Automotive Cybersecurity Expert (ISO 21434, UNECE R155, R156, ISO 26262, ASPICE, AUTOSAR)
Aktualisiert am 15.05.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 01.07.2024
Verfügbar zu: 100%
davon vor Ort: 25%
Automotive cybersecurity
ISO 21434
UNECE
TARA
Training
Penetrationstest
AUTOSAR
Embedded C
MATLAB
dSpace Targetlink
Automotive-SPICE
ISO 26262
Funktionale Sicherheit
English
Fluent
German
Spoken and Written

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

1 year 4 months
2022-01 - 2023-04

Cybersecurity compliance of STLA Brain Platform

Cybersecurity Expert ISO 21434 TARA
Cybersecurity Expert

The project involved ensuring the cybersecurity compliance of the Stellantis STLA Brain Platform. This included the analysis of item definition, performing the Threat Analysis and Risk Assessment (TARA) at the item level, Identify the threats and cybersecurity controls as well as the cybersecurity requirements. System and software teams were guided to realize the cybersecurity controls and validate the cybersecurity requirements.

 

Standard/Protocol 

 ISO 21434


Contribution

  • Preparation of project-dependent cybersecurity work products Cybersecurity Interface Agreement (CIA), Cybersecurity plan, Cybersecurity case, etc.
  • Analysis of item definition
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements and cybersecurity controls
  • Support system and software teams in the realization of cybersecurity requirements and controls
  • Support system and software test teams in the validation of cybersecurity requirements and controls
  • Regular communication with project management, functional safety, and quality teams

ISO 21434 TARA
Munich
10 months
2022-04 - 2023-01

Creation of ASPICE for cybersecurity (ISO 21434) process landscape

Cybersecurity Expert ISO 21434 ? Automotive SPICE for Cybersecurity Edition 2021 ? Automotive SPICE for Cybersecurity Guidelines 2021
Cybersecurity Expert

This project involved the creation of a process landscape for the development of cybersecurity critical systems and software development based on ASPICE. This includes the definition of the process, tailoring rules, guidelines, and best practices along with the creation of templates. All the ASPICE processes in the scope of VDA and the processes under ASPICE for cybersecurity are covered.

 

Standard/Protocol 

  • ISO 21434
  • ASPICE Version 3.1
  • VDA Automotive SPICE Guidelines 2017
  • Automotive SPICE for Cybersecurity Edition 2021
  • Automotive SPICE for Cybersecurity Guidelines 2021


Contribution

  • Describing the processes in VDA scope and ASPICE for cybersecurity
  • Tailoring the process to consider VDA Guidelines
  • Consideration of ISO 21434 in defining the processes in the scope of ASPICE for cybersecurity
  • Definition of the process for the cybersecurity audits and assessments
  • Creation templates

ISO 21434 ? Automotive SPICE for Cybersecurity Edition 2021 ? Automotive SPICE for Cybersecurity Guidelines 2021
Munich
1 year 7 months
2021-06 - 2022-12

Cybersecurity Analysis of Automated Emergency Braking System

Cybersecurity Expert iso 21434 TARA
Cybersecurity Expert
  • Asset identification for the defined Item boundary in the Automated Emergency Braking System
  • Identification of possible attacks on the assets and violation of security property
  • Analysis of possible impact and identification of risk associated with the asset
  • Derive security requirements and test cases based on requirements

 

Standard/Protocol:  

ISO 21434


Contribution:

  • Analysis of provided Automated Emergency Braking as per the ISO21434 guidelines
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements
  • Cybersecurity test case preparation

iso 21434 TARA
Munich
6 months
2021-01 - 2021-06

Performing TARA for various ECUs

Cybersecurity Expert iso 21434
Cybersecurity Expert

Asset identification for the defined Item boundary for more than 40 ECUs. Identification of possible attacks on the assets and violation of security property. Analysis of possible impact and identification of risk associated with the asset. Derive security requirements and test cases based on requirements.

 

Standard/Protocol: 

ISO 21434


Contribution:

  • Analysis of provided Systems such as Powertrain, Hybrid Electric, DC-DC Converter, Gateway, etc. as per the ISO 21434 guidelines.
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements
  • Iterative TARA analysis
  • Deriving the cyber security requirements
  • Cyber security test case preparation

iso 21434
Munich
1 year 6 months
2019-08 - 2021-01

Development of Gear Select Lever ECU (ASIL B)

Cybersecurity Expert ISO21434 ISO 26262 ASPICE ...
Cybersecurity Expert

The product ?Gear Select Lever? consists of mechanics, including the select lever itself, electronics, including hall sensors and a microcontroller, and software. The software is AUTOSAR 4.3.0 compliant. The product realizes a human-machine interface to the powertrain. The interface between the Gear Select Lever and the powertrain includes digital communication via the CAN bus. The product has been assigned safety goals up to ASIL B. 

The software also supported Software updates using cryptographic algorithms like SHA, AES, and RSA and required compliance with UNECE WP29. The software also supported the Over the Air (OTA) update.

 

Standard/Protocol:  

AUTOSAR 4.0, ISO26262 (ASIL B), UNECE WP29

 

FuSa Contribution:

  • Elicitation of requirements specifications and analysis
  • Integrating and implementing Crypto modules to ensure Software updates using cryptographic algorithms like SHA, AES, and RSA to comply with UNECE WP29
  • Performing security analysis to identify the threats and risks, especially in the flashing of software and communication
  • Implementation of Over the Air (OTA) feature
  • Customer communication concerning cybersecurity-related topics

ISO21434 ISO 26262 ASPICE AUTOSAR UNECE OTA
Munich
1 year
2018-09 - 2019-08

BMW CCU Safety Service (ASIL C)

Functional Safety Manager ISO 26262 AUTOSAR
Functional Safety Manager

The project BMW CCU is based on the development of the charger control unit for next-generation BMW electric vehicles. The project involves a distributed development environment with teams working in different regions.

