Safety and Security Concept for Software Updates on Mixed-criticality Systems

The raising connectivity of critical embedded systems makes them vulnerable to cyber-security attacks that compromise not only privacy but also safety. This results in intricate dependencies between functional safety and security, and higher demands to address both disciplines simultaneously. However, there are still many gaps on the common application of functional safety and cyber-security standards. Over-The-Air (OTA) software updates are a clear example of this challenge. While the installation of regular software upgrades is a crucial cyber-security practice to keep the system up-to-date with the latest security patches, they might involve high re-certification efforts and costs from a safety standpoint. In this paper, a safety and security concept for software updates on mixed-criticality systems is presented. Particularly, a combined safety and security risk assessment on an automotive use case is performed and risk mitigation measures proposed.