EmbDev.net

Forum: µC & Digital Electronics Safety and security requirements?


Author: Rob T. (Guest)
Posted on:

Rate this post
0 useful
not useful
I started a new job and two important aspects of my responsibilities are 
safety and security. To be more specific, high level SIL 3 or ASIL-D in 
combination with hardware security measures "Trusted Platform" are 
either highly desired or down right required.

My question to the community is how common are these requirements and 
how much money are manufacturers and end customers willing to spent on 
this subject?

Is it more expensive to have hardware based security in every device or 
taking the risk of being hacked? Today, most lower cost devices are 
still using software security but chances of being hacked are so much 
higher. It is a dilemma, if we enter the market with great security 
options, our products might be too expensive, if the products get 
hacked, the company could go bankrupt.

In regards to safety, how much redundancy is enough?

Your opinion?

Rob

Author: stefanus (Guest)
Posted on:

Rate this post
0 useful
not useful
> SIL 3 or ASIL-D

Never heard about that.

> In regards to safety, how much redundancy is enough?

Depends on your device and application. You did not tell anything about 
it.

I would recommend to let experienced testers find and document all weak 
points (in source code, schematics, process documentation as well as by 
doing a lot of tests).

Compare that with the requirements and calculate how much (money, 
reputation) an issue may cost.

Then decide together with your insurance if the risk is acceptable or 
not.

Author: ASIL-B (Guest)
Posted on:

Rate this post
0 useful
not useful
Rob T. wrote:
> I started a new job and two important aspects of my responsibilities are
> safety and security. To be more specific, high level SIL 3 or ASIL-D in
> combination with hardware security measures "Trusted Platform" are
> either highly desired or down right required

I hope you are not the only one at your employer.
And you have support by a trained team.

Rob T. wrote:
> how much money are manufacturers and end customers willing to spent on
> this subject?

The end customer expects that it works reliable and safe at no extra 
cost.

Rob T. wrote:
> SIL 3 or ASIL-D

SIL 3 and ASIL-D are saftety levels.
SIL 3 belongs to (eventually self driving) machines
ASIL-D is the highest automotive safety level. (ABS/ESP, electrical 
steering or autonomous driving).

Some general rules for engine control units (gasoline/diesel) can be 
found here: (here you deal with ASIL-B for the risk of unintended 
acceleration which can be handled by braking of the driver, for ASIL-D 
risks you will need more effort).
https://web.archive.org/web/20160804054533/https://www.iav.com/sites/default/files/attachments/seite//ak-egas-v6-0-en-150922.pdf

Security (hacking) is not supported by these levels.

stay happy

Author: MaWin (Guest)
Posted on:

Rate this post
0 useful
not useful
Rob T. wrote:
> My question to the community is how common are these requirements

They are required in a lot of B2B productes.

(Factory equipment, chemical industry, rockets, military, OEM for 
automotive just like ABS oder ESP)

> and
> how much money are manufacturers and end customers willing to spent on
> this subject?

Those who need it are willing to spend.

> Is it more expensive to have hardware based security in every device or
> taking the risk of being hacked

For a B2B customer it is more expensive to have a malfunction.

For a B2C customer it is considered irrelevant. He will buy the 
cheapest.

Reply

Entering an e-mail address is optional. If you want to receive reply notifications by e-mail, please log in.

Rules — please read before posting

  • Post long source code as attachment, not in the text
  • Posting advertisements is forbidden.

Formatting options

  • [c]C code[/c]
  • [avrasm]AVR assembler code[/avrasm]
  • [code]code in other languages, ASCII drawings[/code]
  • [math]formula (LaTeX syntax)[/math]




Bild automatisch verkleinern, falls nötig