The project activities include the complete responsibility for planning the qualification activities, reviewing the safety artifacts, and supporting and guiding the safety team and developers in safety-relevant development activities.

 

Standard/Protocol: 

AUTOSAR 4.0, ISO26262

 

FuSa Contribution:

  • Planning qualification activities
  •  Reviewing System artifacts
  • Dependent failure analysis
  • Guiding the safety team in creating artifacts such as
    • FMEA
    • Safety Plan
    • Software Verification Plan
    • Software Verification Specification
    • Tool qualification report
    • Verification report
    • Software component qualification report
  • Participation in technical reviews
  • Creation of Release for Production Report
  • Supporting the FuSa Audit and Assessment

ISO 26262 AUTOSAR
Munich
10 months
2018-03 - 2018-12

Assessment of CycurCSM for ASIL B safety level as Safety Element out of Context (ASIL B)

Functional Safety Manager Cryptography iso 26262 autosar ...
Functional Safety Manager

Escrypt GmbH is the developer of the CycurCSM tool, a code generator that generates a standard AUTOSAR 4 BSW component CSM (Crypto Service Manager), responsible for acting as the interface to the Hardware Security Module functioning as the security peripheral. The component enables the communication between the Application Software Component to the Hardware Security Module through AUTOSAR APIs and other predefined APIs. 

The project involved creating safety artifacts such as Safety Plan, FMEA, Software Verification Plan, Software Verification Specification, Tool Qualification report, and constant communication with Tüv Nord for a safety audit, assessment, etc. 

 

Standard/Protocol: 

AUTOSAR 4.0, ISO26262 (ASIL B)

 

Contribution:

  • Planning assessment activities with FuSa Engineer
  • Conducting FuSa audits and planning assessments with Tüv Nord
  • Performing verification reviews on artifacts such as
    • Software FMEA
    • Software Safety Plan
    • Software Verification Plan
    • Software Verification Specification
    • Software Verification Report
    • Software Verification Report
    • Software Safety Case
    • Any other Iso 26262 work product
    • All the engineering technical artifacts such as Software Requirements, Software Architecture, etc.

Cryptography iso 26262 autosar C programming Tessy GHS Compiler Lauterbach debugger CycurCSM Reqtify Polyspace Code Prover IPIS FMEA
Munich
1 year 11 months
2016-05 - 2018-03

Keyless GO (ASIL B)

Software Expert (ISO 26262, AUTOSAR) iso 26262 autosar ASPICE ...
Software Expert (ISO 26262, AUTOSAR)

This project is about the keyless go features for Daimler trucks.  It contains many prime components such as Start-Stop systems, Klemen Control Module, etc.

The scope of work is to perform the requirement analysis, design, and development of the Start-Stop system. It includes coding the CDD driver and the development of the Application part in the Matlab/Simulink/TargetLink toolchain. The implementation includes reading the Start-Stop button status from the hardware using ADC/Microcontroller registers and deciding the keypress with plausible voltage values. It also includes the implementation of the safety mechanism and Diagnostic service in both CDD and the Model.  Also performed Integration and testing of software along with the Autosar BSW stack.

 

Standard / Protocol: AUTOSAR 4.0.1, ISO26262, XCP 2.03.1, E2E, CAN, ASPICE

 

Actuator:  

Daimler Start-Stop switch

 

Contribution:

  • Analyzing the requirements
  • Writing SWRS from CRS in Doors.
  • Coding CDD, IoHwAb, Mcal in C programming
  • Development of model and auto-code generation
  • Complex device driver development for the START-STOP system
  • Deciding the RTE Interfaces, Signals, Data types, etc. in collaboration with the BSW team.
  • Constant communication with the client for requirement clarifications and status updates.
  • Involvement in deciding ASIL level for requirements.
  • Static analysis with Polyspace
  • Implementation of safety-critical algorithms and measures
  • Implementations as per Autosar 4.x, ISO26262 and MISRA
  • Panel designing in CAPL and Testing with CANoe
  • Compile, debug, and integrate the software.

iso 26262 autosar ASPICE CAN E2E XCP MATLAB/Simulink TargetLink C programming Polyspace Code Prover CAPL Tpt Doors Dimensions
Munich
8 months
2015-09 - 2016-04

Software Unit and Integration testing of Dräger Polytron Pulsar 3 using Tessy

Functional Safety Software Tester (Unit/Integration) Product Safe C programming Tessy V3.1 ...
Functional Safety Software Tester (Unit/Integration)

The sophisticated technology in Open-Path gas detection - the Dräger Polytron Pulsar 3 is focused on the detection of a range of gaseous hydrocarbons. This includes alkanes from methane to hexane, propylene, ethylene, methanol, and ethanol. Equipped with either a terminal box or a certified cable entry point, the detector incorporates flexible installation. The continuous communication between Receiver and Transmitter across a signal line allows the system to adapt to difficult environmental conditions and ensure the highest availability. 

Scope of work was to perform the safety critical Integration and Unit testing using HITEX Tessy aiming at MCDC coverage for the safety component.  Also performing regression testing on various internal safety-critical modules and analyzing results on Jenkins build server. Also involved in the detection of bugs during the testing, regular discussions with developers, and making MANTIS entry of bugs as per the software testing process.


