Skip to main content

Security Assurance FramEwoRk for neTworked vEhicular teChnology

Periodic Reporting for period 2 - SAFERtec (Security Assurance FramEwoRk for neTworked vEhicular teChnology)

Periodo di rendicontazione: 2018-07-01 al 2020-03-31

SAFERtec addresses security assurance for the ‘connected vehicle system’ (CVS) i.e. the dynamic system of highly-equipped infrastructure-connected vehicles. The project introduces an assurance framework to assess the level of confidence that the involved CVS security and privacy needs are satisfied. The focus is on V2I (Vehicle-to-Infrastructure) communications whereby the framework is tested and the relevant tools as well as standardization inputs are developed. The SAFERtec main objectives are summarised as follows:
• Design, introduce and evaluate a security assurance framework tailored for the automotive ecosystem (beyond the available generic and costly frameworks) seeking to influence the whole System Development Life Cycle of connected vehicles.
• Provide innovative attack modelling and vulnerability analysis methods to more accurately assess security threats and identify countermeasures.
• Introduce methods for defining security requirements and controls related to system reliability, security and privacy (i.e. a modular approach to define security features and requirements for system assets).
• Improve European industrial competitiveness in trusted Connected Vehicles relying on the SAFERtec automated tools and apply the Assurance Framework on an integrated CVS developed to serve as a test bed.
• Evaluate the assurance framework through real world use-case scenarios with multiple configuration set-ups.
• Identify gaps in International standards and set the basis of future standardization activities on automotive security assurance.
The main SAFERtec achievements are summarized below:

Identification and detailed specification of relevant Vehicle-to-Infrastructure communication use cases, carefully-selected on the basis of safe-criticality, EU-suggestions for day-one ITS services and industrial trends.

Introduction of an innovative combination of three available modelling methodologies and their integration into a SAFERtec six-stages process to assist engineers in reasoning about (automotive) threats and vulnerabilities.

Design, implementation, integration and testing of the hardware and software modules to comprise the Connected Vehicle System (CVS) test-benches. The test-bench realizes the full set of V2I functionality relying on standardized in-vehicle and V2I communication protocols.

Design and evaluation of an assurance framework tailored to meet the automotive needs. The framework relies on the definition of relevant security features, controls and requirements for the CVS and subsequently carefully enhances the Common Criteria standard introducing a number of innovative features: knowledge bases, tools, new assurance levels and a system-level evaluation class. The specification of the requirements relies on a modular protection profile for the connected vehicle ( The framework has been evaluated both theoretically (i.e. compared with relevant standards) and experimentally providing evidence on its efficiency.

Design, development and testing of the Assurance Framework Toolkit (AFT) i.e. a platform-independent and open-source toolkit ( that facilitates the cost-efficient compilation of the required evaluation inputs for both the SAFERtec Assurance Framework and any other approach based on Common Criteria. AFT covers two evaluation classes (ASE, ADV) but can be extended to others.

Following the earlier-introduced SAFERtec standardization plan the project has identified and exploited opportunities contributing parts of its technical work to ETSI automotive standard(s). The main achievement is the contribution of privacy requirements to the flagship ETSI TR 102 893 TVRA standard (acknowledged by the rapporteur) while similar technical inputs have been brought into the attention of the working group of ETSI EN 302 890-2 - Position and Time management.

In non-technical terms, a set of internal processes and online tools have been employed to ensure the high quality of the project’s outcome. A detailed dissemination plan using numerous channels (e.g. conferences) and activities (e.g. talks) maximized visibility and impact. With close day-to-day management the project has been carefully coordinated keeping at the same time track of its financial developments.
SAFERtec has significantly advanced the state of the art in the intersection of security assurance and vehicular technology research threads:

The SAFERtec risk analysis work (WP2) introduced an innovative combination of methodologies (i.e. EBIOS, SecureTropos, PriS) to jointly account for security, safety and privacy concerns when identifying the vulnerabilities, the security objectives and requirements of the connected vehicle. The proposed combination allows the transformation of high-level security and privacy requirements into specific technical requirements and respective measures and importantly, can be applied on any IT domain.

The SAFERtec assurance framework (WP3) amounts to the enhancement of the most credible assurance framework i.e. the Common Criteria, to make it meet the automotive setting requirements. The proposed framework introduces a number of contributions that advance the current state-of-the-art such as: dedicated tools and knowledge-bases such as a modular Protection Profile for specifying the assumptions, threats, security objectives, security functional requirements of the connected vehicle; a newly-introduced evaluation class that provides assurance at system-level.

The development effort (WP4) led to the design, implementation and testing of two (identical) V2I testbeds that rely on standard automotive technologies. The testbeds are capable to accurately realise the selected SAFERtec use-cases and contrary to the so-far approaches, presents a full V2I functionality realizing all involved V2I parts. Furthermore, its usage can serve any automotive testing purpose.

The WP5 work mainly addresses the evaluation of the proposed security assurance framework relying on both theoretical and experimentation means. The main innovation of this work is based on a comparative analysis of different security evaluation (standardized) methodologies that the current literature lacks.

The SAFERtec WP6 outcome includes the design and development of the AFT (Assurance Framework Toolkit) which is a platform-independent online toolkit that assists Common Criteria-based (and accordingly SAFERtec framework-based) cyber-security evaluations on automotive products. To the best of our knowledge no open-source solution has been developed for the evaluation of the connected vehicles; previous approaches that are not tailored for automotive usage and can apply only on certain platforms.

The part of the WP7 work which relates to the standardization has contributed a set of privacy requirements to the flagship ETSI TR 102 893 (TVRA) standard which constitutes the fundamental reference for Threat, Vulnerability and Risk Analysis of Intelligent Transport Systems.

The main impact of the project amounts the way that security evaluation is expected to be performed for connected vehicles. The proposed framework already appears as a strong candidate for automotive security assurance evaluations while further technical feedback would render it the dominant choice. The significant social implication points to the increase of trust in connected vehicles.
The SAFERtec Security Assurance Framework: introduced evaluation tools beyond Common Criteria