Case Study

Security Event Manager

 

Customer(EU):

Industry specialist that develops and produces sustainable, safe and convenient solutions for automotive manufacturers as well as industrial and end customers worldwide. Global TIER-1

End customer: MAN Trucks

Challenges

Security Event Manager tracks important diagnostics activity and stores the records for future analysis. The key part of this module is that the records cannot be deleted by the tester.

  • Develop from scratch Security Event Manager feature: The challenge of building the entire system functionality from the ground up, requiring comprehensive design and implementation.

  • Deliver the complete functionality in 6 months: A significant time-to-market challenge requiring aggressive scheduling and efficient resource management.

  • Instrument Cluster ECU: The technical challenge of integrating and running the complex Security Event Manager on a specific, potentially resource-constrained target platform like the Instrument Cluster ECU.

  • Focus on quality and traceability: The high-bar challenge of meeting stringent automotive industry standards for software quality assurance and full traceability of every requirement to the final code.

  • Ensuring permanent, tamper-proof storage of diagnostic records: This is derived from the key module requirement that records cannot be deleted by the tester. The challenge involves designing a robust system for data integrity, security, and long-term storage management without a mechanism for data purging.

Solutions

Full-Cycle Software Engineering Process: To handle the challenge of developing the feature from scratch, the solution involves executing a complete, structured development lifecycle, including defining Software Requirements, creating a robust Software Architecture, producing a Detailed design, and performing Code implementation (Embedded C).

Dedicated Quality Assurance (QA) Toolchain: To meet the requirement for high quality and traceability, a rigorous toolchain is employed, including:

    • Unit Test (e.g., using Cantata)
    • Static / Dynamic analysis (e.g., using Klokwork and Polyspace)
    • Requirements management and Traceability (e.g., using IBM Doors).

Time-Boxed Project Management: To address the critical time constraint of delivering in 6 months, an agile yet structured approach is used, prioritizing features and tightly managing the scope, ensuring efficient execution across all development phases to meet the firm deadline.

Optimized Embedded Implementation: To overcome the technical challenges of developing for the Instrument Cluster ECU, the solution involves using a low-level language (Embedded C) and a specific micro-controller (Traveo II uC) to ensure the Security Event Manager is highly efficient, optimized, and seamlessly integrated into the ECU’s limited resources.

Immutable Data Storage Design: To meet the key requirement that diagnostic records cannot be deleted by the tester, the software is designed with a specific memory management layer that enforces write-once or immutable storage for security events, making any modification or deletion physically or logically impossible by unauthorized agents.

Key Impact

Enhanced Security and Accountability:

  • Impact: The core functionality—that records cannot be deleted by the tester—creates an immutable audit trail. This drastically improves accountability for diagnostic actions and prevents tampering with critical security and diagnostic data.

  • Benefit: Provides irrefutable evidence for post-incident analysis and regulatory compliance.

Improved Diagnostic Traceability and Quality:

    • Impact: The rigorous focus on traceability and the detailed logging of “important diagnostics activity” ensures that every event is recorded and linked back to requirements.
    • Benefit: Allows for faster root cause analysis of vehicle issues and guarantees that the system meets stringent automotive quality standards (e.g., ISO 21434 principles).

Successful Delivery of a Critical Feature on a Tight Schedule:

  • Impact: Meeting the challenge of a 2-month first-delivery and 6-month delivery for a feature developed from scratch on the Instrument Cluster ECU.

  • Benefit: The customer was able to integrate a crucial security feature into their product on time, avoiding project delays and ensuring the vehicle could be delivered to MAN Trucks as scheduled

Compliance and Legal Readiness:

  • Impact: By permanently storing diagnostics records and preventing deletion, the system directly supports compliance with various international automotive regulations that mandate security logging and data integrity.
  • Benefit: Reduces legal and financial risk for the OEM by providing the necessary proof of due diligence and security adherence.

Applied Methodology

Layered Security Architecture: Implemented the security logic across separate layers—from the HSM to the event logging middleware—with a dedicated V&V phase for each boundary.

Risk-Driven Verification (RDV): Prioritized testing resources (including HiL time) based on the calculated ASIL/Severity of each event detection and logging feature.

Time-Boxed Scrum Sprints: Utilized two-week Scrum Sprints for all firmware development, ensuring a deliverable, tested Increment of the event monitoring logic at the end of every cycle.

End-to-End Traceability: Maintained a formal traceability matrix linking every security requirement (e.g., tamper-proof storage) to its specific low-level design and the corresponding System Acceptance Test (SAT) case.

Continuous Verification: Embedded automated unit and integration tests into the CI/CD pipeline to ensure compliance with security and performance KPIs.

Tasks / Responsibilities

Software Requirements

Software Architecture

Detailed design

Code implementation (Embedded C)

Unit Test

Static / Dynamic analysis

Traceability

Toolchain / Technologies

MS Visual Studio

Greenhills

IBM Rhapsody

IBM Doors

Cantata

Klokwork

Polyspace

Traveo II uC

Team Composition

2 Cyber Security Experts

1 BSW Developer

1 QA

First Delivery

Feature Complete

%

Customer Satisfaction

Helping OEMs Grow with Technology

By driving innovation, enhancing operational efficiency, fostering long-term partnerships, and providing training and education, CONCEPTHYPE makes a significant impact on OEMs’ success.

Not conviced yet?

~

Crypto Stack Integration

Crypto Stack and HSM needs to be integrated and configured in just 4 months.

Read More

Rapid Prototyping

Prototype a functional ECU in just 4 months with full responsibility on BSW.

Read More

Functional Safety Concepts

Define and create Functional Safety guidelines for an ASIL B project based on TC3XX uC in 6 months.

Read More

Engineering & IT Consulting

Links

Services

Case Studies

About Us

Careers

Contact

Dumbravita, Timis, Romania

+40 733 393 893

office@concepthype.ro

Follow us

Follow us

Copyright © 2026 CONCEPTHYPE. All Rights Reserved.