Actuator:  

Dräger Polytron Pulsar 3

 

Contribution:

  • Analyzing the requirements
  • Creating test plans
  • Writing stub codes in C
  • Designing Unit/Integration test cases
  • Regular discussions with developers
  • Performing Safety-critical tests aimed at
    • Requirements-based test
    • Interface test
    • Back-to-back test
    • Boundary values test
  • Aiming at 100% code coverage and addition of stub codes if required
  • Static analysis with Polyspace
  • Creation of deviation report
  • Continuous build with Jenkins builds server
  • MANTIS entries of bugs

Product Safe C programming Tessy V3.1 Polyspace Code Prover Jenkins Build Server Doors MANTIS Tortoise Hg
Lübeck
8 months
2015-01 - 2015-08

Integration of Electronic Limited Slip Differential (eLSD) for BMW M Series Vehicle (ASIL D)

Software Developer/Integrator (ISO 26262, AUTOSAR) AUTOSAR ISO 26262 XCP ...
Software Developer/Integrator (ISO 26262, AUTOSAR)

BMW M decided to migrate the existing project into the AUTOSAR environment including the safety composition. It also includes the change of ECU from Bosch to Melecs. The eLSD is used in the vehicle traction control system to maintain the proper torque between both wheels. Due to the under/over steering or slippery road conditions when any of the tires start spinning faster than others, eLSD will reduce the torque supplied to it to reduce the speed. 

The project included new feature addition and modification of code as per AUTOSAR standards, and the creation of a wrapper layer for the communication between the application and basic software level. Integration involved application software along with the basic software, complex device drivers, COM, and BMW BAC module. Integration testing was part of the project where the entire software is tested with the help of CAN communication.


Actuator: 

Electronic Limited Slip Differential

 

Standard/Protocol: 

AUTOSAR 4.0.1, ISO26262, XCP 2.03.1, E2E, CAN, FlexRay

 

Contribution: 

  • Analyzing the requirements
  • Writing SRS and SDD
  • Implementation in C for Diagnostic Safety Application (DSA)
  • Developing wrapper layer
  • Integration of manual and auto generated c modules
  • Unit and Integration test document preparation
  • Safety critical unit testing
  • Static Analysis with Polyspace
  • CAPL programming and Safety-critical integration testing
  • Support for HIL and Test Rig teams

Melecs ECU Isystem IC5000 debugger Miniwiggler Body domain controller ECU (BMW) FlexRay Interface Box VN7600
AUTOSAR ISO 26262 XCP E2E CAN FlexRay C Programming Integrity PTC V10 Tessy V3.1 CANape Polyspace Code Prover CANalyzer CANoe E-Sys WinIDEA CAPL programming
Cologne
1 year 1 month
2014-01 - 2015-01

Integration of SW E-Drive - Auto-code generation & SW Integration of Hybrid (EA-412) Compositions for BMW Cars G11, I01, I12, F30, F56, F15, F18 (LEB45x)

Software Integration Engineer autos ISO 26262 Matlab/Simulink ...
Software Integration Engineer

BMW Power Electronic Group (EA-412 Hybrid/Electric cars) had decided to transform the existing Power Electronic compositions into AUTOSAR compliant & ISO26262 compliance, with the usage of AUTO CODE generation using BACE (BMW Auto Code Environment) tool. BACE tool works along with MATLAB/Simulink and auto-generates the code using custom BMW libraries. 

This project involves building and integrating generated auto code for BMW Electric/Hybrid vehicle compositions such as Hybrid manager, dog clutch, etc. Autosar-compliant code generation is performed by the model received from the developer. Errors are fixed in the model and build is performed. Performing debugging and fixing the toolchain errors. Also performed static code analysis on the deliverable code.

 

Standard/Protocol:

AUTOSAR 4.0.1

 

Contribution: 

  • Analyze and review of the Models, Interface & BACE Tool-Chain
  • Perform the auto-code generation process of Models through BACE tool-chain
  • Compile & integrate all the components together.
  • Perform MISRA warning analysis, Compiler warning analysis
  • CAPL programming and Safety-critical integration testing
  • Complete Documentation & Report for the overall process

LEB450D PEU Box (Robert Bosch) LEB452D PEU Box (Delphi)
autos ISO 26262 Matlab/Simulink Embedded Coder BACE Toolchain (V493) Hitech GCC Windriver QAC V8.1.2 Canoe CAPL Programming
Indien
1 year
2013-01 - 2013-12

Software Modeling of EK functions for BMW cars G12, G11, I01, F45, and F56

Model-Based Designer & Tester AUTOSAR ASCET-SD MATLAB ...
Model-Based Designer & Tester

This is a development cum maintenance project for different body control features of a car like a Sunroof, Wiper washer, Convertible roof, and Power window. This project includes maintenance of the existing features and enhancement and bug fixes for the body control Modules. Issues were analyzed and fixed in the models, and also new features/change request was implemented in the model, and AUTOSAR-compliant code was generated for functional testing. For the issue reported or change requested, SIL testing has been carried out with AUTOSAR-compliant code.

BMW decided to migrate the model from the ASCET environment to MATLAB toolchain with code generation using TargetLink. Most of the features were re-modeled with MATLAB toolchain and AUTOSAR-compliant code is generated using DSpace TargetLink.

 

Standard/Protocol: 

AUTOSAR 3.x

 

Contribution: 

  • Development of new features & bug fixes in MATLAB/Simulink/TargetLink and ASCET-MD, ASCET-SE
  • Creation of Arxml?s with Autosar Authoring Tool
  • Test case design using TcED and SIL testing with ASIM (Autosar Builder) & Code coverage
  • Design of Software Architecture using EA
  • Changes in interfaces using AAT (Autosar authoring tool) and performing the quality processes

AUTOSAR ASCET-SD MATLAB Simulink TargetLink ISO 26262 MATLAB/Simulink/Stateflow ASCET-MD ASCET-SE TcEd Autosar Builder Autosar Authoring Tool
Indien
6 months
2012-07 - 2012-12

Knock Sensor Simulation & Testing with Dspace Control Desk (DS1104)

Model-Based Designer & Tester AUTOSAR ISO 26262 MATLAB/Simulink/Stateflow ...
Model-Based Designer & Tester

The Knock sensor will sense the knock occurring inside the engine as an analog signal and converts it into electrical form. This process includes Detection, Processing & Envelope Detection of the signal. Signal processing is carried out with the help of digital IIR filters and envelope detectors using Simulink blocks. The knock is detected at the particular interval of the Crank angle. This signal is passed to the ECU to prevent further knocks by retarding fuel injection.

