High-Level Architecture

Product and cybersecurity architecture understanding package generated from Markdown-derived requirements.

One-Screen Architecture Diagram

Architecture Cockpit Overview

flowchart LR subgraph Vehicle["Vehicle / drivetrain domain"] Drivetrain["GW AMT drivetrain"] Network["Vehicle network (CAN / PWM)"] end subgraph ECA["ECA ECU domain"] App["Clutch actuation application"] Sec["Security services"] Boot["Bootloader / update logic"] end subgraph Diagnostic["Diagnostic / service domain"] Tester["Diagnostic tester"] end subgraph OEM["OEM backend / security operations domain"] Backend["Update and evidence backend"] PKI["Key and certificate provisioning"] SecOps["Security operations"] end subgraph Supplier["Supplier engineering domain"] Engineering["Supplier ALM / CI / evidence"] end Drivetrain --> Network Network <-->|commands, status, freshness| App Tester -->|authenticated UDS| Sec Backend -->|signed software / IVD| Boot PKI -->|trust material| Sec Boot --> App Sec --> App App -->|events| SecOps Engineering -->|software and evidence| Backend
Mermaid source 
flowchart LR
  subgraph Vehicle["Vehicle / drivetrain domain"]
    Drivetrain["GW AMT drivetrain"]
    Network["Vehicle network (CAN / PWM)"]
  end
  subgraph ECA["ECA ECU domain"]
    App["Clutch actuation application"]
    Sec["Security services"]
    Boot["Bootloader / update logic"]
  end
  subgraph Diagnostic["Diagnostic / service domain"]
    Tester["Diagnostic tester"]
  end
  subgraph OEM["OEM backend / security operations domain"]
    Backend["Update and evidence backend"]
    PKI["Key and certificate provisioning"]
    SecOps["Security operations"]
  end
  subgraph Supplier["Supplier engineering domain"]
    Engineering["Supplier ALM / CI / evidence"]
  end
  Drivetrain --> Network
  Network <-->|commands, status, freshness| App
  Tester -->|authenticated UDS| Sec
  Backend -->|signed software / IVD| Boot
  PKI -->|trust material| Sec
  Boot --> App
  Sec --> App
  App -->|events| SecOps
  Engineering -->|software and evidence| Backend

Component Table

This table is horizontally scrollable. Use the bottom scrollbar to view all columns.

ComponentResponsibilityInterfacesSecurity RoleEvidence StatusOpen Decision
Vehicle / Drivetrain DomainProvides CAN/PWM commands and receives ECA status/fault dataVehicle Network InterfacePrimary external runtime boundaryConfirmedConfirm network topology and protected signals
ECA ECU Application SoftwareControls clutch actuation and reports statusCAN, internal security services, diagnosticsValidates commands and enforces fail-safe behaviourConfirmedConfirm final function allocation
ECA ECU Security ServicesProvides auth, crypto, key/certificate, logging and secure communication servicesDiagnostics, update, PKI, vehicle networkCentral protection layerInferredConfirm concrete mechanisms and HSM support
Bootloader / Update LogicHandles flash, IVD and software validity checksUpdate / Flash, diagnostics, security servicesProtects software authenticity and integrityInferredConfirm signing chain and rollback policy
Diagnostic / Service DomainPerforms service, programming and authenticated diagnostic accessDiagnostic Tester InterfacePrivileged access boundaryInferredConfirm role model and service whitelist
OEM Backend / Security OperationsOwns approval, monitoring, update/key decisions and residual-risk workflowOEM Evidence, logging, update, PKIOffboard security governance boundaryInferredConfirm ownership split
Supplier Engineering DomainProduces software, evidence, traceability and review artifactsALM, CI/test, OEM evidence handoffProtects evidence and release integrityConfirmedConfirm evidence repository authority

