Lecture Notes in Computer Science 12235

Founding Editors

Gerhard GoosKarlsruhe Institute of Technology, Karlsruhe, Germany

Juris HartmanisCornell University, Ithaca, NY, USA

Editorial Board Members

Elisa BertinoPurdue University, West Lafayette, IN, USA

Wen GaoPeking University, Beijing, China

Bernhard SteffenTU Dortmund University, Dortmund, Germany

Gerhard WoegingerRWTH Aachen, Aachen, Germany

Moti YungColumbia University, New York, NY, USA

More information about this series at http://www.springer.com/series/7408

António Casimiro • Frank Ortmeier •

Erwin Schoitsch • Friedemann Bitsch •

Pedro Ferreira (Eds.)

Computer Safety,Reliability, and SecuritySAFECOMP 2020 WorkshopsDECSoS 2020, DepDevOps 2020, USDAI 2020, and WAISE 2020Lisbon, Portugal, September 15, 2020Proceedings

123

EditorsAntónio CasimiroUniversity of LisbonLisbon, Portugal

Frank OrtmeierOtto-von-Guericke UniversityMagdeburg, Germany

Erwin SchoitschAustrian Institute of TechnologyVienna, Austria

Friedemann BitschThales Deutschland GmbHDitzingen, Germany

Pedro FerreiraUniversity of LisbonLisbon, Portugal

ISSN 0302-9743 ISSN 1611-3349 (electronic)Lecture Notes in Computer ScienceISBN 978-3-030-55582-5 ISBN 978-3-030-55583-2 (eBook)https://doi.org/10.1007/978-3-030-55583-2

LNCS Sublibrary: SL2 – Programming and Software Engineering

© Springer Nature Switzerland AG 2020This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of thematerial is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,broadcasting, reproduction on microfilms or in any other physical way, and transmission or informationstorage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology nowknown or hereafter developed.The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoes not imply, even in the absence of a specific statement, that such names are exempt from the relevantprotective laws and regulations and therefore free for general use.The publisher, the authors and the editors are safe to assume that the advice and information in this book arebelieved to be true and accurate at the date of publication. Neither the publisher nor the authors or the editorsgive a warranty, expressed or implied, with respect to the material contained herein or for any errors oromissions that may have been made. The publisher remains neutral with regard to jurisdictional claims inpublished maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AGThe registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Preface

The SAFECOMP workshop day has for many years preceded the SAFECOMP con-ference, attracting additional participants. The SAFECOMP workshops have becomemore attractive since they started generating their own proceedings in theSpringer LNCS series (Springer LNCS vol. 12235, the book in your hands; the mainconference proceedings are LNCS 12234). This meant adhering to Springer’s guide-lines, i.e., the respective International Program Committee of each workshop had tomake sure that at least three independent reviewers reviewed the papers carefully. Theselection criteria were different from those for the main conference since authors wereencouraged to submit workshop papers, i.e., on work in progress and potentiallycontroversial topics. In total, 30 regular papers (out of 45) were accepted. One invitedpaper was added (in the DECSoS workshop), and all workshops included an intro-duction written by the chairs.

Two of the four workshops are sequels to earlier workshops, two are new in topicsand Organizing Committees:

• DECSoS 2020 – 15th Workshop on Dependable Smart Embedded andCyber-Physical Systems and Systems-of-Systems, chaired by Erwin Schoitsch andAmund Skavhaug, and supported by ERCIM, EWICS, and ARTEMIS/ECSELprojects.

• WAISE 2020 – Third International Workshop on Artificial Intelligence SafetyEngineering, chaired by Orlando Avila-García, Mauricio Castillo-Effen, Chih-HongCheng, Zakaria Chihani, and Simos Gerasimou.

• DepDevOps 2020 – First International Workshop on DependableDevelopment-Operation Continuum Methods for Dependable Cyber-PhysicalSystems, chaired by Haris Isakovic, Miren Illarramendi, Aitor Arrieta, and IruneAgirre.

• USDAI 2020 – First International Workshop on Underpinnings for SafeDistributed AI, chaired by Morten Larsen and Alexandru Uta.

The workshops provide a truly international platform for academia and industry.It has been a pleasure to work with the SAFECOMP chair Antonio Casimiro, with

the publication chairs, Friedemann Bitsch and Pedro Ferreira, the workshop chairs,Program Committees, and the authors. Particular thanks goes to all partners whoreorganized SAFECOMP 2020 and all workshops as an online event in hard timesbecause of the COVID-19 crisis. Thank you all for your good cooperation andexcellent work!