Autosar-compliant code is generated using the Dspace TargetLink, which also included the creation of the data dictionary. Real-time simulation is performed on the designed model using dSPACE Control Desk, where output is monitored on the control desk panels.

 

Standard/Protocol:

AUTOSAR 3.x, ISO26262


Contribution

  • Analyzing the requirements
  • Development of Algorithm and Flow Charts
  • Model Design Using MATLAB/Simulink/Stateflow which included Crankshaft Profile Generator, Signal Processing Block, Envelope Detector and Knock Processing Window
  • Integration of Crank/Camshaft model to detect the knock at the particular Crank angle
  • Auto code generation using Dspace TargetLink
  • Testing using the dSPACE Control desk

AUTOSAR ISO 26262 MATLAB/Simulink/Stateflow Real-Time Workshop TargetLink
Indien

Aus- und Weiterbildung

Aus- und Weiterbildung

Educational Qualification
VTU Belgaum, India
BACHELOR of Engineering (Electronics & Communication)

Certification

intacs? certified Provisional Assessor Automotive SPICE®
Certified Scrum Product Owner® (CSPO®)

Position

Position

  • Automotive Cybersecurity Expert (ISO 21434, UNECE R155, R156, ISO 26262, ASPICE, AUTOSAR)

Kompetenzen

Kompetenzen

Top-Skills

Automotive cybersecurity ISO 21434 UNECE TARA Training Penetrationstest AUTOSAR Embedded C MATLAB dSpace Targetlink Automotive-SPICE ISO 26262 Funktionale Sicherheit

Produkte / Standards / Erfahrungen / Methoden

Profile
  • Experience working as Trainer (ISO 21434, UNECE R155, R156) for German OEMs and Tier1s on the topics:
    • Introduction to Automotive Cybersecurity
    • Secure Software Development and Verification
    • Penetration Testing
  • Member of ISO cybersecurity working group (ISO/TC 22/SC 32/WG 11)
  • Experience in cybersecurity development lifecycle (Engineering) including:
    • Cybersecurity concept definition including cybersecurity goals.
    • Cybersecurity requirements definition, Architectural design, and development at different abstraction levels
    • Cybersecurity verification and validation activities including definition of test specification, test cases, etc.
  • Experience in organizational cybersecurity management including:
    • Preparing and successfully certifying organizations on ISO 27001, ISO 9001
    • Preparing and successfully obtaining the TISAX Level 2 label (Info High)
    • Improving cybersecurity awareness through training and workshops
  • Experience in the cybersecurity process definition including:
    • Extending the ASPICE process landscape to include cybersecurity-related processes.
    • Creation of templates and guidelines for the cybersecurity work products
    • Planning the execution of cybersecurity activities as a part of scrum based ASPICE compliant V-Model
  • Experience in project-dependent cybersecurity management including:
    • Preparation of Cybersecurity Interface Agreement (CIA), Cybersecurity plan, Cybersecurity case, etc.
    • Preparation of template and support for the cybersecurity assessment plan, report
  • Experience in performing Threat Analysis and Risk Assessment (TARA) including:
    • Analyzing item definition
    • Identification of assets
    • Analyzing attack paths
    • Determination of risk value
    • Selection of cybersecurity control mechanisms
    • TARA performed on the tools: Excel, Medini Analyzer
  • Featured in DW news on successfully hacking a well-known car brand in the field of Cybersecurity.
  • Designed an organizational standard process for managing and executing projects according to ASPICE v3.1, ISO 9001, ISO 26262.
  • Responsible for deploying and fostering the organization's standard process to ensure quality software development.
  • Experience working with 3 German OEMs in various Functional Safety (FuSa) development, assessment, and qualification projects.
  • Played the role of Functional Safety Expert with premium German and UK OEMs and guided them in the field of Functional Safety.
  • Experience in successfully defending FuSa audits and conducting assessments with Tüv Nord
  • Experience in verification review of FuSa artifacts such as Software FMEA, Safety Plan, Software Verification Plan, Software Verification Specifications, Software Verification Report, Safety case, Safety Manual Inputs, etc.
  • Experience in confirmation review of Software Tool Qualification report.
  • Experience in tailoring the process for project management, quality, configuration management, and change management for FuSa projects
  • Successfully executed and achieved ASPICE Level 3 certification in multiple external audits.
  • Experience in scrum-based project management.
  • Managed communication successfully with the customer, the OEM, and the suppliers while resolving the conflicts that occurred over the development process.
  • Negotiation experience with suppliers and vendors.
  • Functional Safety and Cybersecurity trainer with 2 years of experience in training participants from premium German Tier 1 and OEMs
  • Active contribution to the AUTOSAR Consortium as a development partner in the safety and security group.

Software / Programming
Compilers/ Debuggers
Renesas, Tasking Tricore, Windriver, GCC, Miniwiggler, IC5000, Minicube, Infineon

Tools
MATLAB, Simulink, Stateflow, Design Verifier, Embedded Coder, Polyspace Code Prover, Dspace Control Desk, TargetLink, Ascet-SE, Ascet-MD, Autosar Builder, TcED, Enterprise Architect, Tessy, CANape, CANalyzer, CANoe, E-Sys, WinIDEA, Infineon MemTool, FPGA, Latex, Jenkins build server, MANTIS, Dimensions, Tpt, APIS FMEA, Medini Analyzer

Concepts
AUTOSAR, ISO26262, ISO 21434, ISO/PAS 21448, FMI, TIMEX

Testing Concepts
Concept Development: MiL, SiL, PiL, HiL

Configuration Management Tool
SVN, VSS, DOORS, PTC, Jira, Confluence, ClickUp

Protocols
CAN, FlexRay, SPI, LIN

Programmiersprachen

Embedded C
Python
MATLAB Programming
CAPL

Branchen

Branchen

Automotive

Einsatzorte

Einsatzorte

Deutschland
möglich

Projekte

Projekte

1 year 4 months
2022-01 - 2023-04

Cybersecurity compliance of STLA Brain Platform

Cybersecurity Expert ISO 21434 TARA
Cybersecurity Expert

The project involved ensuring the cybersecurity compliance of the Stellantis STLA Brain Platform. This included the analysis of item definition, performing the Threat Analysis and Risk Assessment (TARA) at the item level, Identify the threats and cybersecurity controls as well as the cybersecurity requirements. System and software teams were guided to realize the cybersecurity controls and validate the cybersecurity requirements.