Capability-to-Component Map

flowchart LR subgraph Capabilities["System capabilities"] Actuation["Clutch actuation"] Diagnostics["Secure diagnostics"] UpdateCap["Secure update"] Keys["Key and certificate handling"] Evidence["Cybersecurity evidence"] end subgraph Components["Architecture components"] App["Application software"] DiagSrv["Diagnostic server"] Boot["Bootloader / update logic"] Sec["Security services"] Tooling["Engineering evidence toolchain"] end Actuation --> App Diagnostics --> DiagSrv Diagnostics --> Sec UpdateCap --> Boot UpdateCap --> Sec Keys --> Sec Evidence --> Tooling Evidence --> Sec
Mermaid source 
flowchart LR
  subgraph Capabilities["System capabilities"]
    Actuation["Clutch actuation"]
    Diagnostics["Secure diagnostics"]
    UpdateCap["Secure update"]
    Keys["Key and certificate handling"]
    Evidence["Cybersecurity evidence"]
  end
  subgraph Components["Architecture components"]
    App["Application software"]
    DiagSrv["Diagnostic server"]
    Boot["Bootloader / update logic"]
    Sec["Security services"]
    Tooling["Engineering evidence toolchain"]
  end
  Actuation --> App
  Diagnostics --> DiagSrv
  Diagnostics --> Sec
  UpdateCap --> Boot
  UpdateCap --> Sec
  Keys --> Sec
  Evidence --> Tooling
  Evidence --> Sec

Interface Trust Boundary Map

flowchart TB subgraph ECU["ECA ECU trust boundary"] App["Application software"] Sec["Security services"] Boot["Bootloader / update logic"] end Vehicle["Vehicle network boundary"] -->|CAN / PWM / protected data| App Tester["Diagnostic service boundary"] -->|UDS Auth 0x29| Sec Backend["OEM backend boundary"] -->|signed update / logs| Boot PKI["PKI provisioning boundary"] -->|keys / certificates| Sec Tooling["Supplier engineering boundary"] -->|software / evidence| Backend App -->|security events| Backend
Mermaid source 
flowchart TB
  subgraph ECU["ECA ECU trust boundary"]
    App["Application software"]
    Sec["Security services"]
    Boot["Bootloader / update logic"]
  end
  Vehicle["Vehicle network boundary"] -->|CAN / PWM / protected data| App
  Tester["Diagnostic service boundary"] -->|UDS Auth 0x29| Sec
  Backend["OEM backend boundary"] -->|signed update / logs| Boot
  PKI["PKI provisioning boundary"] -->|keys / certificates| Sec
  Tooling["Supplier engineering boundary"] -->|software / evidence| Backend
  App -->|security events| Backend

Update and Diagnostics Flow

sequenceDiagram participant Tester as Diagnostic Tester participant Sec as ECA Security Services participant Boot as Bootloader / Update Logic participant App as Clutch Actuation Application participant Backend as OEM Update Backend Tester->>Sec: Start UDS session and authenticate Sec-->>Tester: Authorized diagnostic role Backend->>Boot: Signed software package and IVD Boot->>Sec: Validate signature, certificate and integrity Sec-->>Boot: Validation result Boot->>App: Activate accepted software App-->>Tester: Status, DTCs and update result
Mermaid source 
sequenceDiagram
  participant Tester as Diagnostic Tester
  participant Sec as ECA Security Services
  participant Boot as Bootloader / Update Logic
  participant App as Clutch Actuation Application
  participant Backend as OEM Update Backend
  Tester->>Sec: Start UDS session and authenticate
  Sec-->>Tester: Authorized diagnostic role
  Backend->>Boot: Signed software package and IVD
  Boot->>Sec: Validate signature, certificate and integrity
  Sec-->>Boot: Validation result
  Boot->>App: Activate accepted software
  App-->>Tester: Status, DTCs and update result

