SECPAT: Security Patterns for Resilient Automotive E/E Architectures (To appear 2022)
ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering (2022)
Cyberattack detection in vehicles using characteristic functions, artificial neural networks and visual analysis (SPIIRAS 2021)
In-vehicle detection of targeted CAN bus attacks (ARES 2021)
Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain (PDP 2021)
Continuous Fields: Enhanced In-Vehicle Anomaly Detection using Machine Learning Models (SIMPAT 2020)
SEPAD - Security Evaluation Platform for Autonomous Driving (PDP 2020)
ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection (IDC 2019)
 The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within a connected car. This safety critical technology presents major challenges in the secure design of the involved systems and protocols. Security of vehicular ecosystems is thus of utmost importance for the general acceptance of such systems. Ongoing insights into new threats are constantly revealing new vulnerabilities and it is very likely that attackers will attempt to exploit them. It is thus very important to improve security of in-vehicle networks and as long as there are no effective means to prevent specific attacks, there should be methods in place to automatically detect them and react to the alerts.  The security requirements elicitation step in the security engineering process for automotive systems and ecosystems not only provides input to the secure on-board architecture design but also contributes to security compliance verification for testing and runtime monitoring. In the project EVITA we participated in the development of a method which is described in detail in EVITA deliverable D2.3 [D2.3]. This method is referenced in the SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems, an important document on recommended practice for the automotive industry. In new work, we provide an attack surface assessment for cybersecurity engineering in the automotive domain, compliant to ISO/SAE 21434 [PDP2021]. |
 To enable researchers to develop, implement, and evaluate new security solutions for autonomous vehicles, we propose a new security evaluation platform called SEPAD and a dedicated development process for testing security mechanisms with it [PDP2020]. Machine learning methods such as OCSVM, SVM, Neural Networks, LSTM or Process Mining can be applied to in-vehicle event-streams such as CAN-bus in order to learn "normal" behavior of specific vehicles. Deviations from normal behavior can be utilized for in-vehicle intrusion detection at edge components. Machine learning methods featuring message frequency, payload consistency, and contextual fitting can be applied for adaption of attack classifiers and selection of an appropriate response. Conformance tracking is the capability to detect deviations of observed events from expected events in the current state.  We analyze the behavior of an automotive system based on monitored messages of electronic control units. The aim is to compare the measured behavior of the system with a model that reflects the expected behavior and to reason about possible attack attempts. |
|
Lucas Buschlinger, Roland Rieke, Sanat Sarda, and Christoph Krauß, Decision Tree-Based Rule Derivation for Intrusion Detection in Safety-Critical Automotive Systems, PDP2022, virtual Valladolid Spain, March 09-11 2022 |
| Abstract: Intrusion Detection Systems (IDSs) are being introduced into safety-critical systems such as connected vehicles. Since the behavior and effectiveness of measures are validated before approval, the decisions made by an IDS are required to be traceable and the IDS also needs to work efficiently on resource-constrained embedded systems. These requirements complicate the direct use of Machine Learning (ML) approaches in IDS design. In this paper, we propose an approach to using ML to generate rules for an efficient rule-based IDS like Snort. Our approach eases the time-consuming and difficult process of creating a rule set. We use decision trees to generate rules that can be used by experts as a basis for creating a rule set for a specific safety-critical use case. In addition, we use long short-term memory methods to circumvent the problem of limited training data availability, a common limitation in safety-critical systems. Our implementation and evaluation shows the feasibility of our approach to derive specific IDS rules for such systems. |
BibTeX:
@INPROCEEDINGS{Buschlinger2022,
author={Lucas Buschlinger and Roland Rieke and Sanat Sarda and Christoph Krau{\ss}},
booktitle={2022 30th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP)},
title={Decision Tree-Based Rule Derivation for Intrusion Detection in Safety-Critical Automotive Systems},
year={2022},
month={March},
volume={},
number={},
pages={246-254},
doi={10.1109/PDP55904.2022.00046}}
|
|