 

Standard/Protocol 

 ISO 21434


Contribution

  • Preparation of project-dependent cybersecurity work products Cybersecurity Interface Agreement (CIA), Cybersecurity plan, Cybersecurity case, etc.
  • Analysis of item definition
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements and cybersecurity controls
  • Support system and software teams in the realization of cybersecurity requirements and controls
  • Support system and software test teams in the validation of cybersecurity requirements and controls
  • Regular communication with project management, functional safety, and quality teams

ISO 21434 TARA
Munich
10 months
2022-04 - 2023-01

Creation of ASPICE for cybersecurity (ISO 21434) process landscape

Cybersecurity Expert ISO 21434 ? Automotive SPICE for Cybersecurity Edition 2021 ? Automotive SPICE for Cybersecurity Guidelines 2021
Cybersecurity Expert

This project involved the creation of a process landscape for the development of cybersecurity critical systems and software development based on ASPICE. This includes the definition of the process, tailoring rules, guidelines, and best practices along with the creation of templates. All the ASPICE processes in the scope of VDA and the processes under ASPICE for cybersecurity are covered.

 

Standard/Protocol 

  • ISO 21434
  • ASPICE Version 3.1
  • VDA Automotive SPICE Guidelines 2017
  • Automotive SPICE for Cybersecurity Edition 2021
  • Automotive SPICE for Cybersecurity Guidelines 2021


Contribution

  • Describing the processes in VDA scope and ASPICE for cybersecurity
  • Tailoring the process to consider VDA Guidelines
  • Consideration of ISO 21434 in defining the processes in the scope of ASPICE for cybersecurity
  • Definition of the process for the cybersecurity audits and assessments
  • Creation templates

ISO 21434 ? Automotive SPICE for Cybersecurity Edition 2021 ? Automotive SPICE for Cybersecurity Guidelines 2021
Munich
1 year 7 months
2021-06 - 2022-12

Cybersecurity Analysis of Automated Emergency Braking System

Cybersecurity Expert iso 21434 TARA
Cybersecurity Expert
  • Asset identification for the defined Item boundary in the Automated Emergency Braking System
  • Identification of possible attacks on the assets and violation of security property
  • Analysis of possible impact and identification of risk associated with the asset
  • Derive security requirements and test cases based on requirements

 

Standard/Protocol:  

ISO 21434


Contribution:

  • Analysis of provided Automated Emergency Braking as per the ISO21434 guidelines
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements
  • Cybersecurity test case preparation

iso 21434 TARA
Munich
6 months
2021-01 - 2021-06

Performing TARA for various ECUs

Cybersecurity Expert iso 21434
Cybersecurity Expert

Asset identification for the defined Item boundary for more than 40 ECUs. Identification of possible attacks on the assets and violation of security property. Analysis of possible impact and identification of risk associated with the asset. Derive security requirements and test cases based on requirements.

 

Standard/Protocol: 

ISO 21434


Contribution:

  • Analysis of provided Systems such as Powertrain, Hybrid Electric, DC-DC Converter, Gateway, etc. as per the ISO 21434 guidelines.
  • Asset identification for the defined item boundary
  • Risk assessment
  • Derivation of Cybersecurity requirements
  • Iterative TARA analysis
  • Deriving the cyber security requirements
  • Cyber security test case preparation

iso 21434
Munich
1 year 6 months
2019-08 - 2021-01

Development of Gear Select Lever ECU (ASIL B)

Cybersecurity Expert ISO21434 ISO 26262 ASPICE ...
Cybersecurity Expert

The product ?Gear Select Lever? consists of mechanics, including the select lever itself, electronics, including hall sensors and a microcontroller, and software. The software is AUTOSAR 4.3.0 compliant. The product realizes a human-machine interface to the powertrain. The interface between the Gear Select Lever and the powertrain includes digital communication via the CAN bus. The product has been assigned safety goals up to ASIL B. 

The software also supported Software updates using cryptographic algorithms like SHA, AES, and RSA and required compliance with UNECE WP29. The software also supported the Over the Air (OTA) update.

 

Standard/Protocol:  

AUTOSAR 4.0, ISO26262 (ASIL B), UNECE WP29

 

FuSa Contribution:

  • Elicitation of requirements specifications and analysis
  • Integrating and implementing Crypto modules to ensure Software updates using cryptographic algorithms like SHA, AES, and RSA to comply with UNECE WP29
  • Performing security analysis to identify the threats and risks, especially in the flashing of software and communication
  • Implementation of Over the Air (OTA) feature
  • Customer communication concerning cybersecurity-related topics

ISO21434 ISO 26262 ASPICE AUTOSAR UNECE OTA
Munich
1 year
2018-09 - 2019-08

BMW CCU Safety Service (ASIL C)

Functional Safety Manager ISO 26262 AUTOSAR
Functional Safety Manager

The project BMW CCU is based on the development of the charger control unit for next-generation BMW electric vehicles. The project involves a distributed development environment with teams working in different regions.

The project activities include the complete responsibility for planning the qualification activities, reviewing the safety artifacts, and supporting and guiding the safety team and developers in safety-relevant development activities.