September 2020 Erwin Schoitsch

Organization

Committees

EWICS TC7 Chair

Francesca Saglietti University of Erlangen-Nuremberg, Germany

General Chair

António Casimiro University of Lisbon, Portugal

Program Co-chairs

António Casimiro University of Lisbon, PortugalFrank Ortmeier Otto-von-Guericke University, Germany

General Workshop Chair

Erwin Schoitsch AIT Austrian Institute of Technology, Austria

Publication Chairs

Friedemann Bitsch Thales Deutschland GmbH, GermanyPedro Ferreira University of Lisbon, Portugal

Position Papers Chair

Jérémie Guiochet University of Toulouse III, France

Publicity Chair

Bernardo Ferreira University of Lisbon, Portugal

Local Organizing Committee

António Casimiro University of Lisbon, PortugalPedro Ferreira University of Lisbon, PortugalIbéria Medeiros University of Lisbon, Portugal

Workshop Chairs

DECSoS 2020

Erwin Schoitsch AIT Austrian Institute of Technology, AustriaAmund Skavhaug NTNU, Norway

DepDevOps 2020

Haris Isakovic TU Wien, AustriaMiren Illarramendi Mondragon University, SpainAitor Arrieta Mondragon University, SpainIrune Agirre IKERLAN, Spain

USDAI 2020

Morten Larsen AnyWi Technologies, The NetherlandsAlexandru Uta Leiden Institute of Advanced Computer Science,

The Netherlands

WAISE 2020

Orlando Avila-García Atos, SpainMauricio Castillo-Effen Lockheed Martin, USAChih-Hong Cheng DENSO, GermanyZakaria Chihani CEA LIST, FranceSimos Gerasimou University of York, UK

viii Organization

Gold Sponsor

Intel

Silver Sponsor

Edge Case Research

Supporting Institutions

European Workshop on IndustrialComputer Systems – Reliability, Safetyand Security

Faculdade de Ciências daUniversidade de Lisboa

LASIGE Research Unit

Organization ix

AG Software Engineering,Otto-von-Guericke-Universität Magdeburg

Austrian Institute of Technology

Thales Deutschland GmbH

Lecture Notes in ComputerScience (LNCS), Springer Science +Business Media

European Network of Clubs forReliability and Safetyof Software-Intensive Systems

German Computer Society

x Organization

Informationstechnische Gesellschaft

Electronic Components and Systemsfor European Leadership - Austria

ARTEMIS Industry Association

Verband österreichischerSoftware Industrie

Austrian Computer Society

European Research Consortiumfor Informatics and Mathematics

Organization xi

Contents

15th International Workshop on Dependable SmartCyber-Physical Systems and Systems-of-Systems (DECSoS 2020)

Supervisory Control Theory in System Safety Analysis . . . . . . . . . . . . . . . . 9Yuvaraj Selvaraj, Zhennan Fei, and Martin Fabian

A Method to Support the Accountability of Safety Cases by IntegratingSafety Analysis and Model-Based Design . . . . . . . . . . . . . . . . . . . . . . . . . 23

Nobuaki Tanaka, Hisashi Yomiya, and Kiyoshi Ogawa

Collecting and Classifying Security and Privacy Design Patternsfor Connected Vehicles: SECREDAS Approach . . . . . . . . . . . . . . . . . . . . . 36

Nadja Marko, Alexandr Vasenev, and Christoph Striecks

Safety and Security Interference Analysis in the Design Stage . . . . . . . . . . . 54Jabier Martinez, Jean Godot, Alejandra Ruiz, Abel Balbis,and Ricardo Ruiz Nolasco

Formalising the Impact of Security Attacks on IoT Safety . . . . . . . . . . . . . . 69Ehsan Poorhadi, Elena Troubitysna, and György Dan

Assurance Case Patterns for Cyber-Physical Systemswith Deep Neural Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Ramneet Kaur, Radoslav Ivanov, Matthew Cleaveland, Oleg Sokolsky,and Insup Lee

Safety-Critical Software Development in C++. . . . . . . . . . . . . . . . . . . . . . . 98Daniel Kästner, Christoph Cullmann, Gernot Gebhard, Sebastian Hahn,Thomas Karos, Laurent Mauborgne, Stephan Wilhelm,and Christian Ferdinand

An Instruction Filter for Time-Predictable Code Executionon Standard Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Michael Platzer and Peter Puschner

ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell . . . . 123Georg Macher, Christoph Schmittner, Omar Veledar,and Eugen Brenner

WiCAR - Simulating Towards the Wireless Car . . . . . . . . . . . . . . . . . . . . . 136Harrison Kurunathan, Ricardo Severino, Ênio Filho,and Eduardo Tovar

Automated Right of Way for Emergency Vehicles in C-ITS:An Analysis of Cyber-Security Risks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

