HEAVENS: HEAling Vulnerabilities to ENhance Software Security and Safety

Purpose and goal

The goal of the HEAVENS project has been to identify security vulnerabilities in automotive systems and to present methodologies along with tools to evaluate security. Other goals have been to investigate the interplay of safety and security in the context of automotive E/E systems. The result, we call it the HEAVENS security model, is a systematic approach, including methods, processes and tool support, of deriving security requirements and to perform security testing and evaluation for E/E systems.

Results and expected effects

The activities that have been performed within the HEAVENS project have strengthened Volvo and other project partner´s position within the research area of automotive security. The project has also attracted a lot of attention and interest from SAE J3061, AUTOSAR WP-X-SEC, NHTSA, Volvo and the other participating companies and has brought up security on several internal agendas to highlight the need for increased activity in this area.

Approach and implementation

Seven different work packages have: 1. Investigated how security models and testing could be used by different stake holders 2. Identified different methods and tools to evaluate various dimensions of automotive software security and to establish state-of-the-art within this area 3. Defined methods and tools that are required to perform security testing and evaluation 4. Identified the interplay of safety and security in the context of the E/E architecture 5. Demonstrated proof of concepts from the work packages above 6. Handled project management 7. Arranged dissemination events