 

Standard/Protocol: 

AUTOSAR 4.0, ISO26262

 

FuSa Contribution:

  • Planning qualification activities
  •  Reviewing System artifacts
  • Dependent failure analysis
  • Guiding the safety team in creating artifacts such as
    • FMEA
    • Safety Plan
    • Software Verification Plan
    • Software Verification Specification
    • Tool qualification report
    • Verification report
    • Software component qualification report
  • Participation in technical reviews
  • Creation of Release for Production Report
  • Supporting the FuSa Audit and Assessment

ISO 26262 AUTOSAR
Munich
10 months
2018-03 - 2018-12

Assessment of CycurCSM for ASIL B safety level as Safety Element out of Context (ASIL B)

Functional Safety Manager Cryptography iso 26262 autosar ...
Functional Safety Manager

Escrypt GmbH is the developer of the CycurCSM tool, a code generator that generates a standard AUTOSAR 4 BSW component CSM (Crypto Service Manager), responsible for acting as the interface to the Hardware Security Module functioning as the security peripheral. The component enables the communication between the Application Software Component to the Hardware Security Module through AUTOSAR APIs and other predefined APIs. 

The project involved creating safety artifacts such as Safety Plan, FMEA, Software Verification Plan, Software Verification Specification, Tool Qualification report, and constant communication with Tüv Nord for a safety audit, assessment, etc. 

 

Standard/Protocol: 

AUTOSAR 4.0, ISO26262 (ASIL B)

 

Contribution:

  • Planning assessment activities with FuSa Engineer
  • Conducting FuSa audits and planning assessments with Tüv Nord
  • Performing verification reviews on artifacts such as
    • Software FMEA
    • Software Safety Plan
    • Software Verification Plan
    • Software Verification Specification
    • Software Verification Report
    • Software Verification Report
    • Software Safety Case
    • Any other Iso 26262 work product
    • All the engineering technical artifacts such as Software Requirements, Software Architecture, etc.

Cryptography iso 26262 autosar C programming Tessy GHS Compiler Lauterbach debugger CycurCSM Reqtify Polyspace Code Prover IPIS FMEA
Munich
1 year 11 months
2016-05 - 2018-03

Keyless GO (ASIL B)

Software Expert (ISO 26262, AUTOSAR) iso 26262 autosar ASPICE ...
Software Expert (ISO 26262, AUTOSAR)

This project is about the keyless go features for Daimler trucks.  It contains many prime components such as Start-Stop systems, Klemen Control Module, etc.

The scope of work is to perform the requirement analysis, design, and development of the Start-Stop system. It includes coding the CDD driver and the development of the Application part in the Matlab/Simulink/TargetLink toolchain. The implementation includes reading the Start-Stop button status from the hardware using ADC/Microcontroller registers and deciding the keypress with plausible voltage values. It also includes the implementation of the safety mechanism and Diagnostic service in both CDD and the Model.  Also performed Integration and testing of software along with the Autosar BSW stack.

 

Standard / Protocol: AUTOSAR 4.0.1, ISO26262, XCP 2.03.1, E2E, CAN, ASPICE

 

Actuator:  

Daimler Start-Stop switch

 

Contribution:

  • Analyzing the requirements
  • Writing SWRS from CRS in Doors.
  • Coding CDD, IoHwAb, Mcal in C programming
  • Development of model and auto-code generation
  • Complex device driver development for the START-STOP system
  • Deciding the RTE Interfaces, Signals, Data types, etc. in collaboration with the BSW team.
  • Constant communication with the client for requirement clarifications and status updates.
  • Involvement in deciding ASIL level for requirements.
  • Static analysis with Polyspace
  • Implementation of safety-critical algorithms and measures
  • Implementations as per Autosar 4.x, ISO26262 and MISRA
  • Panel designing in CAPL and Testing with CANoe
  • Compile, debug, and integrate the software.

iso 26262 autosar ASPICE CAN E2E XCP MATLAB/Simulink TargetLink C programming Polyspace Code Prover CAPL Tpt Doors Dimensions
Munich
8 months
2015-09 - 2016-04

Software Unit and Integration testing of Dräger Polytron Pulsar 3 using Tessy

Functional Safety Software Tester (Unit/Integration) Product Safe C programming Tessy V3.1 ...
Functional Safety Software Tester (Unit/Integration)

The sophisticated technology in Open-Path gas detection - the Dräger Polytron Pulsar 3 is focused on the detection of a range of gaseous hydrocarbons. This includes alkanes from methane to hexane, propylene, ethylene, methanol, and ethanol. Equipped with either a terminal box or a certified cable entry point, the detector incorporates flexible installation. The continuous communication between Receiver and Transmitter across a signal line allows the system to adapt to difficult environmental conditions and ensure the highest availability. 

Scope of work was to perform the safety critical Integration and Unit testing using HITEX Tessy aiming at MCDC coverage for the safety component.  Also performing regression testing on various internal safety-critical modules and analyzing results on Jenkins build server. Also involved in the detection of bugs during the testing, regular discussions with developers, and making MANTIS entry of bugs as per the software testing process.


Actuator:  

Dräger Polytron Pulsar 3

 

Contribution:

  • Analyzing the requirements
  • Creating test plans
  • Writing stub codes in C
  • Designing Unit/Integration test cases
  • Regular discussions with developers
  • Performing Safety-critical tests aimed at
    • Requirements-based test
    • Interface test
    • Back-to-back test
    • Boundary values test
  • Aiming at 100% code coverage and addition of stub codes if required
  • Static analysis with Polyspace
  • Creation of deviation report
  • Continuous build with Jenkins builds server
  • MANTIS entries of bugs

Product Safe C programming Tessy V3.1 Polyspace Code Prover Jenkins Build Server Doors MANTIS Tortoise Hg
Lübeck
8 months
2015-01 - 2015-08

Integration of Electronic Limited Slip Differential (eLSD) for BMW M Series Vehicle (ASIL D)

Software Developer/Integrator (ISO 26262, AUTOSAR) AUTOSAR ISO 26262 XCP ...
Software Developer/Integrator (ISO 26262, AUTOSAR)

BMW M decided to migrate the existing project into the AUTOSAR environment including the safety composition. It also includes the change of ECU from Bosch to Melecs. The eLSD is used in the vehicle traction control system to maintain the proper torque between both wheels. Due to the under/over steering or slippery road conditions when any of the tires start spinning faster than others, eLSD will reduce the torque supplied to it to reduce the speed. 