Lucie Langer, Arndt Bonitz, Christoph Schmittner, and Stefan Ruehrup

Integrity Checking of Railway Interlocking Firmware . . . . . . . . . . . . . . . . . 161Ronny Bäckman, Ian Oliver, and Gabriela Limonta

LoRaWAN with HSM as a Security Improvementfor Agriculture Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

Reinhard Kloibhofer, Erwin Kristen, and Luca Davoli

1st International Workshop on Dependable Development-OperationContinuum Methods for Dependable Cyber-Physical System(DepDevOps 2020)

Multilevel Runtime Security and Safety Monitoring for Cyber PhysicalSystems Using Model-Based Engineering. . . . . . . . . . . . . . . . . . . . . . . . . . 193

Smitha Gautham, Athira V. Jayakumar, and Carl Elks

Towards a DevOps Approach in Cyber Physical Production Systems UsingDigital Twins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Miriam Ugarte Querejeta, Leire Etxeberria, and Goiuria Sagardui

Leveraging Semi-formal Approaches for DepDevOps . . . . . . . . . . . . . . . . . 217Wanja Zaeske and Umut Durak

1st International Workshop on Underpinnings for Safe DistributedArtificial Intelligence (USDAI 2020)

Towards Building Data Trust and Transparency in Data-DrivenBusiness Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Annanda Rath, Wim Codenie, and Anna Hristoskova

Distributed AI for Special-Purpose Vehicles . . . . . . . . . . . . . . . . . . . . . . . . 243Kevin Van Vaerenbergh, Henrique Cabral, Pierre Dagnely,and Tom Tourwé

Cynefin Framework, DevOps and Secure IoT: Understanding the Natureof IoT Systems and Exploring Where in the DevOps Cycle Easy Gains CanBe Made to Increase Their Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Franklin Selgert

xiv Contents

Creating It from SCRATCh: A Practical Approach for Enhancingthe Security of IoT-Systems in a DevOps-Enabled SoftwareDevelopment Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Simon D. Duque Anton, Daniel Fraunholz, Daniel Krohmer,Daniel Reti, Hans D. Schotten, Franklin Selgert, Marcell Marosvölgyi,Morten Larsen, Krishna Sudhakar, Tobias Koch, Till Witt,and Cédric Bassem

3rd International Workshop on Artificial Intelligence SafetyEngineering (WAISE 2020)

Revisiting Neuron Coverage and Its Application to Test Generation . . . . . . . 289Stephanie Abrecht, Maram Akila, Sujan Sai Gannamaneni,Konrad Groh, Christian Heinzemann, Sebastian Houben,and Matthias Woehrle

A Principal Component Analysis Approach for Embedding LocalSymmetries into Deep Learning Algorithms . . . . . . . . . . . . . . . . . . . . . . . . 302

Pierre-Yves Lagrave

A Framework for Building Uncertainty Wrappers for AI/ML-BasedData-Driven Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Michael Kläs and Lisa Jöckel

Rule-Based Safety Evidence for Neural Networks . . . . . . . . . . . . . . . . . . . . 328Tewodros A. Beyene and Amit Sahu

Safety Concerns and Mitigation Approaches Regarding the Use of DeepLearning in Safety-Critical Perception Tasks. . . . . . . . . . . . . . . . . . . . . . . . 336

Oliver Willers, Sebastian Sudholt, Shervin Raafatnia,and Stephanie Abrecht

Positive Trust Balance for Self-driving Car Deployment. . . . . . . . . . . . . . . . 351Philip Koopman and Michael Wagner

Integration of Formal Safety Models on System Level Using the Exampleof Responsibility Sensitive Safety and CARLA Driving Simulator . . . . . . . . 358

Bernd Gassmann, Frederik Pasch, Fabian Oboril,and Kay-Ulrich Scholl

A Safety Case Pattern for Systems with Machine Learning Components . . . . 370Ernest Wozniak, Carmen Cârlan, Esra Acar-Celik, and Henrik J. Putzer

Contents xv

Structuring the Safety Argumentation for Deep Neural Network BasedPerception in Automotive Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

Gesina Schwalbe, Bernhard Knie, Timo Sämann, Timo Dobberphul,Lydia Gauerhof, Shervin Raafatnia, and Vittorio Rocco

An Assurance Case Pattern for the Interpretability of Machine Learningin Safety-Critical Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Francis Rhys Ward and Ibrahim Habli

A Structured Argument for Assuring Safety of the IntendedFunctionality (SOTIF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408

John Birch, David Blackburn, John Botham, Ibrahim Habli,David Higham, Helen Monkhouse, Gareth Price, Norina Ratiu,and Roger Rivett

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

xvi Contents