Christian Plappert, Florian Fenzl, Roland Rieke, Ilaria Matteucci, Gianpiero Costantino, and Marco De Vincenzi, SECPAT: Security Patterns for Resilient Automotive E/E Architectures, PDP2022, virtual Valladolid Spain, March 09-11 2022 |
| Abstract: Automated driving requires increasing networking of vehicles, which in turn broadens their attack surface. In this paper, we describe several security design patterns that target critical steps in automotive attack chains and mitigate their consequences. These patterns enable the detection of anomalies in the firmware when booting, detect anomalies in the communication in the vehicle, prevent unauthorized control units from successfully transmitting messages, offer a way of transmitting security-related events within a vehicle network and reporting them to units external to the vehicle, and ensure that communication in the vehicle is secure. Using the example of a future high-level Electrical / Electronic (E / E) architecture, we also describe how these security design patterns can be used to become aware of the current attack situation and how to react to it. |
BibTeX:
@INPROCEEDINGS{Plappert2022,
author={Christian Plappert and Florian Fenzl and Roland Rieke and Ilaria Matteucci and Gianpiero Costantino and Marco De Vincenzi},
booktitle={2022 30th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP)},
title={SECPAT: Security Patterns for Resilient Automotive E/E Architectures},
year={2022},
month={March},
volume={},
number={},
pages={255-264},
doi={10.1109/PDP55904.2022.00047}}
|
|
Daniel Zelle, Christian Plappert, Roland Rieke, Dirk Scheuermann, and Christoph Krauß, ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering, Elsevier journal: Microprocessors and Microsystems: Embedded Hardware Design (MICPRO), 2022 |
| Abstract: Connected smart cars enable new attacks that may have serious consequences. Thus, the development of new cars must follow a cybersecurity engineering process including a Threat Analysis and Risk Assessment (TARA). The attack surface assessment is a central aspect of a TARA. In this paper, we introduce a concrete approach for attack surface assessment following the steps asset identification, threat scenario identification, attack path analysis, and attack feasibility rating of a TARA compliant to ISO/SAE DIS 21434 and an approach to automatize them. We define a generic reference architecture and assets constituting the attack surface, attack building blocks with associated feasibility rating, and a method for automated generation and rating of attack paths using the attack building blocks and attack feasibility. Our exemplary application of the automated attack surface assessment on several threats from the UN regulation no. 155 shows the feasibility of our approach. |
BibTeX:
@article{Zelle2022,
title = {ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering},
author={Daniel Zelle and Christian Plappert and Roland Rieke and Dirk Scheuermann and Christoph Krau{\ss}},
journal = {Microprocessors and Microsystems},
volume = {90},
pages = {104461},
year = {2022},
issn = {0141-9331},
doi = {10.1016/j.micpro.2022.104461},
url = {https://www.sciencedirect.com/science/article/pii/S0141933122000321},
}
|
|
Yannick Chavalier, Florian Fenzl, Maxim Kolomeets, Roland Rieke, Andrey Chechulin, and Christoph Krauß, Cyberattack detection in vehicles using characteristic functions, artificial neural networks and visual analysis, Journal of Informatics and Automation (SPIIRAS Proceedings) |
| Abstract: The connectivity of autonomous vehicles induces new attack surfaces and thus the demand for sophisticated cybersecurity management. Thus, it is important to ensure that in-vehicle network monitoring includes the ability to accurately detect intrusive behavior and analyze cyberattacks from vehicle data and vehicle logs in a privacy-friendly manner. For this purpose, we describe and evaluate a method that utilizes characteristic functions and compare it with an approach based on artificial neural networks. Visual analysis of the respective event streams complements the evaluation. Although the characteristic functions method is an order of magnitude faster, the accuracy of the results obtained is at least comparable to those obtained with the artificial neural network. Thus, this method is an interesting option for implementation in in-vehicle embedded systems. An important aspect for the usage of the analysis methods within a cybersecurity framework is the explainability of the detection results. |
BibTeX:
@article{Chevalier2021,
title={Cyberattack detection in vehicles using characteristic functions, artificial neural networks, and visual analysis},
volume={20},
url={http://ia.spcras.ru/index.php/sp/article/view/15028},
DOI={10.15622/ia.20.4.4},
number={4},
journal={Informatics and Automation},
author={Chevalier, Yannick and Fenzl, Florian and Kolomeets, Maxim and Rieke, Roland and Chechulin, Andrey and Krau{\ss}, Christoph},
year={2021},
month={Aug.},
pages={845-868}
}
|
|
