Loading...

Partners

Automotive Security Research Group

Auto-ISAC

Automotive Information Sharing and Analysis Center

Block Harbor. Cybersecurity

KEYSIGHT Technologies

Testing Automotive Cybersecurity

GoGoByte

Secure bits and bytes in cyberspace!

COVESA

The Connected Vehicle Systems Alliance

Fraunhofer Institute for Applied and Integrated Security

AVL Software and Functions

Holistic Security Solutions

CAV Technologies

SecForCARs

Research Project

Security Analysis Team

at itemis

…and you?

News

The development of openXSAM is ongoing. Here, we will inform you on new use cases, new partners and progress on the implementation side.
Stay tuned for updates (subscribe via atom or rss2 feed)

November 2023

openXSAM XML Schema Definitions

November 15th, 2023|

Following the release of openXSAM Technical Specification, we would like to provide the XML Schema Definition files (XSDs) that define the structure and format of openXSAM XML files. These XSDs are essential for validating openXSAM data and ensuring that it adheres to the established schema.

The XSD Schemas can be found in the repository here.

Announcing openXSAM 1.0 Technical Specification Release!

November 1st, 2023|

We are thrilled to announce the official release of openXSAM 1.0 Technical Specification – a significant advancement in the realm of risk information sharing. openXSAM empowers automotive manufacturers and suppliers to seamlessly document, share, and exchange critical information related to cybersecurity assets, threats, risks, and controls in a machine-readable format. The specification facilitates a structured and standardized data exchange for integration across the entire toolchain.

 

Download openXSAM 1.0 Technical Specification

July 2022

R155 Informed Authoring of Cybersecurity Test Plans

July 12th, 2022|

itemis, Block Harbor Cybersecurity and Keysight have teamed up to think about how security testing could profit from being technically integrated with the outcomes of a TARA. Interested? Just download our request for comments and give us your feedback!download

February 2022

openXSAM will be an ASRG TC!

February 23rd, 2022|

After a long time, there are some news now: We will be a Technical Committee at the ASRG automotive security research group! This is a great opportunity for coming to a cross-vendor discussion that is not owned by any particular party. We will send out an invitation for kicking it off soon – so if you are not listed as a partner yet, but would like to be part of it, just drop me a message in the asrg slack. I’m really glad to have the ASRG as the new parent organization of openxsam.

March 2021

ISO/SAE 21434 Item Definition as XSAM

March 12th, 2021|

It’s 2021 and the final release of ISO/SAE 21434 is approaching. We at itemis have taken the example threat analysis in Annex G of the draft and modeled the system using XSAM. You can download it from here: ISO21434_G_ItemDefinition.xsam. You can take it as a proposal how Functions, Components, Data Flows and transferred or stored Data could be picked up in the OpenXSAM initiative. To discuss it, we will bring all partners to a round table once we are set up as an ASRG Technical Committee.

Until then, have a look, share, and feel free to provide feedback!

Headlamp System Item Definition

December 2020

Talk at ASRG

December 14th, 2020|

On Thursday, Bastian Kruck from talked at the ASRG meetup about ISO/SAE 21434 Across Tools, Teams, and Organizations. Including the motivation for openXSAM, current status, and how far they are at itemis with implementing it. It resonanted well. Watch it here

21434-clauses mapped to the V model

Proposing a System Metamodel

December 10th, 2020|

Since we’re already experienced with implementing XSAM at itemis, we’re planning to share our considerations with the community as a basis for discussion. We’re currently in the process of documenting our metamodel. Here is a small preview of our proposed metamodel for describing the item under evaluation:

 

A Proposed TOE Metamodel for XSAM

October 2020

Technical connectivity for Enterprise Architect via openXSAM

October 21st, 2020|

With the technical integration of Enterprise Architect, openXSAM can now be used to import, export and trace modeling elements like functions, components, connections and data from Enterprise Architect. Security relevant elements can be tagged in Enterprise Architect and then converted in openXSAM data for security analysis purposes. This process is bi-directional and preserves all tracing information.

Besides supporting the use case of linking security relevant data to the architecture lead system, this also supports the co-development of safety and security features.

Welcome, Block Harbor

October 7th, 2020|

Block Harbor Cybersecurity just joined to partner in working on this. Welcome, Brandon & Co!

September 2020

You’re invited!

September 16th, 2020|

We’ve written a High-Level Overview document to scope our mission based on which we can invite and identify partners.

Summary

New norms like ISO21434 and UNECE require the automotive industry to perform and document security risk analysis activities and results. This is true for the development process as well as for the life cycle of the products. As a result, it becomes important for the parties to integrate security risk analysis software in existing tool chains. The parties would also benefit from an exchange format that would allow the exchange of security risk analysis data across departments and corporations.

openXSAM could serve as a protocol to achieve the above goals. The work on openXSAM will be open to all parties interested in establishing an open exchange format for security risk analysis in the automotive domain.

Go to Top