Integrated Solutions for ASPICE, Functional Safety and Cybersecurity in Automotive Development

General

As electronic systems and connectivity in modern vehicles rapidly evolve, the entire industry increasingly emphasizes the importance of safety and security. In accordance there have been several industrial standards and regulations initiated and released, among them the most important ones include ASPICE, functional safety (ISO 26262), and cybersecurity (ISO/SAE 21434).

All of these standards are impacting the development lifecycle of modern vehicles and turn into necessities for both automotive OEMs and suppliers. The challenge comes with how to organically integrate all of these standards into vehicle development with considerations of cost, efficiency, and quality. Here we would like to discuss some of our insights.

ASPICE 4.0 Framework

ASPICE stands for “Automotive Software Process Improvement and Capability Determination”. It was first published in 2005 based on the ISO/SEC 330xx series of standards and focused on the capability evaluation of the automotive software development process. At the end of 2023, the latest version ASPICE 4.0 was released. It’s an improved standard of the previous version (3.1) in many aspects, of which some breaking changes are an incorporation of hardware engineering and machine learning. As SDV and autonomous driving become increasingly integral to the automotive industry, these updates adapt to a more software-based systems perspective and conform to the development trends and demands of the market. 

ASPICE sets out a comprehensive framework for engineering automotive systems, structured around the well-established V model. The V model divides the development process into two main phases: design and verification/validation.

1. Design Phase (left side of the V Model): This begins with the crucial step of requirements engineering, where the essential needs and specifications for the system are defined. Following this, the process progressively narrows down to the specific tasks of designing the software and hardware components. This phase is all about planning and creating the blueprints for what will be built.
2. Verification and Validation Phase (Right Side of the V Model): Once the components are developed, the focus shifts to testing. This starts with unit verification, where individual parts are tested to ensure they meet the set criteria. The process then expands outwards to include integration testing—where the interaction between components is examined—and culminates in system validation, which verifies that the entire system functions as intended and fulfills the initial requirements.
3. Throughout both phases, two key principles are emphasized: traceability and integrity. Traceability ensures that every design and testing activity can be linked back to the original requirements, maintaining a clear line of sight throughout the project. Integrity ensures that the entire process is consistent, accurate, and aligned, with every development step on the left side of the V model having a corresponding testing step on the right side.

ASPICE, by leveraging the V model, provides a fundamental guide and structure for the development of automotive systems. This ensures that the development process is thorough, systematic, and aligned with industry standards, ultimately leading to the creation of reliable and high-quality automotive software and systems.

Fig. 1 - ASPICE Framework

Functional Safety Framework

Functional safety engineering standard or specifically ISO 26262 defines the methodologies and processes when the system under development is safety-critical, aims to eliminate the system failures and minimize the random failures to an acceptance level. ISO 26262 is not mandated by authorities, however, to keep the vehicle and people safe and avoid product recalls, it is applied widely in the whole industrial chain from OEMs to suppliers.

Functional safety engineering is underpinned by robust quality management practices, with ASPICE being a widely adopted framework in this area. When examining the functional safety engineering guidelines recommended by ISO 26262, it becomes apparent that there is a significant overlap in the methodologies and processes with ASPICE. Despite these similarities, it's important to note that the focus on safety remains paramount. This alignment between ASPICE and ISO 26262 underscores the common ground in striving for high-quality and safe automotive systems.

There would be a lot of benefits to identifying these common points as well as the corresponding distinctions and making them compatible among these common points for organizations with already well-developed ASPICE processes from product definition to system validation.

Fig. 2 – Functional Safety Management Framework ISO 26262

Cybersecurity Framework

UNECE released a cybersecurity regulation – No. 155 for road vehicles in 2020, then ISO and SAE worked out ISO 21434 – automotive cybersecurity engineering as a guidance for the implementation of R155, which is widely referred by most OEMs and suppliers worldwide to keep their cars and automotive systems secured and compliant with No. 155.

Like ISO 26262 and ASPICE, ISO 21434, which addresses automotive cybersecurity engineering, also incorporates a V Model to structure the product development phase. This model outlines a systematic approach to developing secure automotive systems. While it serves a comparable purpose to the V Models in ASPICE and ISO 26262, it's important to note that the details and emphasis within ISO 21434's V Model are tailored specifically to cybersecurity concerns. Despite these differences, the overarching goal of using a structured development process to enhance product quality and safety remains consistent across these standards.

ISO/SAE 21434 offers a framework specification for cybersecurity engineering in automotive OEMs and suppliers for them to manage the increasing cyber threats of connected vehicles efficiently.

Fig. 3 – Product Development Framework ISO 21434

Challenges with the implementation of different standards into practice

ISO 26262 focuses on the prevention of systematic and random hardware failures of internal E/E systems while ISO 21434 concentrates on the external cyber threats on the automotive systems to keep the vehicles safe and secure.

How to coordinate the required activities and organically integrate with existing development processes of organizations becomes a challenge to all stakeholders in the automotive industry.

The most likely challenges include:

• Multi-data sources with high complexity scattered in different toolchains
• Collaboration among different functions and stakeholders
• Different levels of safety and security analysis based on automotive systems design
• Continuous compliance with functional safety and cybersecurity in the whole vehicle lifecycle
• Complete traceability and true reusability in the development phase
• Always complete and up-to-date documentation

To effectively combine these standards, an integrated development model can be created by merging the workflows and processes of ASPICE, ISO 26262, and ISO 21434. Here's a simplified overview:

1. Product Definition: Begin by drafting the initial system architecture. This serves as the foundation for defining items for both functional safety and cybersecurity analysis.
2. Analysis Phase: Conduct Hazard Analysis and Risk Assessment (HARA) and Threat Analysis and Risk Assessment (TARA) simultaneously. These analyses inform each other because a cybersecurity threat could impact safety goals, and a potential system failure might affect cybersecurity protections.
3. Concept Development: Develop concepts for functional safety and security by deriving specific requirements from the analysis phase.
4. Technical Requirements: From the safety and security concepts, identify technical requirements that outline how to prevent system failures or vulnerabilities.
5. System Architecture Refinement: Use the system requirements to refine the system architecture, concluding with a clear definition of system components.
6. Design and Implementation: Break down the defined system components into software and hardware specifics for detailed design and implementation.
7. Verification and Validation: Begin verification with software and hardware components individually, then move towards integrating these components. The process culminates in system validation, ensuring the entire system operates as intended.

This approach ensures a thorough consideration of both functional safety and cybersecurity from the initial stages through to final verification and validation.

Fig. 4 – Integrated Solution Framework

SystemWeaver supports an ASPICE-oriented platform, and as add-ons, the functional safety module and cybersecurity module are compliant with ISO 26262 and ISO 21434. Based on the above modules, an integrated solution can be offered concretely that covers all required activities and recommended methodologies from these standards. What’s more, its built-in supporting features, e.g. configuration management, change management, and reviews will make engineering and development even easier.

With SystemWeaver you can tackle the challenges mentioned above and have a one-stop solution for ASPICE, ISO 26262, and ISO 21434, to keep continuously compliant for the development of next-generation vehicles.

You are welcome to contact us for further information at info@systemweaver.com!