Florian Fenzl, Roland Rieke, and Andreas Dominik, In-vehicle detection of targeted CAN bus attacks, ARES2021 |
| Abstract: Most vehicles use the controller area network bus for communication between their components. Attackers who have already penetrated the in-vehicle network often utilize this bus in order to take control of safety-relevant components of the vehicle. Such targeted attack scenarios are often hard to detect by network intrusion detection systems because the specific payload is usually not contained within their training data sets. In this work, we describe an intrusion detection system that uses decision trees that have been modelled through genetic programming. We evaluate the advantages and disadvantages of this approach compared to artificial neural networks and rule-based approaches. For this, we model and simulate specific targeted attacks as well as several types of intrusions described in the literature. The results show that the genetic programming approach is well suited to identify intrusions with respect to complex relationships between sensor values which we consider important for the classification of specific targeted attacks. However, the system is less efficient for the classification of other types of attacks which are better identified by the alternative methods in our evaluation. Further research could thus consider hybrid approaches. |
BibTeX:
@inproceedings{Fenzl2021,
author = {Fenzl, Florian and Rieke, Roland and Dominik, Andreas},
title = {In-Vehicle Detection of Targeted CAN Bus Attacks},
year = {2021},
isbn = {9781450390514},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3465481.3465755},
doi = {10.1145/3465481.3465755},
abstract = { Most vehicles use the controller area network bus for communication between their
components. Attackers who have already penetrated the in-vehicle network often utilize
this bus in order to take control of safety-relevant components of the vehicle. Such
targeted attack scenarios are often hard to detect by network intrusion detection
systems because the specific payload is usually not contained within their training
data sets. In this work, we describe an intrusion detection system that uses decision
trees that have been modelled through genetic programming. We evaluate the advantages
and disadvantages of this approach compared to artificial neural networks and rule-based
approaches. For this, we model and simulate specific targeted attacks as well as several
types of intrusions described in the literature. The results show that the genetic
programming approach is well suited to identify intrusions with respect to complex
relationships between sensor values which we consider important for the classification
of specific targeted attacks. However, the system is less efficient for the classification
of other types of attacks which are better identified by the alternative methods in
our evaluation. Further research could thus consider hybrid approaches.},
booktitle = {The 16th International Conference on Availability, Reliability and Security},
articleno = {32},
numpages = {7},
keywords = {Controller area network security, Machine learning, Intrusion detection, Security monitoring, Automotive security, Anomaly detection, Genetic Programming},
location = {Vienna, Austria},
series = {ARES 2021}
}
|
|
Christian Plappert, Daniel Zelle, Henry Gadacz, Roland Rieke, Dirk Scheuermann, and
Christoph Krauß, Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain, PDP2021, Valladolid Spain, March 10-12 2021 |
| Abstract: Connected smart cars enable new attacks which may have serious consequences. Thus, the development of new cars must follow a cybersecurity engineering process as defined for example in ISO/SAE 21434. A central part of such a process is the threat and risk assessment including an attack feasibility rating. We present an attack surface assessment with focus on the attack feasibility rating compliant to ISO/SAE 21434. We introduce a reference architecture with assets constituting the attack surface, the attack feasibility rating for these assets, and the application of this rating on typical use cases. The attack feasibility rating assigns attacks and assets to an evaluation of the attacker dimensions and the feasibility of attacks derived from it. We show on sample use cases how this rating can be used to assess the feasibility of an entire attack path. The attack feasibility rating can be used as a building block in a threat and risk assessment according to ISO/SAE 21434. |
BibTeX:
@INPROCEEDINGS{Plappert2021,
author={Plappert, Christian and Zelle, Daniel and Gadacz, Henry and Rieke, Roland and Scheuermann, Dirk and Krauß, Christoph},
booktitle={2021 29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP)},
title={Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain},
year={2021},
volume={},
number={},
pages={266-275},
doi={10.1109/PDP52278.2021.00050}}
|
