Software Updates in Safety and Security Co-engineering

Mugarza, Imanol; Parra, Jorge; Jacob, Eduardo

doi:10.1007/978-3-319-66284-8_17

Cited by 10 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cyber-security shall then jointly and collaboratively be addressed by these entities, which are, first and foremost, highly advised to implement and enforce the ISO 27000 framework [ 17 , 18 ] and quality management [ 20 , 21 ] processes and procedures. Following IEC TR 63069 [ 13 ] and IEC TR 63074 [ 14 ], the defined security processes should be compatible with the safety processes, specifically, with the overall operation, maintenance and repair and overall modification and retrofit requirements established by IEC 61508 [ 11 , 15 ] (or with other safety-related maintenance processes described in any domain-specific standard, such as automotive [ 71 ]).…”

Section: Discussionmentioning

confidence: 99%

“…Figure 9. Patch lifecycle model [11,16]. The asset owner should try to minimise the resources spent dealing with patch testing and installation processes.…”

Section: Patch Lifecycle Modelmentioning

confidence: 99%

“…Software updates are commonly applied to fix a given bug or improve the usability of the computer program. As of today, software patches related to industrial control systems have generally addressed stability and functionality issues rather than security [ 11 ]. Nevertheless, as stated by the IEC 62443 industrial cybersecurity standard [ 16 ], a patch management is an element of a complete and sound cyber-security strategy.…”

Section: Software Updates Managementmentioning

confidence: 99%

“…Operational period of a safety-critical system Well-known and solid technologies and methods are commonly employed in safety-engineering, which are further tested, verified and validated through time. A safety and security co-engineering is then essential [11,12]. To this end, the International Electromechanical Commision (IEC) has developed two technical reports: IEC TR 63069 [13] and IEC TR 63074 [14].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Mugarza

Flores

Montero

2020

Sensors

Self Cite

View full text Add to dashboard Cite

New generation Industrial Automation and Control Systems (IACS) are providing advanced connectivity features, enabling new automation applications, services and business models in the Industrial Internet of Things (IIoT) era. Nevertheless, due to the extended attack surface and increasing number of cyber-attacks against industrial equipment, security concerns arise. Hence, these systems should provide enough protection and resiliency against cyber-attacks throughout their entire lifespan, which, in the case of industrial systems, may last several decades. A sound and complete management of security issues and software updates is fundamental to achieve such goal, since leading-edge security countermeasures implemented in the development phase may eventually become out-of-date. In this article, a review of the IEC 62443 industrial security standard concerning the security maintenance of IIoT systems and components is given, along with guidelines for the implementation of such processes. As concluded, the security issues and software updates management shall jointly be addressed by the asset owner, service providers and product suppliers. These security processes should also be compatible with the safety procedures established by safety standards.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Figure 9. Patch lifecycle model [11,16]. The asset owner should try to minimise the resources spent dealing with patch testing and installation processes.…”

Section: Patch Lifecycle Modelmentioning

confidence: 99%

Section: Software Updates Managementmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Mugarza

Flores

Montero

2020

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…On the contrary, the service life of safety-critical systems is rather static, where operation time modifications involve a well established procedure that can not be trivially applied to frequent updates. Accordingly, a safety and security co-engineering is essential for the development and maintenance of such systems with over-the-air software updates [200].…”

Section: Security / Cybersecuritymentioning

confidence: 99%

Multi-core Devices for Safety-critical Systems

et al. 2020

View full text Add to dashboard Cite

Multi-core devices are envisioned to support the development of next-generation safety-critical systems, enabling the on-chip integration of functions of different criticality. This integration provides multiple system-level potential benefits such as cost, size, power, and weight reduction. However, safety certification becomes a challenge and several fundamental safety technical requirements must be addressed, such as temporal and spatial independence, reliability, and diagnostic coverage. This survey provides a categorization and overview at different device abstraction levels (nanoscale, component, and device) of selected key research contributions that support the compliance with these fundamental safety requirements.

show abstract

Safe and secure software updates on high-performance mixed-criticality systems: The UP2DATE approach

Agirre

Yarza

Mugarza

et al. 2021

Microprocessors and Microsystems

Self Cite

View full text Add to dashboard Cite

Over-The-Air Software Updates (OTASU) are gaining popularity on the safety-critical domain. The motivation behind this trend is twofold. On the one hand, the ability of adding new functionality and services to the system without a complete redesign makes product makers more competitive and improves user experience. On the other hand, the increasing connectivity of emerging embedded devices makes OTASU a crucial cyber-security demand to keep the system up-to-date with latest security patches. However, the application of OTASU in the safety-critical domain is not straightforward, as they are not contemplated by current functional safety standards. The UP2DATE European H2020 project, seeks to provide solutions to cope with the challenging requirements of safety and security standards with respect to software updates. This paper gives an overview of UP2DATE, its foundations and the initial description of its safe and secure architecture that builds around composability and modularity on heterogeneous high-performance platforms.

show abstract

Software Updates in Safety and Security Co-engineering

Cited by 10 publications

References 5 publications

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Security Issues and Software Updates Management in the Industrial Internet of Things (IIoT) Era

Multi-core Devices for Safety-critical Systems

Safe and secure software updates on high-performance mixed-criticality systems: The UP2DATE approach

Contact Info

Product

Resources

About