The project included new feature addition and modification of code as per AUTOSAR standards, and the creation of a wrapper layer for the communication between the application and basic software level. Integration involved application software along with the basic software, complex device drivers, COM, and BMW BAC module. Integration testing was part of the project where the entire software is tested with the help of CAN communication.


Actuator: 

Electronic Limited Slip Differential

 

Standard/Protocol: 

AUTOSAR 4.0.1, ISO26262, XCP 2.03.1, E2E, CAN, FlexRay

 

Contribution: 

  • Analyzing the requirements
  • Writing SRS and SDD
  • Implementation in C for Diagnostic Safety Application (DSA)
  • Developing wrapper layer
  • Integration of manual and auto generated c modules
  • Unit and Integration test document preparation
  • Safety critical unit testing
  • Static Analysis with Polyspace
  • CAPL programming and Safety-critical integration testing
  • Support for HIL and Test Rig teams

Melecs ECU Isystem IC5000 debugger Miniwiggler Body domain controller ECU (BMW) FlexRay Interface Box VN7600
AUTOSAR ISO 26262 XCP E2E CAN FlexRay C Programming Integrity PTC V10 Tessy V3.1 CANape Polyspace Code Prover CANalyzer CANoe E-Sys WinIDEA CAPL programming
Cologne
1 year 1 month
2014-01 - 2015-01

Integration of SW E-Drive - Auto-code generation & SW Integration of Hybrid (EA-412) Compositions for BMW Cars G11, I01, I12, F30, F56, F15, F18 (LEB45x)

Software Integration Engineer autos ISO 26262 Matlab/Simulink ...
Software Integration Engineer

BMW Power Electronic Group (EA-412 Hybrid/Electric cars) had decided to transform the existing Power Electronic compositions into AUTOSAR compliant & ISO26262 compliance, with the usage of AUTO CODE generation using BACE (BMW Auto Code Environment) tool. BACE tool works along with MATLAB/Simulink and auto-generates the code using custom BMW libraries. 

This project involves building and integrating generated auto code for BMW Electric/Hybrid vehicle compositions such as Hybrid manager, dog clutch, etc. Autosar-compliant code generation is performed by the model received from the developer. Errors are fixed in the model and build is performed. Performing debugging and fixing the toolchain errors. Also performed static code analysis on the deliverable code.

 

Standard/Protocol:

AUTOSAR 4.0.1

 

Contribution: 

  • Analyze and review of the Models, Interface & BACE Tool-Chain
  • Perform the auto-code generation process of Models through BACE tool-chain
  • Compile & integrate all the components together.
  • Perform MISRA warning analysis, Compiler warning analysis
  • CAPL programming and Safety-critical integration testing
  • Complete Documentation & Report for the overall process

LEB450D PEU Box (Robert Bosch) LEB452D PEU Box (Delphi)
autos ISO 26262 Matlab/Simulink Embedded Coder BACE Toolchain (V493) Hitech GCC Windriver QAC V8.1.2 Canoe CAPL Programming
Indien
1 year
2013-01 - 2013-12

Software Modeling of EK functions for BMW cars G12, G11, I01, F45, and F56

Model-Based Designer & Tester AUTOSAR ASCET-SD MATLAB ...
Model-Based Designer & Tester

This is a development cum maintenance project for different body control features of a car like a Sunroof, Wiper washer, Convertible roof, and Power window. This project includes maintenance of the existing features and enhancement and bug fixes for the body control Modules. Issues were analyzed and fixed in the models, and also new features/change request was implemented in the model, and AUTOSAR-compliant code was generated for functional testing. For the issue reported or change requested, SIL testing has been carried out with AUTOSAR-compliant code.

BMW decided to migrate the model from the ASCET environment to MATLAB toolchain with code generation using TargetLink. Most of the features were re-modeled with MATLAB toolchain and AUTOSAR-compliant code is generated using DSpace TargetLink.

 

Standard/Protocol: 

AUTOSAR 3.x

 

Contribution: 

  • Development of new features & bug fixes in MATLAB/Simulink/TargetLink and ASCET-MD, ASCET-SE
  • Creation of Arxml?s with Autosar Authoring Tool
  • Test case design using TcED and SIL testing with ASIM (Autosar Builder) & Code coverage
  • Design of Software Architecture using EA
  • Changes in interfaces using AAT (Autosar authoring tool) and performing the quality processes

AUTOSAR ASCET-SD MATLAB Simulink TargetLink ISO 26262 MATLAB/Simulink/Stateflow ASCET-MD ASCET-SE TcEd Autosar Builder Autosar Authoring Tool
Indien
6 months
2012-07 - 2012-12

Knock Sensor Simulation & Testing with Dspace Control Desk (DS1104)

Model-Based Designer & Tester AUTOSAR ISO 26262 MATLAB/Simulink/Stateflow ...
Model-Based Designer & Tester

The Knock sensor will sense the knock occurring inside the engine as an analog signal and converts it into electrical form. This process includes Detection, Processing & Envelope Detection of the signal. Signal processing is carried out with the help of digital IIR filters and envelope detectors using Simulink blocks. The knock is detected at the particular interval of the Crank angle. This signal is passed to the ECU to prevent further knocks by retarding fuel injection.