| Florian Fenzl, Roland Rieke, Yannick Chevalier, Andreas Dominik, and Igor Kotenko, Continuous Fields: Enhanced In-Vehicle Anomaly Detection using Machine Learning Models, Elsevier Journal: Simulation Modelling Practice and Theory, 2020 |
| Abstract: The attack surface of a modern vehicle increases with its connectivity. A strategy to prevent attacks or at least to identify such attacks and to mitigate their effects is therefore imperative. The detection of indications for intrusive behavior in an in-vehicle network is an important aspect of a holistic security concept. The structure of the payload of in-vehicle messages with respect to the encoded sensor values is in general confidential. Therefore, most researchers consider the structure of the in-vehicle messages to be bit- or byte-fields. However, this may hide anomalies which are characterized by correlations between sensor values transferred by the in-vehicle messages. In this work, we evaluate the influence of accuracy of the model of the payload structure with respect to the actual sensor values on the results of different intrusion detection methods. In particular, we analyze if an improved alignment is helpful to detect anomalies introduced by stealthy intrusions. In order to cover conceptually different modeling and reasoning techniques, we adapted a deep learning approach as well as a characteristic functions based intrusion detection approach to utilize such message streams. An important aspect is that the explainability of the results is better compared to deep learning systems. We further developed a set of test vectors based on log files of a vehicle enriched by different intrusions. In particular, we included simulations of stealthy intrusions which mask certain sensor values within the respective messages. The effectiveness of the developed methods is demonstrated by various experiments. |
BibTeX:
@article{Fenzl2020,
author = "Florian Fenzl and Roland Rieke and Yannick Chevalier and Andreas Dominik and Igor Kotenko",
title = "Continuous Fields: Enhanced In-Vehicle Anomaly Detection using Machine Learning Models",
journal = "Simulation Modelling Practice and Theory",
volume = "105",
pages = "102143",
year = "2020",
issn = "1569-190X",
doi = "https://doi.org/10.1016/j.simpat.2020.102143",
url = "http://www.sciencedirect.com/science/article/pii/S1569190X20300824",
keywords = "Controller area network security, Intrusion detection, Anomaly detection, Machine learning, Automotive security, Security monitoring",
}
|
| Daniel Zelle, Roland Rieke,Christian Plappert, Christoph Krauß, Dmitry Levshun, and Andrey Chechulin (2020), SEPAD - Security Evaluation Platform for Autonomous Driving, PDP2020, Västerås, Sweden, March 11-13, 2020 |
| Abstract: The development and evaluation of security solutions for autonomous vehicles is a challenging task. Many researchers have no access to real vehicles to implement and test their solutions. In addition, vehicle E/E architectures of different brands or even model series of one car manufacturer differ significantly. Also, vehicles may be the source of physical hazards, e.g., an exploding airbag. To enable researchers to develop, implement, and evaluate new security solutions for autonomous vehicles, we propose a new security evaluation platform called SEPAD and a dedicated development process for testing security mechanisms with it. SEPAD allows to model realistic E/E architectures where the developed security solutions can be integrated and evaluated without causing safety risks for the researcher or other road users. |
BibTeX:
@InProceedings{Zelle2020,
author={D. {Zelle} and R. {Rieke} and C. {Plappert} and C. {Krauß} and
D. {Levshun} and A. {Chechulin}},
booktitle={2020 28th Euromicro International Conference on Parallel,
Distributed and Network-Based Processing (PDP)},
title={SEPAD - Security Evaluation Platform for Autonomous Driving},
year={2020},
volume={},
number={},
pages={413-420},
abstract={The development and evaluation of security solutions for
autonomous vehicles is a challenging task. Many researchers have no
access to real vehicles to implement and test their solutions. In
addition, vehicle E/E architectures of different brands or even model
series of one car manufacturer differ significantly. Also, vehicles may
be the source of physical hazards, e.g., an exploding airbag. To enable
researchers to develop, implement, and evaluate new security solutions
for autonomous vehicles, we propose a new security evaluation platform
called SEPAD and a dedicated development process for testing security
mechanisms with it. SEPAD allows to model realistic E/E architectures
where the developed security solutions can be integrated and evaluated
without causing safety risks for the researcher or other road users.},
keywords={Security;Autonomous vehicles;Protocols;Computer
architecture;Automotive engineering;Sensors;Automobiles;automotive
security;evaluation platform;autonomous driving;intrusion
detection;trusted computing;secure in-vehicle protocols},
