Forum Safety & Security 2019 ISO 26262 - »One of the weakest standards of the last years«

In der Stadthalle Sindelfingen fand 2019 bereits zum zweiten Mal das Forum Safety & Security der WEKA Fachmedien statt.
The venue of the Forum Safety & Security 2019 was the Stadthalle Sindelfingen.

It was controversial at the Forum Safety & Security of WEKA Fachmedien in Sindelfingen near Stuttgart. There was still consensus that safety is unthinkable without security in networked systems. But the automotive standard for safety, ISO 26262, was a matter of dissent.

The three-day Forum Safety & Security 2019 of WEKA Fachmedien offered a broad overview of the broad field of functional safety in interaction with data security. After a one-day introductory seminar by Prof. Dr. Peter Fromm from Darmstadt University of Applied Sciences, the conference continued with two conference days in the plenum and exhibition. A total of 228 participants, speakers and exhibitors met in the Stadthalle Sindelfingen for an intensive exchange of information on the two sides of the »Security« medal.

In addition to the two-day track »Automotive« from Elektronik automotive, there were three other tracks:

  • Methods & Tools
  • Industrial automation
  • Medical electronics

In the keynote speech, Dr. Josef Haid, Lead Principal Embedded Security Solutions at Infineon Technologies, gave an outlook on the year 2025 and beyond: What must security achieve in human-machine collaboration? While today robots are often locked up in cages, there are no more barriers in human-machine collaboration. Many environmental sensors are required and there is no stopping when people are around. Therefore, movements must be slower. Haid presented a technology kit for the machines of the future, with elements such as preventive maintenance, virtual safety fences and safe motion control. This also includes a secure cloud-based system, the basic architecture of which Haid explained in detail. To prevent hackers from taking over such a system, Haid advocates the use of hardware-based security with security controllers. At the same time, he emphasized that when selecting encryption algorithms, the long runtime of embedded systems must be taken into account and that these must also be secure against the use of quantum computers. Haid currently regards the AES-256, SHA512 and SHA3-512 methods as secure with regard to quantum computing

Safety & Security in the car

The automotive track started with a presentation by Stephan Janouch of Green Hills, who highlighted the similarities and differences between functional and data security in the car system. »Why is data security the number one priority,« Janouch asked and explained, »because the software is installed unchanged in hundreds of thousands or millions of vehicles and all have the same errors. A single vulnerability threatens all units and these vulnerabilities compromise functional safety.« The spectrum of attackers ranges from vehicle tuners who only want to unlock functions, to hackers, competitors and thieves, to terrorists who want to inflict the greatest possible damage on society. If you want to solve this problem, you first have to know the vehicle environment. Is it about an electronic control unit, the vehicle, the cloud? Modern premium cars contain around 100 million lines of code and, according to a NASA study, this results in 200,000 software bugs. As a solution, Janouch proposes a »Defense-in-Depth« approach with the layers firewall, intrusion detection, encryption, authentication, operating system and hypervisor. It is equally important to proceed according to »inside-out security«, i.e. to identify critical components during the development process and isolate them from non-critical ones. In addition, hardware separation as well as a highly robust software separation should be pursued and complexity minimized.

Dr. Thomas Liedtke, Principal at Kugler Maag, gave a comprehensive overview of the latest security standards and their influence on safety. In his presentation, he criticized that ISO 26262 in its 2nd version does not result in any specific requirements with regard to cyber security. Liedtke therefore postulated that cyber security must always be considered when considering functional security.

The lecture by Andreas Lentz of NXP Semiconductors also dealt with the tension between safety-related requirements and a security subsystem. However, he comes to a different conclusion: the majority of safety requirements must be met at system/SoC level. The safety subsystem remains largely unaffected by the functional safety requirements. Therefore, the safety functions are mainly located outside the security subsystem.

Two presentations dealt with the use of Open Source Software (OSS) in safety-relevant vehicle applications: Rudolf Grave from Elektrobit presented a decision tree for OSS in safety applications and Prof. Nicholas McGuire from OSADL advocated the use of Linux as a robust open source operating system.

»Open source is not free, but needs a strategy,« explains Grave. His decision tree includes separation, monitoring, redevelopment, and qualification checks. As an example, he cited »Eigen«, a C++ library for linear algebra with matrices, vectors, numerical solvers, and related algorithms. Grave sees in the automotive industry an increasing effort to use OSS also outside infotainment systems. However, 90 percent of the open source projects were idle. Promising features include shorter time-to-market, more efficient and effective development, increasingly successful reuse and community-based learning.

Prof. Nicholas McGuire, who also teaches in China, first criticized ISO 26262 as »one of the weakest standards of recent years that is not suitable for complex systems«. He recommends adhering to the compliance route via the umbrella standard IEC 61508, as it allows more flexibility. McGuire presented OSADL's SIL2LinuxMP project, which had already explored the use of Linux in safety environments and published initial results, but also identified further open questions. SIL2LinuxMP was replaced by the ELISA project of the Linux Foundation, which McGuire regretted to some extent, because there would have been numerous open questions that could no longer be pursued due to the migration of former project partners to ELISA. However, McGuire is also convinced that there is a need for OSS in the automotive industry.