Partners
Automotive Information Sharing and Analysis Center
Testing Automotive Cybersecurity
Secure bits and bytes in cyberspace!
The Connected Vehicle Systems Alliance
Research Project
at itemis
News
The development of openXSAM is ongoing. Here, we will inform you on new use cases, new partners and progress on the implementation side.
Stay tuned for updates (subscribe via atom or rss2 feed)
November 2023
openXSAM XML Schema Definitions
Following the release of openXSAM Technical Specification, we would like to provide the XML Schema Definition files (XSDs) that define the structure and format of openXSAM XML files. These XSDs are essential for validating openXSAM data and ensuring that it adheres to the established schema.
The XSD Schemas can be found in the repository here.
Announcing openXSAM 1.0 Technical Specification Release!
We are thrilled to announce the official release of openXSAM 1.0 Technical Specification – a significant advancement in the realm of risk information sharing. openXSAM empowers automotive manufacturers and suppliers to seamlessly document, share, and exchange critical information related to cybersecurity assets, threats, risks, and controls in a machine-readable format. The specification facilitates a structured and standardized data exchange for integration across the entire toolchain.
July 2022
R155 Informed Authoring of Cybersecurity Test Plans
itemis, Block Harbor Cybersecurity and Keysight have teamed up to think about how security testing could profit from being technically integrated with the outcomes of a TARA. Interested? Just download our request for comments and give us your feedback!
February 2022
openXSAM will be an ASRG TC!
After a long time, there are some news now: We will be a Technical Committee at the ASRG automotive security research group! This is a great opportunity for coming to a cross-vendor discussion that is not owned by any particular party. We will send out an invitation for kicking it off soon – so if you are not listed as a partner yet, but would like to be part of it, just drop me a message in the asrg slack. I’m really glad to have the ASRG as the new parent organization of openxsam.
March 2021
ISO/SAE 21434 Item Definition as XSAM
It’s 2021 and the final release of ISO/SAE 21434 is approaching. We at itemis have taken the example threat analysis in Annex G of the draft and modeled the system using XSAM. You can download it from here: ISO21434_G_ItemDefinition.xsam. You can take it as a proposal how Functions, Components, Data Flows and transferred or stored Data could be picked up in the OpenXSAM initiative. To discuss it, we will bring all partners to a round table once we are set up as an ASRG Technical Committee.
Until then, have a look, share, and feel free to provide feedback!
December 2020
Talk at ASRG
On Thursday, Bastian Kruck from talked at the ASRG meetup about ISO/SAE 21434 Across Tools, Teams, and Organizations. Including the motivation for openXSAM, current status, and how far they are at itemis with implementing it. It resonanted well. Watch it here
Proposing a System Metamodel
Since we’re already experienced with implementing XSAM at itemis, we’re planning to share our considerations with the community as a basis for discussion. We’re currently in the process of documenting our metamodel. Here is a small preview of our proposed metamodel for describing the item under evaluation:
October 2020
Technical connectivity for Enterprise Architect via openXSAM
With the technical integration of Enterprise Architect, openXSAM can now be used to import, export and trace modeling elements like functions, components, connections and data from Enterprise Architect. Security relevant elements can be tagged in Enterprise Architect and then converted in openXSAM data for security analysis purposes. This process is bi-directional and preserves all tracing information.
Besides supporting the use case of linking security relevant data to the architecture lead system, this also supports the co-development of safety and security features.
Welcome, Block Harbor
Block Harbor Cybersecurity just joined to partner in working on this. Welcome, Brandon & Co!
September 2020
You’re invited!
We’ve written a High-Level Overview document to scope our mission based on which we can invite and identify partners.
Summary
New norms like ISO21434 and UNECE require the automotive industry to perform and document security risk analysis activities and results. This is true for the development process as well as for the life cycle of the products. As a result, it becomes important for the parties to integrate security risk analysis software in existing tool chains. The parties would also benefit from an exchange format that would allow the exchange of security risk analysis data across departments and corporations.
openXSAM could serve as a protocol to achieve the above goals. The work on openXSAM will be open to all parties interested in establishing an open exchange format for security risk analysis in the automotive domain.