Platform Security Plan		status: draft security: YES safety: ASIL_B
tags: platform_management realizes: PROCESS_wp__platform_security_plan, PROCESS_wp__tailoring
doc__platform_security_plan		Generic Document

Security management / Platform Security Plan

Security Roles & Responsibilities

• Security Manager - will ensure that security activities are actively planned, developed, analyzed, verified and tested and managed throughout the life cycle of the project. As all the implementation of security functions takes place within module development, there is a security manager appointed in the module’s security plan, who defines the security process and creates a security management plan.

• Security Engineer - performs the security analysis using methodologies such as TARA

• Contributors - developers who follow secure coding guidelines

Continuous secure software development

Secure coding guidelines

All developers shall be aware of and shall adhere to the following secure coding guidelines for c++ and rust as applicable:

1. SEI CERT C++ Coding Standard

2. Guidelines for the use of the C++14 language in critical and safety-related systems

3. MISRA C++:2023 Guidelines for the use C++:17 in critical systems

4. Secure Rust guidelines

5. The Rustonomicon (Unsafe Code Guidelines & Pitfalls)

6. Rust Secure Code Working Group

Automated code scanning

The following tools should be part of the CI/CD pipeline and should run automatically for every patch, minor and major release:

1. Static code analysis tools such as coverity for c/c++ and clippy for rust

2. SCA (software composition analysis) tools - scanning of open source libraries for CVEs - such as RustSec Crates or Blackduck

3. Fuzz testing (semi automated) - someone has to create special harnesses for the fuzz testing - can be done by tools such as Google oss fuzz

4. Regular checking of clean code by functional test coverage and

   checking for cyclic dependencies etc.

Security Analysis or TARA (threat analysis risk assessment)

• Security analysis shall be performed on the features and how modules/components interact with one another to implement a feature

• Analysis results shall be documented and shall serve as security requirements for the features.

Security code reviews

Contributors should perform regular security code reviews. Assign a few developers as security champions who should receive security trainings to perform such code reviews.

Security Work Packages

Deliverable	Description	Responsible Person
Item definition	defining boundaries, assets etc	Security Manager/Engineer
Data flow diagrams	document the interaction and data flow between the components in a system	Contributors
TARA	enumerate threats, analyze attack feasibility and impact, decide treatment (mitigate/transfer/accept/avoid).	Security Engineer
Cybersecurity goals	Security goals should be defined for the whole S-CORE middleware. These goals will serve as the input for the security analysis.	Security Manager
Horizontal Security Requirements	applicable to all modules/components	Security Manager
Security concepts resulting from the goals and TARA	Security concepts should document different options and a favorable option should be implemented	Contributors and Security Manager/engineer
Hardening guide for Integrators	Some identified risks are mitigated by hardening the platform. Such mitigations shall be part of this guide	Contributors and Security Manager
Security sign off process before releases	A checklist should be created and signed to ensure that all documented risks are mitigated	Contributors and Security Manager

Vulnerability Management

• SBOMs needs to be defined and used in CVE scanning (SBOM driven CVE scanning). This process should be automated to run in the CI/CD pipeline.

• When a vulnerability is reported or identified, the following tasks shall be performed by the following responsible persons:

Task	Description	Responsible Person
Vulnerability Validation and classification	Validating whether the reported issue is a security vulnerability and mapping it a known CWE (common weakness enumeration)	Contributors
CVSS score calculation	Calculating CVSS score to understand the criticality of the reported vulnerability	Security Engineer/Manager and contributors
Prioritization	Decision on when to issue a patch	Security Manager and contributors
Responsible disclosure	Decide whether this should be disclosed or not. Request a CVE Id if needed to be disclosed.	Security Manager

Links to the tools

TARA tools :

• devmatic-it/taralizer

• cjneely10/TARA-Analysis

---

Title	ID	Status	Realizes
Change Management Plan	doc__platform_change_management_plan	draft	PROCESS_wp__chm_plan
Configuration Management Plan	doc__config_mgt_plan	draft	PROCESS_wp__config_mgt_plan
Documentation Management Plan	doc__documentation_mgt_plan	draft	PROCESS_wp__document_mgt_plan
Platform Management Plan	doc__platform_mgt_plan	draft	PROCESS_wp__platform_mgmt
Platform Quality Management Plan	doc__platform_quality_plan	valid	PROCESS_wp__qms_plan
Platform Safety Plan	doc__platform_safety_plan	draft	PROCESS_wp__platform_safety_plan; PROCESS_wp__tailoring
Platform Security Plan	doc__platform_security_plan	draft	PROCESS_wp__platform_security_plan; PROCESS_wp__tailoring
Problem Resolution Plan	doc__platform_problem_resolution_plan	draft	PROCESS_wp__prm_plan
Project Management Plan	doc__project_mgt_plan	draft	PROCESS_wp__project_mgt
Release Management Plan	doc__platform_release_management_plan	draft
Software Development Plan	doc__software_development_plan	draft	PROCESS_wp__sw_development_plan
Software Verification Plan	doc__verification_plan	draft	PROCESS_wp__verification_plan
Tool Management Plan	doc__platform_tool_management_plan	valid	PROCESS_wp__tlm_plan