Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Integrated Failure and Threat Mode and Effect Analysis (FTMEA) Framework with Quantified Cross-Domain Correlation Factors for Automotive Semiconductors

Antonino Armato, Marzana Khatun, Sebastian Fischer

TL;DR

An Integrated Failure and Threat Mode and Effect Analysis (FTMEA) framework that systematically co-analyzes FuSa and cybersecurity, offering a unified, traceable, methodology for risk assessment in critical automotive systems.

Abstract

The automotive industry faces increasing challenges in ensuring both functional safety (FuSa) and cybersecurity for complex semiconductor devices. Traditional Failure Mode and Effects Analysis (FMEA) primarily addresses safety-related failure modes, often overlooking synergistic vulnerabilities and shared consequences with cybersecurity threats. This paper introduces an Integrated Failure and Threat Mode and Effect Analysis (FTMEA) framework that systematically co-analyzes FuSa and cybersecurity. A cornerstone of this framework is the introduction of rigorously defined Cross-Domain Correlation Factors (CDCFs), which quantify the interdependencies and mutual influences between safety-related failures and cybersecurity threats. These factors are derived from a combination of structured expert knowledge, static structural analysis metrics (e.g., Controllability/Observability), and validated against empirical data from fault/attack injection campaigns. We propose a modified Risk Priority Number (RPN) calculation that systematically integrates these correlation factors, enabling a more accurate and transparent prioritization of risks that span both domains. A detailed case study involving an automotive ASIC configuration register proves the practical application of the FTMEA. We present explicit mapping tables, quantitative CDCF values, and a comparative analysis against a baseline FMEA/TARA (Threat Analysis and Risk Assessment), illustrating how the integrated approach uncovers previously masked cross-domain risks, improves mitigation strategy effectiveness, and provides a clear quantitative justification for the derived correlation values. This framework offers a unified, traceable, methodology for risk assessment in critical automotive systems, thereby overcoming the limitations of conventional analyses and promoting optimized, cross-disciplinary development.

An Integrated Failure and Threat Mode and Effect Analysis (FTMEA) Framework with Quantified Cross-Domain Correlation Factors for Automotive Semiconductors

TL;DR

An Integrated Failure and Threat Mode and Effect Analysis (FTMEA) framework that systematically co-analyzes FuSa and cybersecurity, offering a unified, traceable, methodology for risk assessment in critical automotive systems.

Abstract

The automotive industry faces increasing challenges in ensuring both functional safety (FuSa) and cybersecurity for complex semiconductor devices. Traditional Failure Mode and Effects Analysis (FMEA) primarily addresses safety-related failure modes, often overlooking synergistic vulnerabilities and shared consequences with cybersecurity threats. This paper introduces an Integrated Failure and Threat Mode and Effect Analysis (FTMEA) framework that systematically co-analyzes FuSa and cybersecurity. A cornerstone of this framework is the introduction of rigorously defined Cross-Domain Correlation Factors (CDCFs), which quantify the interdependencies and mutual influences between safety-related failures and cybersecurity threats. These factors are derived from a combination of structured expert knowledge, static structural analysis metrics (e.g., Controllability/Observability), and validated against empirical data from fault/attack injection campaigns. We propose a modified Risk Priority Number (RPN) calculation that systematically integrates these correlation factors, enabling a more accurate and transparent prioritization of risks that span both domains. A detailed case study involving an automotive ASIC configuration register proves the practical application of the FTMEA. We present explicit mapping tables, quantitative CDCF values, and a comparative analysis against a baseline FMEA/TARA (Threat Analysis and Risk Assessment), illustrating how the integrated approach uncovers previously masked cross-domain risks, improves mitigation strategy effectiveness, and provides a clear quantitative justification for the derived correlation values. This framework offers a unified, traceable, methodology for risk assessment in critical automotive systems, thereby overcoming the limitations of conventional analyses and promoting optimized, cross-disciplinary development.
Paper Structure (16 sections, 3 equations, 8 figures, 1 table)

This paper contains 16 sections, 3 equations, 8 figures, 1 table.

Table of Contents

  1. Introduction
  2. Context and Problem Statement
  3. State-of-the-Art and Identified Gaps
  4. Main Contributions
  5. Paper Structure
  6. State of the Art: Integrated FuSa and Cybersecurity Analysis
  7. Standards and Interactions
  8. Methods and Techniques
  9. Proposed approach
  10. Co-Analysis Concept including Correlation factors
  11. Quantification of Cross-Domain Correlation Factors (CDCFs)
  12. Calculation of RPN
  13. Measure of Cross-Domain Correlation Factors (CDCFs)
  14. Case Study: Automotive ASIC Configuration Register
  15. Discussion of Results
  16. ...and 1 more sections

Figures (8)

  • Figure 1: Proposed FTMEA Flow Diagram with Quantified Cross-Domain Correlation Factors
  • Figure 2: Correlation matrix of common effect where each value is the Cross-Domain Correlation Factor (CDCF)
  • Figure 3: Proposed mapping of risk matrix
  • Figure 6: Example how the "Security area detection" and "Safety Mechanism" can share observation points for a "Common Effect point." The "Correlation area" represents the overlap in their monitoring capabilities. Quantification of this overlap (e.g., shared observable registers, common diagnostic paths) via structural analysis contributes to CDCF. A high degree of overlap indicates that a detection mechanism in one domain (e.g., integrity check) can also effectively contribute to detecting issues originating from the other domain, thereby quantifying a positive detection correlation.
  • Figure 7: Use Case-Block Diagram. The configuration register, in yellow, is the scope of the analysis.
  • ...and 3 more figures