doi={10.1109/PDP50117.2020.00070},
ISSN={2377-5750},
month={March},
}
|
| Yannick Chevalier, Roland Rieke, Florian Fenzl, Andrey Chechulin, and Igor Kotenko (2019), ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection, IDC2019, St. Petersburg, Russia, October 7-9, 2019 (Springer SCI, volume 868) |
| Abstract: Growing connectivity of vehicles induces increasing attack surfaces and thus the demand for a sophisticated security strategy. One part of such a strategy is to accurately detect intrusive behavior in an in-vehicle network. Therefore, we built a log analyzer in C that focused on payload bytes having either a small set of different values or a small set of possible changes. While being an order of magnitude faster, the accuracy of the results obtained is at least comparable with results obtained using standard machine learning techniques. These features make this approach an interesting option for implementation within in-vehicle embedded systems. Another important aspect is that the explainability of the results is better compared to deep learning systems. |
BibTeX:
@InProceedings{Chevalier2019,
author = {Yannick Chevalier and Roland Rieke and Florian Fenzl and Andrey Chechulin and Igor V. Kotenko},
editor = {Igor V. Kotenko and Costin Badica and Vasily Desnitsky and Didier El Baz and Mirjana Ivanovic},
title="ECU-Secure: Characteristic Functions for In-Vehicle Intrusion Detection",
booktitle="Intelligent Distributed Computing XIII",
series = {Studies in Computational Intelligence},
volume = {868},
publisher = {Springer},
year = {2020},
address="Cham",
pages={495--504},
doi = {10.1007/978-3-030-32258-8\_58},
isbn="978-3-030-32258-8"
}
|
| Daniel Zelle, Roland Rieke, and Christoph Krauß (2019), Security Test Platform for Autonomous Driving, 3. ACM COMPUTER SCIENCE IN CARS SYMPOSIUM (CSCS 2019) |
BibTeX:
@techreport{CSCS2019,
author = {Daniel Zelle and Roland Rieke and Christoph Krau\ss{}},
year = {2019},
month = {October},
title = {Security Test Platform for Autonomous Driving},
url = {https://cscs19.cispa.saarland/files/cscs19_camera_ready/19_TestbedSAD.pdf},
language = {english},
institution = {3. ACM COMPUTER SCIENCE IN CARS SYMPOSIUM (CSCS 2019)}
}
|
| Ivo Berger, Roland Rieke, Maxim Kolomeets, Andrey Chechulin, and Igor Kotenko (2018), Comparative study of machine learning methods for in-vehicle intrusion detection, Computer Security. ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6-7, 2018, Revised Selected Papers (Springer LNCS 11387) |
| Abstract: An increasing amount of cyber-physical systems within modern cars, such as sensors, actuators, and their electronic control units are connected by in-vehicle networks and these in turn are connected to the evolving Internet of vehicles in order to provide ``smart'' features such as automatic driving assistance. The controller area network bus is commonly used to exchange data between different components of the vehicle, including safety critical systems as well as infotainment. As every connected controller broadcasts its data on this bus it is very susceptible to intrusion attacks which are enabled by the high interconnectivity and can be executed remotely using the Internet connection. This paper aims to evaluate relatively simple machine learning methods as well as deep learning methods and develop adaptations to the automotive domain in order to determine the validity of the observed data stream and identify potential security threats. |
BibTeX:
@InProceedings{Berger2019,
author="Berger, Ivo
and Rieke, Roland
and Kolomeets, Maxim
and Chechulin, Andrey
and Kotenko, Igor",
editor="Katsikas, Sokratis K.
and Cuppens, Fr{\'e}d{\'e}ric
and Cuppens, Nora
and Lambrinoudakis, Costas
and Ant{\'o}n, Annie
and Gritzalis, Stefanos
and Mylopoulos, John
and Kalloniatis, Christos",
title="Comparative Study of Machine Learning Methods for In-Vehicle Intrusion Detection",
booktitle="Computer Security. ESORICS 2018 International Workshops, CyberICPS 2018 and SECPRE 2018, Barcelona, Spain, September 6-7, 2018, Revised Selected Papers",
year="2019",
publisher="Springer",
address="Cham",
pages="85--101",
abstract="An increasing amount of cyber-physical systems within modern cars, such as sensors, actuators, and their electronic control units are connected by in-vehicle networks and these in turn are connected to the evolving Internet of vehicles in order to provide ``smart'' features such as automatic driving assistance. The controller area network bus is commonly used to exchange data between different components of the vehicle, including safety critical systems as well as infotainment. As every connected controller broadcasts its data on this bus it is very susceptible to intrusion attacks which are enabled by the high interconnectivity and can be executed remotely using the Internet connection. This paper aims to evaluate relatively simple machine learning methods as well as deep learning methods and develop adaptations to the automotive domain in order to determine the validity of the observed data stream and identify potential security threats.",