Key and Certificate Flow

flowchart LR OEMPKI["OEM / TRATON PKI"] -->|certificate profile and trust anchors| Provisioning["Provisioning process"] Supplier["Supplier engineering"] -->|CSR / ECU identity evidence| Provisioning Provisioning -->|keys, certificates, trust anchors| ECU["ECA ECU security services"] ECU -->|certificate validation| Diagnostics["Authenticated diagnostics"] ECU -->|signature validation| Update["Secure update / flash"] ECU -->|MAC / freshness material| Comms["Secure communication"] ECU -->|lifecycle evidence| Review["OEM review and residual-risk decision"]
Mermaid source 
flowchart LR
  OEMPKI["OEM / TRATON PKI"] -->|certificate profile and trust anchors| Provisioning["Provisioning process"]
  Supplier["Supplier engineering"] -->|CSR / ECU identity evidence| Provisioning
  Provisioning -->|keys, certificates, trust anchors| ECU["ECA ECU security services"]
  ECU -->|certificate validation| Diagnostics["Authenticated diagnostics"]
  ECU -->|signature validation| Update["Secure update / flash"]
  ECU -->|MAC / freshness material| Comms["Secure communication"]
  ECU -->|lifecycle evidence| Review["OEM review and residual-risk decision"]

Decision Dependency Map

flowchart TB Boundary["P1: item boundary and variants"] --> TARA["TARA / asset allocation"] Interfaces["P1: interface and signal scope"] --> Comms["SecOC / SDT allocation"] Diagnostics["P1: diagnostic role model"] --> DiagSec["Secure diagnostics baseline"] Update["P1: update and signing ownership"] --> UpdateSec["Secure update baseline"] PKI["P1: PKI, HSM and key hierarchy"] --> Crypto["Crypto and trust baseline"] TARA --> Closure["Architecture / security baseline closure"] Comms --> Closure DiagSec --> Closure UpdateSec --> Closure Crypto --> Closure
Mermaid source 
flowchart TB
  Boundary["P1: item boundary and variants"] --> TARA["TARA / asset allocation"]
  Interfaces["P1: interface and signal scope"] --> Comms["SecOC / SDT allocation"]
  Diagnostics["P1: diagnostic role model"] --> DiagSec["Secure diagnostics baseline"]
  Update["P1: update and signing ownership"] --> UpdateSec["Secure update baseline"]
  PKI["P1: PKI, HSM and key hierarchy"] --> Crypto["Crypto and trust baseline"]
  TARA --> Closure["Architecture / security baseline closure"]
  Comms --> Closure
  DiagSec --> Closure
  UpdateSec --> Closure
  Crypto --> Closure
Architecture Overview Evidence

High-Level Architecture

Component Table

ComponentResponsibilityInterfacesSecurity RoleEvidence StatusOpen Decision
Vehicle / Drivetrain DomainProvides CAN/PWM commands and receives ECA status/fault dataVehicle Network InterfacePrimary external runtime boundaryConfirmedConfirm network topology and protected signals
ECA ECU Application SoftwareControls clutch actuation and reports statusCAN, internal security services, diagnosticsValidates commands and enforces fail-safe behaviourConfirmedConfirm final function allocation
ECA ECU Security ServicesProvides auth, crypto, key/certificate, logging and secure communication servicesDiagnostics, update, PKI, vehicle networkCentral protection layerInferredConfirm concrete mechanisms and HSM support
Bootloader / Update LogicHandles flash, IVD and software validity checksUpdate / Flash, diagnostics, security servicesProtects software authenticity and integrityInferredConfirm signing chain and rollback policy
Diagnostic / Service DomainPerforms service, programming and authenticated diagnostic accessDiagnostic Tester InterfacePrivileged access boundaryInferredConfirm role model and service whitelist
OEM Backend / Security OperationsOwns approval, monitoring, update/key decisions and residual-risk workflowOEM Evidence, logging, update, PKIOffboard security governance boundaryInferredConfirm ownership split
Supplier Engineering DomainProduces software, evidence, traceability and review artifactsALM, CI/test, OEM evidence handoffProtects evidence and release integrityConfirmedConfirm evidence repository authority