Autosar-compliant code is generated using the Dspace TargetLink, which also included the creation of the data dictionary. Real-time simulation is performed on the designed model using dSPACE Control Desk, where output is monitored on the control desk panels.

 

Standard/Protocol:

AUTOSAR 3.x, ISO26262


Contribution

  • Analyzing the requirements
  • Development of Algorithm and Flow Charts
  • Model Design Using MATLAB/Simulink/Stateflow which included Crankshaft Profile Generator, Signal Processing Block, Envelope Detector and Knock Processing Window
  • Integration of Crank/Camshaft model to detect the knock at the particular Crank angle
  • Auto code generation using Dspace TargetLink
  • Testing using the dSPACE Control desk

AUTOSAR ISO 26262 MATLAB/Simulink/Stateflow Real-Time Workshop TargetLink
Indien

Aus- und Weiterbildung

Aus- und Weiterbildung

Educational Qualification
VTU Belgaum, India
BACHELOR of Engineering (Electronics & Communication)

Certification

intacs? certified Provisional Assessor Automotive SPICE®
Certified Scrum Product Owner® (CSPO®)

Position

Position

  • Automotive Cybersecurity Expert (ISO 21434, UNECE R155, R156, ISO 26262, ASPICE, AUTOSAR)

Kompetenzen

Kompetenzen

Top-Skills

Automotive cybersecurity ISO 21434 UNECE TARA Training Penetrationstest AUTOSAR Embedded C MATLAB dSpace Targetlink Automotive-SPICE ISO 26262 Funktionale Sicherheit

Produkte / Standards / Erfahrungen / Methoden

Profile
  • Experience working as Trainer (ISO 21434, UNECE R155, R156) for German OEMs and Tier1s on the topics:
    • Introduction to Automotive Cybersecurity
    • Secure Software Development and Verification
    • Penetration Testing
  • Member of ISO cybersecurity working group (ISO/TC 22/SC 32/WG 11)
  • Experience in cybersecurity development lifecycle (Engineering) including:
    • Cybersecurity concept definition including cybersecurity goals.
    • Cybersecurity requirements definition, Architectural design, and development at different abstraction levels
    • Cybersecurity verification and validation activities including definition of test specification, test cases, etc.
  • Experience in organizational cybersecurity management including:
    • Preparing and successfully certifying organizations on ISO 27001, ISO 9001
    • Preparing and successfully obtaining the TISAX Level 2 label (Info High)
    • Improving cybersecurity awareness through training and workshops
  • Experience in the cybersecurity process definition including:
    • Extending the ASPICE process landscape to include cybersecurity-related processes.
    • Creation of templates and guidelines for the cybersecurity work products
    • Planning the execution of cybersecurity activities as a part of scrum based ASPICE compliant V-Model
  • Experience in project-dependent cybersecurity management including:
    • Preparation of Cybersecurity Interface Agreement (CIA), Cybersecurity plan, Cybersecurity case, etc.
    • Preparation of template and support for the cybersecurity assessment plan, report
  • Experience in performing Threat Analysis and Risk Assessment (TARA) including:
    • Analyzing item definition
    • Identification of assets
    • Analyzing attack paths
    • Determination of risk value
    • Selection of cybersecurity control mechanisms
    • TARA performed on the tools: Excel, Medini Analyzer
  • Featured in DW news on successfully hacking a well-known car brand in the field of Cybersecurity.
  • Designed an organizational standard process for managing and executing projects according to ASPICE v3.1, ISO 9001, ISO 26262.
  • Responsible for deploying and fostering the organization's standard process to ensure quality software development.
  • Experience working with 3 German OEMs in various Functional Safety (FuSa) development, assessment, and qualification projects.
  • Played the role of Functional Safety Expert with premium German and UK OEMs and guided them in the field of Functional Safety.
  • Experience in successfully defending FuSa audits and conducting assessments with Tüv Nord
  • Experience in verification review of FuSa artifacts such as Software FMEA, Safety Plan, Software Verification Plan, Software Verification Specifications, Software Verification Report, Safety case, Safety Manual Inputs, etc.
  • Experience in confirmation review of Software Tool Qualification report.
  • Experience in tailoring the process for project management, quality, configuration management, and change management for FuSa projects
  • Successfully executed and achieved ASPICE Level 3 certification in multiple external audits.
  • Experience in scrum-based project management.
  • Managed communication successfully with the customer, the OEM, and the suppliers while resolving the conflicts that occurred over the development process.
  • Negotiation experience with suppliers and vendors.
  • Functional Safety and Cybersecurity trainer with 2 years of experience in training participants from premium German Tier 1 and OEMs
  • Active contribution to the AUTOSAR Consortium as a development partner in the safety and security group.

Software / Programming
Compilers/ Debuggers
Renesas, Tasking Tricore, Windriver, GCC, Miniwiggler, IC5000, Minicube, Infineon

Tools
MATLAB, Simulink, Stateflow, Design Verifier, Embedded Coder, Polyspace Code Prover, Dspace Control Desk, TargetLink, Ascet-SE, Ascet-MD, Autosar Builder, TcED, Enterprise Architect, Tessy, CANape, CANalyzer, CANoe, E-Sys, WinIDEA, Infineon MemTool, FPGA, Latex, Jenkins build server, MANTIS, Dimensions, Tpt, APIS FMEA, Medini Analyzer

Concepts
AUTOSAR, ISO26262, ISO 21434, ISO/PAS 21448, FMI, TIMEX

Testing Concepts
Concept Development: MiL, SiL, PiL, HiL

Configuration Management Tool
SVN, VSS, DOORS, PTC, Jira, Confluence, ClickUp

Protocols
CAN, FlexRay, SPI, LIN

Programmiersprachen

Embedded C
Python
MATLAB Programming
CAPL

Branchen

Branchen

Automotive

Vertrauen Sie auf GULP

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das GULP Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.