https://www.mdu.se/

We are currently in the midst of significant changes in the road transport system, including the transformation to fossil-free propulsion and the shift to higher levels of automation. The next level in automation is soon upon us and is encompassed by the broader term Connected, Cooperative and Automated Mobility (CCAM) which is relevant for the entire transportation system. The introduction of CCAM has the potential to contribute significantly to crucial UN Sustainable Development Goals. For the automotive domain, the term Automated Driving Systems (ADS) is often used for highly automated vehicles. Notwithstanding the expected positive effects and the extraordinary efforts, highly automated driving systems are still not publicly available except in pilot programs.

The increased complexity in the higher automation levels can be ascribed to the shift from fail-safe operator support to fail-operational systems that assume the operator's role, utilising new sensors and algorithms for perception and the reliance on connectivity to solve the problem task. Here the solution is also the problem, i.e. complex systems. The complexity of the systems and difficulties in capturing a complete practical description of the environment where the systems are intended to operate pose difficulties in defining validation procedures for ADS technologies' safety, security, and trustworthiness.

Parallel to traditional safety issues, there is now a need to consider the quality of cybersecurity, e.g. due to external communication and environmental sensors being susceptible to remote attacks. A security problem may enable a hacker to incapacitate or fool an ADS resulting in unsafe behaviour. In addition to malicious misuse, the development of environment sensing has to consider functional insufficiencies of the employed sensor technologies. Therefore, both safety and security and their interplay must be addressed in developing the solutions.

The first step in gaining public confidence in the technologies involved is to raise user awareness. Therefore there is a need to be transparent and explicit on the evaluation targets and the associated supporting evidence of safe and secure ADS. An assessment of safety and security properties performed by an independent organisation can be an essential step towards establishing trust in ADS solutions, bridging the gap between the marketing portrayal and the actual performance of such systems in operating conditions.

This licentiate thesis contributes towards the overall goal of improving the assessment target and the associated supporting evidence of a safe and secure ADS in the automotive domain by (1) assessing requirements for safety, security and their interplay on key enabling technologies, (2) introducing an argument pattern enabling safety, security and interaction overlap to be jointly addressed, (3) proposing a method that enables assessment of security informed safety an independent agency.

The road transport system is undergoing major transformations, notably the transition to fossil-free propulsion and advances in automation. In the automotive domain, highly automated vehicles are typically referred to as incorporating Automated Driving Systems (ADS). Despite significant technological progress and anticipated benefits, the widespread deployment of these systems remains limited. This slow rollout islargely due to the increased complexity at higher automation levels, where vehiclesmust take on the full driving task and transition to fail-operational architectures capableof managing faults without human intervention. The increase in complexity can be attributed to the shift toward reliance on new, often noisy sensors and connectivity for perception and decision-making. Alongside traditional safety concerns, cybersecurity has become critical, as external communications and environmental sensors introduce new vulnerabilities. Beyond malicious misuse, advancements in environmental sensing also require attention to functional limitations. These solutions also introduce new challenges: difficulties in comprehen-sively characterizing the environments in which the systems operate, which in turncomplicates the definition of robust validation procedures for safety, security, andtrustworthiness. This PhD thesis advances the assurance of ADSs by integrating safety and cybersecurity into a unified assessment framework. The contributions are threefold: (1)context-dependent requirements – introducing technology-specific assessment tem-plates for positioning, communication, and cybersecurity to enable more effectiveevaluation, together with a formalized operational design domain (ODD) for improvedcoverage and traceability; (2) multi-concern development management – demonstratingthat co-engineered safety and security processes enhance completeness, supported bystructured argument patterns, unified process models, and synchronization mechanismsto align assurance activities; and (3) independent assessment methods – developing acomplementary testing approach called Assessment of Cybersecurity-informed Safety(AoCiS) and a systematic method for allocating test cases (METAFODD) to appropriateenvironments, enabling scalable scenario-based validation. Case studies and demonstrations show gains in efficiency, clarity, and completeness, while large-scale validation remains a challenge to be addressed in the future. Overall, he research presented in this thesis establishes structured and transparent methods to support independent and systematic assurance of safety and security in future evaluation efforts.