Executive Architecture Interpretation

Classification: Inferred from Requirements

The architecture should be read as an ECU/component security architecture with a supplier evidence wrapper around it. The product boundary contains system core behavior, application software, hardware platform, security services, diagnostic/update handling, and logging. Outside the boundary are vehicle networks, diagnostic tools, backend/IT systems, PKI/provisioning, development/ALM tooling, security operations, and OEM/customer approval.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

System Boundary

Classification: Inferred from Requirements

The system boundary is the Electric Clutch Actuator ECU security scope plus supplier-controlled lifecycle evidence. Exact vehicle-function allocation remains open.

External Actors

Classification: Inferred from Requirements

OEM/customer, vehicle network/other ECUs, diagnostic/service tools, backend/cloud/IT systems, PKI/provisioning, development/ALM tooling, and security operations.

Major Subsystems

Classification: Inferred from Requirements

System Core, Application Software, Hardware Platform, Security Services, External Interfaces, Backend and IT Systems, Engineering Toolchain, and Compliance Process.

Main Interfaces

Classification: Inferred from Requirements

OEM/customer cybersecurity approval and evidence interface; Diagnostic/service tool to ECU interface; Vehicle network secure data communication interface; Secure update, flash, and IVD interface; Certificate and key provisioning interface; Backend/cloud/IT operational interface; Development, ALM, and evidence tooling interface; Security operations and vulnerability reporting interface; Application software to security services interface; Hardware platform and key storage interface

Main Data Flows

Classification: Inferred from Requirements

Requirements/evidence flow, diagnostic access flow, vehicle data flow, secure update/flash flow, key/certificate flow, security event/logging flow, and vulnerability/incident flow.

Security Architecture Logic

Classification: Recommendation

Protect the highest-risk boundaries first: diagnostics, vehicle network communication, update/flash, key/certificate handling, and backend/tooling evidence. Use traceability and customer approval to keep inferred architecture distinct from confirmed requirements.

What Is Explicitly Required

Classification: Explicit Requirement

Cybersecurity concept documentation, risk assessment input, control derivation and traceability, verification/validation evidence, diagnostic/security controls, key/certificate handling, logging/audit elements, vulnerability and incident handling elements.

What Is Inferred

Classification: Inferred from Requirements

Layered ECU security services, backend/update actors, PKI/provisioning flow, security operations flow, and componentized architecture views.

Key Assumptions

Classification: Expert Assumption

The item is treated as one or more ECUs/E/E components until the customer confirms the exact product item definition.

Open Architecture Decisions

Classification: Needs Customer Clarification

Confirm item definition, network topology, diagnostic roles, update mechanism, PKI ownership, HSM capability, backend ownership, and final TARA outputs.

Classification: Recommendation

Hold an item-definition workshop, confirm boundary diagrams, allocate interfaces and assets, perform TARA, confirm security mechanisms, and update traceability with customer-approved decisions.

Logical Architecture

Classification: Inferred from Requirements

The logical architecture decomposes the Electric Clutch Actuator ECU into System Core, Application Software, Hardware Platform, Security Services, External Interfaces, Backend/IT, Engineering Toolchain, and Compliance Process.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements
Cybersecurity Architecture

Classification: Inferred from Requirements

The cybersecurity architecture protects diagnostic access, vehicle communication, update/flash, certificate/key handling, platform integrity, logging, monitoring, vulnerability handling, and evidence traceability.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Additional PDF Security Evidence

Data Flow View

Classification: Inferred from Requirements

The data-flow view tracks requirements/evidence, diagnostic traffic, vehicle data, software/update packages, key/certificate data, security events, and vulnerability/incident records.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements
Trust Boundaries

Classification: Inferred from Requirements

The trust-boundary view separates the Electric Clutch Actuator ECU, vehicle network, diagnostic, backend/cloud, tooling, customer/OEM, and unknown deployment zones.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements
Design Drill-Down