isbn="978-3-030-12786-2",
series = {Lecture Notes in Computer Science},
volume = {11387},
doi = {10.1007/978-3-030-12786-2_6},
}
|
| Roland Rieke, Marc Seidemann, Elise Kengni Talla, Daniel Zelle, and Bernhard Seeger (2017), Behavior Analysis for Safety and Security in Automotive Systems, The 25th Euromicro International Conference on Parallel, Distributed and Network-based Computing (PDP 2017) |
| Abstract: The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within connected cars. The security of connected cars and the whole vehicular ecosystem is thus of utmost importance for consumer trust and acceptance of this emerging technology. This paper describes an approach for on-board detection of unanticipated sequences of events in order to identify suspicious activities. The results show that this approach is fast enough for in-vehicle application at runtime. Several behavior models and synchronization strategies are analyzed in order to narrow down suspicious sequences of events to be sent in a privacy respecting way to a global security operations center for further in-depth analysis. |
BibTeX:
@INPROCEEDINGS{pdp2017,
booktitle={Parallel, Distributed and Network-Based Processing (PDP), 2017 25nd Euromicro International Conference on},
author={Roland Rieke and Marc Seidemann and Elise Kengni Talla and Daniel Zelle and Bernhard Seeger},
title={Behavior Analysis for Safety and Security in Automotive Systems},
year={2017},
month={Mar},
pages={381-385},
keywords={automotive security; connected car; predictive security analysis;
security modeling and simulation; security monitoring;
complex event processing; process discovery},
doi={10.1109/PDP.2017.67},
url={http://ieeexplore.ieee.org/document/7912675/},
publisher = {IEEE Computer Society},
}
|
| Andreas Fuchs and Roland Rieke (2010), Identification of Security Requirements in Systems of Systems by Functional Security Analysis, In Architecting Dependable Systems VII, (Springer LNCS 6420) |
| Abstract: Cooperating systems typically base decisions on information from their own components as well as on input from other systems. Safety critical decisions based on cooperative reasoning however raise severe concerns to security issues. Here, we address the security requirements elicitation step in the security engineering process for such systems of systems. The method comprises the tracing down of functional dependencies over system component boundaries right onto the origin of information as a functional flow graph. Based on this graph, we systematically deduce comprehensive sets of formally defined authenticity requirements for the given security and dependability objectives. The proposed method thereby avoids premature assumptions on the security architecture's structure as well as the means by which it is realised. Furthermore, a tool-assisted approach that follows the presented methodology is described. |
BibTeX:
@incollection{fuchs:rieke:2010,
author = {Andreas Fuchs and Roland Rieke},
title = {{Identification of Security Requirements in Systems of Systems by Functional Security Analysis}},
booktitle = {Architecting Dependable Systems VII},
editor = {Antonio Casimiro and Rogério de Lemos and Cristina Gacek},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
volume = {6420},
year = {2010},
pages = {74--96},
doi={10.1007/978-3-642-17245-8_4},
url={http://dx.doi.org/10.1007/978-3-642-17245-8_4},
isbn = {978-3-642-17244-1}
}
|
| Andreas Fuchs and Roland Rieke (2010), Identification of Security Requirements for Vehicular Communication Systems, 2010 CAST-Workshop on Mobile Security for Intelligent Cars (EVITA project workshop) |
BibTeX:
@inproceedings{talks-CAST:2010,
editor = {Olaf Henniger},
booktitle = {Presentation slides from the EVITA project workshop},
author = {Andreas Fuchs and Roland Rieke},
title = {Identification of Security Requirements for Vehicular Communication Systems},
institution = {EVITA European project},
type = {Deliverable},
number = {D1.2.5.1},
year = {2010},
month= {July},
note = {CAST-Workshop on Mobile Security for Intelligent Cars, Darmstadt, Germany},
url = {http://evita-project.org/Publications/EVITAD1.2.5.1.pdf}
}
|
|
Alastair Ruddle, David Ward, Benjamin Weyl, Sabir Idrees,
Yves Roudier, Michael Friedewald, Timo Leimbach, Andreas
Fuchs, Sigrid Gürgens, Olaf Henniger, Roland Rieke,
Matthias Ritscher, Henrik Broberg, Ludovic Apvrille, Renaud
Pacalet, and Gabriel Pedroza (2009) Security requirements for automotive on-board networks based on dark-side scenarios, EVITA Deliverable D2.3 |
