https://www.mdu.se/

We are currently in the midst of significant changes in the road transport system, including the transformation to fossil-free propulsion and the shift to higher levels of automation. The next level in automation is soon upon us and is encompassed by the broader term Connected, Cooperative and Automated Mobility (CCAM) which is relevant for the entire transportation system. The introduction of CCAM has the potential to contribute significantly to crucial UN Sustainable Development Goals. For the automotive domain, the term Automated Driving Systems (ADS) is often used for highly automated vehicles. Notwithstanding the expected positive effects and the extraordinary efforts, highly automated driving systems are still not publicly available except in pilot programs.

The increased complexity in the higher automation levels can be ascribed to the shift from fail-safe operator support to fail-operational systems that assume the operator's role, utilising new sensors and algorithms for perception and the reliance on connectivity to solve the problem task. Here the solution is also the problem, i.e. complex systems. The complexity of the systems and difficulties in capturing a complete practical description of the environment where the systems are intended to operate pose difficulties in defining validation procedures for ADS technologies' safety, security, and trustworthiness.

Parallel to traditional safety issues, there is now a need to consider the quality of cybersecurity, e.g. due to external communication and environmental sensors being susceptible to remote attacks. A security problem may enable a hacker to incapacitate or fool an ADS resulting in unsafe behaviour. In addition to malicious misuse, the development of environment sensing has to consider functional insufficiencies of the employed sensor technologies. Therefore, both safety and security and their interplay must be addressed in developing the solutions.

The first step in gaining public confidence in the technologies involved is to raise user awareness. Therefore there is a need to be transparent and explicit on the evaluation targets and the associated supporting evidence of safe and secure ADS. An assessment of safety and security properties performed by an independent organisation can be an essential step towards establishing trust in ADS solutions, bridging the gap between the marketing portrayal and the actual performance of such systems in operating conditions.

This licentiate thesis contributes towards the overall goal of improving the assessment target and the associated supporting evidence of a safe and secure ADS in the automotive domain by (1) assessing requirements for safety, security and their interplay on key enabling technologies, (2) introducing an argument pattern enabling safety, security and interaction overlap to be jointly addressed, (3) proposing a method that enables assessment of security informed safety an independent agency.

The road transport system is undergoing major transformations, notably the transition to fossil-free propulsion and advances in automation.

In the automotive domain, highly automated vehicles are typically referred to as incorporating Automated Driving Systems (ADS). Despite significant technological progress and anticipated benefits, the widespread deployment of these systems remains limited. This slow rollout is largely due to the increased complexity at higher automation levels, where vehicles must take on the full driving task and transition to fail-operational architectures capable of managing faults without human intervention.

The increasing complexity of these systems stems from a growing reliance on new, often noisy sensors and external connectivity for perception and decision-making. In addition to established safety concerns, cybersecurity has become essential, as communication interfaces and complex sensors introduce new vulnerabilities. Advances in environmental sensing further require attention to functional limitations that arise independently of malicious interference. Taken together, these developments present challenges in forming a comprehensive understanding of the contexts in which the systems are intended to operate safely. This, in turn, hinders the development of effective validation procedures and complicates efforts to substantiate claims of safety, security, and overall trustworthiness.

This PhD thesis advances the assurance of ADSs by integrating safety and cybersecurity into a unified assessment framework. The contributions are threefold: (1) context-dependent requirements; introducing technology-specific assessment templates for positioning, communication, and cybersecurity to enable more effective evaluation, together with a formalized operational design domain (ODD) for improved coverage and traceability; (2) multi-concern development management; demonstrating that co-engineered safety and security processes enhance completeness, supported by structured argument patterns, unified process models, and synchronization mechanisms to align assurance activities; and (3) independent assessment methods; developing a complementary testing approach called Assessment of Cybersecurity-informed Safety (AoCiS) and a systematic method for allocating test cases (METAFODD) to appropriate environments, enabling scalable scenario-based validation. Case studies and demonstrations show gains in efficiency, clarity, and completeness, while large-scale validation remains a challenge to be addressed in the future. Overall, the research presented in this thesis establishes structured and transparent methods to support independent and systematic assurance of safety and security in future evaluation efforts.