ISO 21434安保工程 (Security Engineering for ISO 21434)

from arxiv, This is a White Paper. This is a preliminary version. Its figures and template are to be finalized by our marketing department. V3 corrects a number of typos

The ISO 21434 is a new standard that has been proposed to address the future challenges of automotive cybersecurity. This white paper takes a closer look at the ISO 21434 helping engineers to understand the ISO 21434 parts, the key activities to be carried out and the main artefacts that shall be produced. As any certification, obtaining the ISO 21434 certification can be daunting at first sight. Engineers have to deploy processes that include several security risk assessment methods to produce security arguments and evidence supporting item security claims. In this white paper, we propose a security engineering approach that can ease this process by relying on Rigorous Security Assessments and Incremental Assessment Maintenance methods supported by automation. We demonstrate by example that the proposed approach can greatly increase the quality of the produced artefacts, the efficiency to produce them, as well as enable continuous security assessment. Finally, we point out some key research directions that we are investigating to fully realize the proposed approach.

翻译：ISO 21434是为解决未来汽车网络安全挑战而提议的新标准,白皮书更仔细地审视ISO 21434帮助工程师理解ISO 21434部件、将要开展的关键活动和将生产的主要文物,因为任何认证,获得ISO 21434认证都可能一目了然。工程师必须部署包含若干安全风险评估方法的流程,以提出安全证据和证据支持项目安全索赔。在本白皮书中,我们提议采用安全工程方法,依靠自动化支持的严格安全评估和增量评估维护方法,可以方便这一进程。我们举例表明,拟议方法可以大大提高所生产文物的质量、生产效率以及持续的安全评估。最后,我们指出我们正在调查的一些关键研究方向,以充分实现拟议方法。

相关内容

Engineering

关注 6

《工程》是中国工程院（CAE）于2015年推出的国际开放存取期刊。其目的是提供一个高水平的平台，传播和分享工程研发的前沿进展、当前主要研究成果和关键成果；报告工程科学的进展，讨论工程发展的热点、兴趣领域、挑战和前景，在工程中考虑人与环境的福祉和伦理道德，鼓励具有深远经济和社会意义的工程突破和创新，使之达到国际先进水平，成为新的生产力，从而改变世界，造福人类，创造新的未来。期刊链接：https://www.sciencedirect.com/journal/engineering