| Abstract: The objective of the EVITA project is to design, verify, and prototype an architecture for automotive on-board networks where security-relevant components are protected against tampering and sensitive data are protected against compromise. Thus, EVITA will provide a basis for the secure deployment of electronic safety aids based on vehicle-to-vehicle and vehicle-to-infrastructure communication. A key activity for the EVITA project is the capture of security requirements for the secure system architecture and associated software and hardware components based on a set of use cases and an investigation of security threat scenarios (dark-side scenarios). This document outlines the processes used to identify and evaluate security requirements, and details the results of their application to automotive on-board networks. It provides input to the secure on-board architecture design. |
BibTeX:
@techreport{other-evita-d2.3,
author = {Alastair Ruddle and David Ward and Benjamin Weyl and Sabir Idrees
and Yves Roudier and Michael Friedewald and Timo Leimbach and Andreas
Fuchs and Sigrid G\"urgens and Olaf Henniger and Roland Rieke and
Matthias Ritscher and Henrik Broberg and Ludovic Apvrille and Renaud
Pacalet and Gabriel Pedroza},
title = {Security requirements for automotive on-board networks based on dark-side
scenarios},
institution = {EVITA project},
year = {2009},
type = {{EVITA Deliverable D2.3}},
url = {http://evita-project.org/deliverables.html}
}
|
|
Christophe Jouvray, Antonio Kung, Michel Sall,
Andreas Fuchs, Sigrid Gürgens, Roland Rieke
(2009) Security and trust model, EVITA Deliverable D3.1 |
| Abstract: The objective of the EVITA project is to design, verify, and prototype an architecture for automotive on-board networks where security-relevant components are protected against tampering and sensitive data are protected against compromise. Thus, EVITA will provide a basis for the secure deployment of electronic safety aids based on vehicle-to-vehicle and vehicle-to-infrastructure communication. Designing a system respecting the criteria of security and trust is a complex task. Security will cover various aspects such as dependability, integrity, authenticity, or even privacy. It is thus possible to have confidence in a system where evidence is provided to the user. To do this, taking into account security issues should begin early in the product life cycle. Currently, model driven approaches are used in application design. Model oriented approaches must be adjusted to take into account the security mechanisms. This document analyzes different approaches to security architecture models and specifies a suitable security and trust model for automotive on-board networks. Two main solutions are proposed to adapt model approaches. The first one concerns directly the model driven engineering by introducing all needed concepts into a model. The second solution proposes a formal method for the refinement of security properties. High level properties specified within a platform-independent model can be refined to properties required by certain security mechanisms which in turn reflect the platform-specific architecture chosen. |
BibTeX:
@techreport{other-evita-d3.1,
author = {Christophe Jouvray and Antonio Kung and Michel Sall and Andreas
Fuchs and Sigrid G\"urgens and Roland Rieke},
title = {Security and trust model},
institution = {EVITA project},
year = {2009},
type = {{EVITA Deliverable D3.1}},
url = {http://evita-project.org/deliverables.html}
}
|
| Andreas Fuchs and Roland Rieke (2009), Identification of authenticity requirements in systems of systems by functional security analysis, In Workshop on Architecting Dependable Systems (WADS 2009), in Proceedings of the 2009 IEEE/IFIP Conference on Dependable Systems and Networks, Supplemental Volume. |
| Abstract: Cooperating systems typically base decisions on information from their own components as well as on input from other systems. Safety critical decisions based on cooperative reasoning, such as automatic emergency braking of a vehicle, raise severe concerns to security issues. In this paper we address the security engineering process for such systems of systems. The presented authenticity requirements elicitation method is based on functional dependency analysis. It comprises the tracing down of functional dependencies over system boundaries right onto the origin of information. A dependency graph with a safety critical function as root and the origins of decision relevant information as leaves is used to deduce a set of authenticity requirements. This set is comprehensive and defines the maximal set of authenticity requirements from the given functional dependencies. Furthermore, the proposed method avoids premature assumptions on the architectural structure and mechanisms to implement security measures. |
BibTeX:
@inproceedings{fuchs:rieke:2009,
author = {Andreas Fuchs and Roland Rieke},
title = {Identification of authenticity requirements in systems of systems by functional security analysis},
booktitle = {Workshop on Architecting Dependable Systems (WADS 2009), in Proceedings of the 2009 IEEE/IFIP Conference on Dependable Systems and Networks, Supplemental Volume},
year = {2009},
pages={E29-E34},
}
|