Trust Boundaries

Trust Boundary Diagram

flowchart TB subgraph Product["Inside product boundary"] ECU["ECU software and hardware"] Sec["Security services"] end subgraph Vehicle["Vehicle / network boundary"] Net["Other ECUs and vehicle buses"] end subgraph Backend["Backend / cloud boundary"] Cloud["Update, PKI, logs, portals"] end subgraph Diagnostic["Diagnostic access boundary"] Tool["Service and engineering tools"] end subgraph Tooling["Development / tooling boundary"] ALM["ALM, CI, test, evidence"] end subgraph Customer["Customer / OEM boundary"] OEM["Approval and residual risk"] end Unknown["Unknown deployment zones"] Tool -->|trusted diagnostic session unknown details| ECU Net -->|vehicle data| ECU Cloud -->|update, certificates, events| Sec ALM -->|evidence and artifacts| OEM ECU -->|security evidence| OEM Unknown -. clarification needed .-> ECU

Mermaid source

flowchart TB
  subgraph Product["Inside product boundary"]
    ECU["ECU software and hardware"]
    Sec["Security services"]
  end
  subgraph Vehicle["Vehicle / network boundary"]
    Net["Other ECUs and vehicle buses"]
  end
  subgraph Backend["Backend / cloud boundary"]
    Cloud["Update, PKI, logs, portals"]
  end
  subgraph Diagnostic["Diagnostic access boundary"]
    Tool["Service and engineering tools"]
  end
  subgraph Tooling["Development / tooling boundary"]
    ALM["ALM, CI, test, evidence"]
  end
  subgraph Customer["Customer / OEM boundary"]
    OEM["Approval and residual risk"]
  end
  Unknown["Unknown deployment zones"]
  Tool -->|trusted diagnostic session unknown details| ECU
  Net -->|vehicle data| ECU
  Cloud -->|update, certificates, events| Sec
  ALM -->|evidence and artifacts| OEM
  ECU -->|security evidence| OEM
  Unknown -. clarification needed .-> ECU

Architecture Trust Boundaries

Classification: Inferred from Requirements

The trust-boundary view separates the Electric Clutch Actuator ECU, vehicle network, diagnostic, backend/cloud, tooling, customer/OEM, and unknown deployment zones.

Evidence Basis:

Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023 (showing 10 of 379)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 142)
Confidence level: Medium
Classification: Inferred from Requirements

Security Trust Boundary Model

Trust Boundary Model

Trust Boundary: Electric Clutch Actuator ECU boundary

Classification: Inferred from Requirements

Separates the in-scope clutch-actuator ECU hardware and software from vehicle, service, backend, customer, and supplier environments.

Evidence Basis:

Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024 (showing 10 of 406)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 158)
Confidence level: Medium
Classification: Inferred from Requirements

Trust Boundary: Vehicle/network boundary

Classification: Inferred from Requirements

Separates the ECU/application from other ECUs and vehicle networks carrying SecOC/SDT or function data.

Evidence Basis:

Requirement IDs: REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0024; REQ_SEC_0040; REQ_SEC_0041; REQ_SEC_0042; REQ_SEC_0008; REQ-AUTO-00021 (showing 10 of 216)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12 (showing 8 of 86)
Confidence level: Medium
Classification: Inferred from Requirements

Trust Boundary: Diagnostic access boundary

Classification: Explicit Requirement

Separates service tools and engineering testers from privileged ECU diagnostic functions.

Evidence Basis:

Requirement IDs: REQ_SEC_0010; REQ_SEC_0011; req-6.20; REQ-AUTO-00282; REQ-AUTO-00284; REQ-AUTO-00290; REQ_UDS-0051; REQ_UDS-0051; REQ-AUTO-00298; REQ-AUTO-00299 (showing 10 of 339)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/3299216_1.md page 23; converted/markdown-cleaned/CVS123-2.md page 4; converted/markdown-cleaned/CVS123-2.md page 6; converted/markdown-cleaned/CVS123-2.md page 7; converted/markdown-cleaned/CVS123-2.md page 9; converted/markdown-cleaned/CVS123-2.md page 10; converted/markdown-cleaned/CVS123-2.md page 11 (showing 8 of 119)
Confidence level: Medium
Classification: Explicit Requirement

Trust Boundary: Backend/cloud boundary

Classification: Inferred from Requirements

Separates offboard update, IT, evidence, monitoring, and supplier/OEM systems from product runtime.

Evidence Basis:

Requirement IDs: REQ-AUTO-00001; REQ_SEC_0001; REQ_SEC_0002; REQ_SEC_0003; REQ_SEC_0022; REQ-AUTO-00009; REQ_SEC_0023; REQ-AUTO-00011; REQ_SEC_0024; REQ_SEC_0004 (showing 10 of 756)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11 (showing 8 of 219)
Confidence level: Medium
Classification: Inferred from Requirements

Trust Boundary: Development/tooling boundary

Classification: Explicit Requirement

Separates engineering tooling and evidence repositories from product artifacts and customer-facing evidence.

Evidence Basis:

Requirement IDs: REQ-AUTO-00001; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0041; REQ_SEC_0014; REQ_SEC_0037; REQ-AUTO-00092; REQ-AUTO-00093; REQ-AUTO-00094; REQ-AUTO-00095 (showing 10 of 52)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 3; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/3299216_1.md page 10; converted/markdown-cleaned/3299216_1.md page 11; converted/markdown-cleaned/3299216_1.md page 27 (showing 8 of 33)
Confidence level: Medium
Classification: Explicit Requirement

Trust Boundary: Customer/OEM approval boundary

Classification: Explicit Requirement

Separates supplier-owned security engineering work products from OEM/customer approval and residual-risk acceptance.

Evidence Basis:

Requirement IDs: REQ_SEC_0001; REQ_SEC_0002; REQ-AUTO-00004; REQ-AUTO-00005; REQ-AUTO-00006; REQ_SEC_0003; REQ_SEC_0024; REQ_SEC_0004; REQ_SEC_0005; REQ_SEC_0040 (showing 10 of 122)
Source Markdown sections/pages: converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 5; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 6; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 7; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 8; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 9; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 10; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 11; converted/markdown-cleaned/1001379436_P10_000_01_RDDM-1140152501-1744.md page 12 (showing 8 of 55)
Confidence level: Medium
Classification: Explicit Requirement

Trust Boundary: Unknown assumed deployment boundary

Classification: Needs Customer Clarification

Marks deployment zones, ownership, and connectivity that cannot be confirmed from the extracted requirements alone.

Evidence Basis:

Requirement IDs: REQ-AUTO-00317; REQ-AUTO-00634
Source Markdown sections/pages: converted/markdown-cleaned/CVS123-2.md page 10; converted/markdown-cleaned/CVS124.md page 52
Confidence level: Medium
Classification: Needs Customer Clarification