on Computer Safety, Reliability, and Security, pp.102-116, 2019.
- M. Koschuch, W. Sebron, Z. Szalay, A. Torok, H. Tschiurtz, and I. Wahl, "Safety & Security in the Context of Autonomous Driving," 2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE), pp.1-7, 2019.
- R. Bramberger, H. Martin, B. Gallina, and C. Schmittner, "Co-engineering of Safety and Security Life Cycles for Engineering of Automotive Systems," ACM SIGAda Ada Letters, Vol.39, No.2, pp.41-48, 2020. https://doi.org/10.1145/3394514.3394519
- B. De Win, R. Scandariato, K. Buyens, J. Gregoire, and W. Joosen, "On the secure software development process: CLASP, SDL and Touchpoints compared," Information and software technology, Vol.51, No.7, pp.1152-1171, 2009. https://doi.org/10.1016/j.infsof.2008.01.010
- Microsoft, "Security Development Lifecycle - SDL Process Guidance," Ver.5.2, 2012.
- United States Congress, "NIST SP 800-64 - Security Considerations in the System Development Life Cycle", Rev.2, 2019.
- OWASP, Comprehensive, lightweight application security process [Internet], http://www.owasp.org, 2006.
- SAE Vehicle Electrical System Security Committee, "Sae j3061-cybersecurity guidebook for cyber-physical automotive systems," SAE-Society of Automotive Engineers, 2016.
- Schmittner, Christoph, and Georg Macher, "Automotive Cybersecurity Standards-Relation and Overview," International Conference on Computer Safety, Reliability, and Security, pp.153-165, 2019.
- UNECE, "Draft Cyber Security Regulation," final clean version, 2020.
- H. Hunjan, "ISO/SAE 21434 Automotive Cyber-Security Engineering," Presentation, Renessas Electronics LTD, 2018.
- Blyler, John, "Software-Hardware Integration in Automotive Product Development," SAE, pp.i-v, 2014.
- LDRA, "Build Security Into The Connected Car Development Life Cycle" [Internet], https://ldra.com/buildsecurityconnected-car-development-life-cycle/?fbclid=IwAR01liF34G0QMtisIVoazTFlDZR2GhVCXOFtg1BkGr7_U9RNwgCfRG02kko, 2017.
- E. Schoitsch, C. Schmittner, Z. Ma, and T. Gruber, "The need for safety and cyber-security co-engineering and standardization for highly automated automotive vehicles," Advanced Microsystems for Automotive Applications 2015, pp.251-261, 2016.
- Sabaliauskaite, Giedre, and Aditya P. Mathur, "Aligning cyber-physical system safety and security," Complex Systems Design & Management Asia, pp.41-53, 2015.
- Synopsys, What is ASIL? [Internet], https://www.synopsys.com/automotive/what-is-asil.html
- Schmittner, Christoph, and Zhendong Ma, "Towards a framework for alignment between automotive safety and security standards," International Conference on Computer Safety, Reliability, and Security, pp.133-143, 2014.
- Miller, Joseph D, "Automotive System Safety: Critical Considerations for Engineering and Effective Management," John Wiley & Sons, 2019.
- Mellado, Daniel, Eduardo Fernandez-Medina, and Mario Piattini, "A common criteria based security requirements engineering process for the development of secure information systems," Computer Standards & Interfaces, Vol.29, No.2, pp.244-253, 2007. https://doi.org/10.1016/j.csi.2006.04.002
- Yin, Lei, and Fang-Liang Qiu, "A novel method of security requirements development integrated common criteria," 2010 International Conference On Computer Design and Applications, Vol.5, pp.V5-531, 2010.
- D. Mellado, C. Blanco, L. E. Sanchez, and E. Fernandez-Medina, "A systematic review of security requirements engineering," Computer Standards & Interfaces, Vol.32, No.4, pp.153-165, 2010. https://doi.org/10.1016/j.csi.2010.01.006
- S. H. Houmb, S. Islam, E. Knauss, J. Jurjens, and K. Schneider, "Eliciting security requirements and tracing them to design: An integration of Common Criteria, heuristics, and UMLsec," Requirements Engineering, Vol.15, No.1 pp.63-93, 2010. https://doi.org/10.1007/s00766-009-0093-9
- Mesquida, Antoni Lluis, and Antonia Mas, "Implementing information security best practices on software lifecycle processes: The ISO/IEC 15504 Security Extension," Computers & Security, Vol.48, pp.19-34, 2015. https://doi.org/10.1016/j.cose.2014.09.003
- H. Li, X. Li, J. Hao, G. Xu, Z. Feng, and X. Xie, "Fesr: A framework for eliciting security requirements based on integration of common criteria and weakness detection formal model," 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS), pp.352-363, 2017.
- Barafort, Beatrix, Antoni-Lluis Mesquida, and Antonia Mas, "Integrating risk management in IT settings from ISO standards and management systems perspectives," Computer Standards & Interfaces, Vol.54, pp.176-185, 2017. https://doi.org/10.1016/j.csi.2016.11.010
- Barafort, Beatrix, Antoni-Lluis Mesquida, and Antonia Mas, "Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multistandards context," Computer Standards & Interfaces, Vol.60, pp.57-66, 2018. https://doi.org/10.1016/j.csi.2018.04.010
- Lee, Younghwa, Jintae Lee, and Zoonky Lee, "Integrating software lifecycle process standards with security engineering," Computers & Security, Vol.21, No.4, pp.345-355, 2002. https://doi.org/10.1016/S0167-4048(02)00413-3
- D. Horie, T. Kasahara, Y. Goto, and J. Cheng, "A new model of software life cycle processes for consistent design, development, management, and maintenance of secure information systems,"2009 Eighth IEEE/ACIS International Conference on Computer and Information Science, pp.897-902, 2009.
- Amara, Naseer, Zhiqui Huang, and Awais Ali, "Modelling Security Requirements for Software Development with Common Criteria," International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, pp.78-88, 2019.
- MISRA, C, MISRA C [Internet], https://www.misra.org.uk/