System Context

Overview

Classification: Inferred from Requirements

System Context is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 523)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 191)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Logical Components

Overview

Classification: Inferred from Requirements

Logical Components is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 139)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 81)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

External Interfaces

Overview

Classification: Inferred from Requirements

External Interfaces is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 142)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 82)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Internal Interfaces

Overview

Classification: Inferred from Requirements

Internal Interfaces is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 219)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Security-Relevant Interfaces

Overview

Classification: Inferred from Requirements

Security-Relevant Interfaces is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 136)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 75)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Trust Boundaries

Overview

Classification: Inferred from Requirements

Trust Boundaries is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 129)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 73)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Data Flows

Overview

Classification: Inferred from Requirements

Data Flows is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 254)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 127)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Security Capabilities

Overview

Classification: Inferred from Requirements

Security Capabilities is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 129)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 73)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Lifecycle and Operations

Overview

Classification: Inferred from Requirements

Lifecycle and Operations is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 446)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 183)
  • Confidence level: Medium
  • Classification: Inferred from Requirements

Tooling and Evidence Flow

Overview

Classification: Inferred from Requirements

Tooling and Evidence Flow is treated as a design view needed to understand the product before detailed requirement allocation.

Design Intent

Keep customer-confirmed requirements separate from inferred design structure while exposing the security reasoning.

Requirement Basis

Security Relevance

This view shows where an asset, interface, trust boundary, or evidence obligation could create security risk.

Constraints

No final TARA, topology, algorithm, or implementation ownership is claimed unless a requirement explicitly supports it.

Open Questions

Confirm customer ownership, exact item boundary, allocated mechanisms, and verification evidence for this view.

Evidence Basis:

  • Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 446)
  • Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 183)
  • Confidence level: Medium
  • Classification: Inferred from Requirements
Architecture Decisions
Decision IDDecision statementClassificationSource requirement IDsSource Markdown fileConfidenceHuman review requiredReason for human review
ADR-001Include Application Software in the customer-review baseline architecture.Explicit RequirementREQ-AUTO-00006; REQ_SEC_0007; REQ-AUTO-00129; REQ-AUTO-00178; REQ-AUTO-00180; REQ-AUTO-00238; REQ-AUTO-00244; REQ-AUTO-00266; REQ-AUTO-00277; REQ-AUTO-00286; REQ-AUTO-00287; REQ-AUTO-00288 (showing 12 of 178)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/3299216_1.md page 19; converted/markdown-cleaned/3299216_1.md page 27 (showing 4 of 88)MediumyesCustomer clarification linked to one or more requirements.
ADR-002Include Backend and IT Systems in the customer-review baseline architecture.Explicit RequirementREQ-AUTO-00081; REQ-AUTO-00090; REQ-AUTO-00091; req.10.5; REQ-AUTO-00101; REQ-AUTO-00104; req-5.10; req-6.4; REQ-AUTO-00112; REQ-AUTO-00114; REQ-AUTO-00132; REQ-AUTO-00140 (showing 12 of 209)converted/markdown-cleaned/3299216_1.md page 9; converted/markdown-cleaned/3299216_1.md page 10; converted/markdown-cleaned/3299216_1.md page 11; converted/markdown-cleaned/3299216_1.md page 12 (showing 4 of 103)MediumyesCustomer clarification linked to one or more requirements.
ADR-003Include Compliance Process in the customer-review baseline architecture.Explicit RequirementREQ_SEC_0044; REQ_SEC_0046; REQ_SEC_0032; req-5.1; REQ-AUTO-00210; REQ-AUTO-00214; REQ-AUTO-00252; REQ-AUTO-00253; REQ-AUTO-00255; REQ-AUTO-00280; REQ-AUTO-00460; REQ-AUTO-00486 (showing 12 of 48)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/3299216_1.md page 16; converted/markdown-cleaned/3299216_1.md page 36; converted/markdown-cleaned/3299216_1.md page 49 (showing 4 of 30)Highnonone
ADR-004Include Engineering Toolchain in the customer-review baseline architecture.Explicit RequirementREQ-AUTO-00093; REQ-AUTO-00094; REQ-AUTO-00098converted/markdown-cleaned/3299216_1.md page 10; converted/markdown-cleaned/3299216_1.md page 11Mediumnonone
ADR-005Include External Interfaces in the customer-review baseline architecture.Explicit RequirementREQ_SEC_0036; REQ-AUTO-00066; REQ-AUTO-00078; REQ-AUTO-00138; REQ-AUTO-00139; REQ-AUTO-00141; REQ-AUTO-00143; REQ-AUTO-00145; REQ-AUTO-00146; REQ-AUTO-00177; REQ-AUTO-00193; REQ-AUTO-00195 (showing 12 of 44)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/3299216_1.md page 4; converted/markdown-cleaned/3299216_1.md page 8; converted/markdown-cleaned/3299216_1.md page 22 (showing 4 of 26)MediumyesCustomer clarification linked to one or more requirements.
ADR-006Include Hardware Platform in the customer-review baseline architecture.Explicit RequirementREQ_SEC_0025; REQ_SEC_0010; REQ_SEC_0011; REQ_SEC_0026; REQ_SEC_0047; REQ_SEC_0049; REQ_SEC_0050; REQ-AUTO-00060; REQ-AUTO-00061; REQ-AUTO-00065; REQ-AUTO-00077; REQ-AUTO-00099 (showing 12 of 45)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12 (showing 4 of 36)MediumyesCustomer clarification linked to one or more requirements.
ADR-007Include OEM/Customer Review Interface in the customer-review baseline architecture.Inferred from RequirementsREQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0007; REQ_SEC_0025 (showing 12 of 143)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7 (showing 4 of 67)MediumyesConfirm exact OEM/customer evidence and approval workflow.
ADR-008Include Security Services in the customer-review baseline architecture.Explicit RequirementREQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0042 (showing 12 of 101)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7 (showing 4 of 57)Mediumnonone
ADR-009Include System Core in the customer-review baseline architecture.Explicit RequirementREQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00021; REQ_SEC_0020; REQ_SEC_0012; REQ_SEC_0013; REQ-AUTO-00028; REQ_SEC_0014; REQ-AUTO-00030; REQ_SEC_0028; REQ_SEC_0029; REQ_SEC_0006 (showing 12 of 338)converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9 (showing 4 of 138)MediumyesCustomer clarification linked to one or more requirements.
Architecture Open Decisions
  • Needs Customer Clarification: Confirm exact ECU item definition, product designation, and variants.
  • Needs Customer Clarification: Confirm vehicle network topology, SecOC/SDT applicability, signals, and protection profiles.
  • Needs Customer Clarification: Confirm diagnostic service list, UDS Authentication 0x29 role model, certificate use, lockout, and audit expectations.
  • Needs Customer Clarification: Confirm secure update/flash/IVD mechanism, signing chain, backend ownership, and rollback behavior.
  • Needs Customer Clarification: Confirm key hierarchy, HSM/protected storage capability, PKI ownership, revocation, renewal, and provisioning process.
  • Needs Customer Clarification: Confirm security monitoring, incident response handoff, and vulnerability reporting channels.
  • Needs Customer Clarification: Confirm final TARA results and customer residual-risk acceptance workflow.
Unsupported/Assumption-Based Elements

Unsupported Architecture Elements

No unresolved unsupported architecture placeholders remain.

Resolved Former Placeholder

Former elementResolutionClassificationEvidence basisCustomer clarification
Customer / external systemsReplaced by OEM/Customer Review Interface and OEM customer / vehicle manufacturer actor in diagrams and narratives.Inferred from RequirementsREQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0007; REQ_SEC_0025 (showing 12 of 143)Confirm exact customer/OEM workflow, approval authority, and evidence handoff.