With the increasing connectivity of modern vehicles, protecting systems from attacks on cyber is becoming crucial and urgent. Meanwhile, a vehicle should guarantee a safe and comfortable trip for users. Therefore, how to design a cybersecurity-critical system in vehicles with safety and user experience (UX) considerations is increasingly essential. However, most co-design methods focus on safety engineering with attack concerns and do not discuss conflicts and integration, and few contain the UX aspect. Besides, most existing approaches are abstract at a high level without practical guidelines. This paper presents a literature review of existing safety and security design approaches and proposes a systematic approach for cybersecurity design of in-vehicle network systems based on the guideline in SAE J3061. The trade-off analysis is performed by using association keys and the proposed affecting map. The design process of an example Diagnostic on Internet Protocol (DoIP) system is reported to show how the approach works. Compared with the existing approaches, the proposed one considers safety, cybersecurity, and UX simultaneously, solves conflicts qualitatively or quantitatively, and obtains trade-off design requirements. This approach is applicable to the cybersecurity-driven design of in-vehicle network systems in the early stage with safety and UX considerations.

中文翻译：

---

权衡考虑的车载网络系统网络安全设计的系统方法

随着现代车辆连接性的提高，保护系统免受网络攻击变得至关重要而紧迫。同时，车辆应确保使用者安全舒适的出行。因此，如何在考虑安全性和用户体验（UX）的情况下设计关键的网络安全系统变得越来越重要。但是，大多数协同设计方法都将重点放在涉及攻击问题的安全工程上，而不讨论冲突和集成，并且很少包含UX方面。此外，大多数现有方法在没有实践指导的情况下都是高层次的抽象。本文对现有安全和安保设计方法进行了文献综述，并根据SAE J3061中的指南提出了一种用于车载网络系统网络安全设计的系统方法。权衡分析是通过使用关联键和建议的影响图执行的。报告了示例“ Internet协议诊断（DoIP）”系统的设计过程，以显示该方法的工作原理。与现有方法相比，提出的方法同时考虑了安全性，网络安全性和用户体验，从质或量上解决了冲突，并获得了权衡的设计要求。考虑到安全性和用户体验，该方法适用于早期由网络安全驱动的车载网络系统设计。定性或定量地解决冲突，并获得折衷的设计要求。考虑到安全性和用户体验，该方法适用于早期由网络安全驱动的车载网络系统设计。定性或定量地解决冲突，并获得折衷的设计要求。考虑到安全性和用户体验，该方法适用于早期由网络安全驱动的车载网络系统设计。