Joint functional safety ISO 26262 and cybersecurity STRIDE/HEAVENS assessment by developers within MBSE SPES framework using extended SysML diagrams and minor automations

To manage the increasing complexity of modern automotive systems, development companies adhere to model based systems engineering (MBSE). Within MBSE processes, suitable modeling approaches need to be selected and combined. Modelling and simulation approaches include semi-formal modeling, software generation, engineering simulation and software emulation. Today, even the selection, tailoring and interfacing of modeling approaches can be supported within framing methodologies. Within such a digitalized development process context, the paper addresses the question how to use SysML modeling to support efficiently the functional safety as well as the cybersecurity (IT security) assessment of developers within the early stages of the system development process in the automotive domain within MBSE. The feasibility of the approach is realized by the development of a concept for functional safety and cybersecurity analysis within the Software Platform Embedded Systems (SPES) framework. The concept is documented with metamodels and is backed by SysML profiles which extend the SPES profile within the IBM Rational Rhapsody environment. The profile for cybersecurity analysis supports assessment of developers at the system level adhering to the guidelines of the Microsoft STRIDE based HEAling Vulnerabilities to Enhance Software Security and Safety (HEAVENS) security model, specifically for automotive. SysML model-based prototypes, i.e. SysML system designs including their functional safety and cybersecurity assessment, are developed, which validate the approach within an automotive MBSE pilot project. A sample prototype application shows the feasibility of the approach and allows to estimate the effort of SysML supported functional safety and cybersecurity assessments of developers within a SPES conform environment. Main results include the feasibility of reuse and further development of SPES oriented SysML models (e.g. context, scenario, goal, function) intended for system design. The functional safety and cybersecurity relevant model extensions and refinements are realized within these system models. The refinements and extensions result in functional safety relevant models which support item definition, hazard and risk analysis, functional safety concept and technical safety concept. Similarly, cybersecurity relevant SysML models help in Target of Evaluation (TOE) description, threat analysis and risk assessment and cybersecurity requirement derivation according to the HEAVENS approach. The automations imparted on these extended SysML models by using helpers enhance the usability. For instance, helpers provide automatic functional safety and cybersecurity parameter determination within models (e.g. ASIL determination, security level derivation) and filtered graphical views based on inputs of developers. Together with a model checker they assist fast execution of the analyses, consistency checks and generation of the assessment artifacts, e.g. tabular overview of risks and their control.