nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Attack Tree Construction and Its Application to the Connected Vehicle

verfasst von : Khaled Karray, Jean-Luc Danger, Sylvain Guilley, M. Abdelaziz Elaabid

Erschienen in: Cyber-Physical Systems Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Remote connectivity of today’s and future cars increases their capabilities of autonomy and safety, but also their attack surface, as reported by several research papers. In the automotive domain, the security has a direct impact on the user’s safety. Thus, the management of risk is becoming the main concern of automotive manufacturers, especially for the future fully connected and autonomous cars. A possible way to quantify the overall risk of a system is the systematic construction of attack graphs and attack trees. These formalisms are presented as one of the possible solutions in the new Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (SAE-J3061). In this chapter we propose to use graph transformation to formally model the car architecture and its state evolution in order to study cyber-physical attacks against it. The resulting attacks are converted into attack trees which are used to estimate the overall risk of the system. Consequently, it becomes possible to study improvements while building a more secure architecture. The proposed method is designed to support the conceptual phase of the vehicle’s cyber-physical system. We illustrate the method on a small pedagogical example to show how it is possible to prove its efficiency.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Time-Delay Attacks in Network Systems

Nächstes Kapitel Reinforcement Learning and Trustworthy Autonomy

P. Ammann, D. Wijesekera, S. Kaushik, Scalable, graph-based network vulnerability analysis, in Proceedings of the 9th ACM Conference on Computer and Communications Security (ACM, New York, 2002), pp. 217–224

L. Apvrille, Y. Roudier, Sysml-sec attack graphs: compact representations for complex attacks, in International Workshop on Graphical Models for Security (Springer, Berlin, 2015), pp. 35–49

L. Apvrille, L. Li, Y. Roudier, Model-driven engineering for designing safe and secure embedded systems, in Architecture-Centric Virtual Integration (ACVI), 2016 (IEEE, Piscataway, 2016), pp. 4–7

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, et al., Comprehensive experimental analyses of automotive attack surfaces, in USENIX Security Symposium, San Francisco (2011)

T. Dimkov, W. Pieters, P. Hartel, Portunes: representing attack scenarios spanning through the physical, digital and social domain, in Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (Springer, Berlin, 2010), pp. 112–129

I.D. Foster, A. Prudhomme, K. Koscher, S. Savage, Fast and vulnerable: a story of telematic failures, in WOOT’15 Proceedings of the 9th USENIX Conference on Offensive Technologies (2015)

Groove: graphs for object-oriented verification. http://groove.cs.utwente.nl/

T. Hoppe, S. Kiltz, J. Dittmann, Security threats to automotive can networks–practical examples and selected short-term countermeasures, in International Conference on Computer Safety, Reliability, and Security (Springer, Berlin, 2008), pp. 235–248

K. Ingols, R. Lippmann, K. Piwowarski, Practical attack graph generation for network defense, in 22nd Annual Computer Security Applications Conference, 2006. ACSAC’06 (IEEE, Piscataway, 2006), pp. 121–130

10.

M.G. Ivanova, C.W. Probst, R.R. Hansen, F. Kammüller, Transforming graphical system models to graphical attack models, in International Workshop on Graphical Models for Security (Springer, Berlin, 2015), pp. 82–96

11.

S. Jajodia, S. Noel, Topological vulnerability analysis, in Cyber Situational Awareness (Springer, Berlin, 2010), pp. 139–154

12.

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, et al., Experimental security analysis of a modern automobile, in 2010 IEEE Symposium on Security and Privacy (SP) (IEEE, Piscataway, 2010), pp. 447–462CrossRef

13.

R. Kumar, E. Ruijters, M. Stoelinga, Quantitative attack tree analysis via priced timed automata, in International Conference on Formal Modeling and Analysis of Timed Systems (Springer, Berlin, 2015), pp. 156–171MATH

14.

F. Lugou, L.W. Li, L. Apvrille, R. Ameur-Boulifa, Sysml models and model transformation for security, in Conferénce on Model-Driven Engineering and Software Development (Modelsward’2016) (2016)

15.

C. Miller, C. Valasek, Remote exploitation of an unaltered passenger vehicle. Black Hat USA (2015)

16.

X. Ou, S. Govindavajhala, A.W. Appel, Mulval: a logic-based network security analyzer, in USENIX Security (2005)

17.

C. Phillips, L.P. Swiler, A graph-based system for network-vulnerability analysis, in Proceedings of the 1998 Workshop on New Security Paradigms (ACM, New York, 1998), pp. 71–79

18.

R.W. Ritchey, P. Ammann, Using model checking to analyze network vulnerabilities, in SP’00 Proceedings of the 2000 IEEE Symposium on Security and Privacy (IEEE, Piscataway, 2000), pp. 156–165

19.

M. Salfer, C. Eckert, Attack surface and vulnerability assessment of automotive electronic control units, in 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), vol. 4 (IEEE, Piscataway, 2015), pp. 317–326

20.

M. Salfer, H. Schweppe, C. Eckert, Efficient attack forest construction for automotive on-board networks, in International Conference on Information Security (Springer, Berlin, 2014), pp. 442–453

21.

B. Schneier, Attack trees. Dr. Dobbâs J. 24(12), 21–29 (1999)

22.

O. Sheyner, J. Haines, S. Jha, R. Lippmann, J.M. Wing, Automated generation and analysis of attack graphs, in 2002 Proceedings IEEE Symposium on Security and Privacy (IEEE, Piscataway, 2002), pp. 273–284

Titel: Attack Tree Construction and Its Application to the Connected Vehicle
verfasst von: Khaled Karray
Jean-Luc Danger
Sylvain Guilley
M. Abdelaziz Elaabid
Verlag: Springer International Publishing
Buch: Cyber-Physical Systems Security
Print ISBN: 978-3-319-98934-1

Electronic ISBN: 978-3-319-98935-8

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-98935-8_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"