Top

Published in:

2019 | OriginalPaper | Chapter

SAM: A Security Abstraction Model for Automotive Software Systems

Authors : Markus Zoppelt, Ramin Tavakoli Kolagari

Published in: Security and Safety Interplay of Intelligent Software Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Due to the emergence of (semi-)autonomous vehicles and networked technologies in the automotive domain, the development of secure and reliable vehicles plays an increasingly important role in the protection of road users. Safe and secure road transport is a major societal and political objective, which is substantiated by the concrete goal of the European Commission to “move close to zero fatalities in road transport” (White Paper of the European Commission Roadmap to a Single European Transport Area—Towards a competitive and resource efficient transport system, 2011, page 10.) within the next three decades. One historically often neglected aspect of this objective in automotive system development is security, i.e., freedom from maliciously implemented threats. In the automotive software industry, model-based engineering is the current state of the practice. Instead of integrating security into the entire system development process, it currently tends to be an afterthought. Because of the tight interdependencies and integration of components, the consequences of gaping security flaws are grave. The contribution of this paper is a secure modeling approach enabling the automotive engineer to analyze the software system in the context of industrial model-based engineering in an early phase. The security modeling language specification is presented as a proposed annex to the relevant industry standard EAST-ADL, and therefore offers a common modeling approach for architectural and security aspects. All security extensions are in line with this standard and its meta level, which is shared with AUTOSAR. The security modeling language specification is demonstrated in a small modeling example, along with a formal evaluation which applies the Grounded Theory method to a set of expert interviews, showing that it is comprehensive and embraces even non-standardized pertinent research.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter The Challenge of Safety Tactics Synchronization for Cooperative Systems

next chapter CAN-FD-Sec: Improving Security of CAN-FD Protocol

www.aadl.info.

https://github.com/MarkusZoppelt/SAM.

http://www.in.th-nuernberg.de/SAM.

https://www.in.th-nuernberg.de/Professors/AS2E/SAM/GT-Eval.pdf.

AUTOSAR: Enabling Continuous Innovations (2018). https://www.autosar.org/

AUTOSAR AP Release 17–10: Requirements on Security Management for Adaptive Platform. https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-10/AUTOSAR_RS_SecurityManagement.pdf

Bißmeyer, N., et al.: PREparing SEcuRe VEhicle-to-X Communication Systems - Deliverable 1.3 - V2X Security Architecture v2 (2014)

Blom, H., et al.: EAST-ADL-an architecture description language for automotive software-intensive systems-white paper version 2.1.12. http://www.maenad.eu/public/conceptpresentations/EAST-ADL_WhitePaper_M2. Accessed Jan 2013

Chen, M., Qian, Y., Mao, S., Tang, W., Yang, X.: Software-defined mobile networks security. Mob. Netw. Appl. 21(5), 729–743 (2016)CrossRef

Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Socio-technical Aspects in Security and Trust (STAST), pp. 1–8. IEEE (2011). https://doi.org/10.1109/STAST.2011.6059249

Glaser, B.G., Strauss, A.L., Strutzel, E.: The discovery of grounded theory; strategies for qualitative research. Nurs. Res. 17(4), 364 (1968)CrossRef

Happel, A., Ebert, C.: Security in vehicle networks of connected cars. In: Bargende, M., Reuss, H.C., Wiedemann, J. (eds.) 15. Internationales Stuttgarter Symposium: Automobil- und Motorentechnik (March), pp. 233–246. Springer, Wiesbaden (2015). https://doi.org/10.1007/978-3-658-08844-6_16CrossRef

Haskins, C., Forsberg, K., Krueger, M., Walden, D., Hamelin, D.: Systems engineering handbook. In: INCOSE (2006)

10.

Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, ITST 2009, pp. 641–646. IEEE (2009). https://doi.org/10.1109/ITST.2009.5399279

11.

Holm, H., Ekstedt, M., Sommestad, T., Korman, M.: A Manual for the Cyber Security Modeling Language (2014)

12.

International Organization for Standardization: Road vehicles - functional safety - Part 2: Management of functional safety. International Organization for Standardization 066(20), 26 (2009)

13.

ISO/IEC: ISO/IEC 15408–1:2009 - Evaluation Criteria for IT Security 2009, 64 (2009)

14.

Johansson, C., Bucanac, C.: The V-Model. IDE, University Of Karlskrona, Ronneby (1999)

15.

Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32CrossRefMATH

16.

Lee, J., Bagheri, B., Kao, H.A.: A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015)CrossRef

17.

Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_21CrossRef

18.

Mash, C.: Ethernet set to bring about radical shift in how automotive networks are implemented, January 2018. http://www.digitimes.com/news/a20180115PR203.html

19.

Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)

20.

Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Defcon 22, 1–90 (2014)

21.

Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007). https://doi.org/10.1142/S0218194007003240CrossRef

22.

Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study (2017). https://doi.org/10.1016/j.infsof.2016.11.004

23.

Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A stealth, selective, link-layer denial-of-service attack against automotive networks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 185–206. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_9CrossRef

24.

Rao, K.R.M., Pant, D.: A threat risk modeling framework for Geospatial Weather Information System (GWIS): a DREAD based study. Int. J. Adv. Comput. Sci. Appl. 1(3) (2010)

25.

Ross, R., McEvilley, M., Carrier Oren, J.: Systems security engineering: considerations for a multidisciplinary approach in the engineering of trustworthy secure systems, vol. 160, November 2016. https://doi.org/10.6028/NIST.SP.800-160. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf

26.

Sandelin, A., Alkema, W., Engström, P., Wasserman, W.W., Lenhard, B.: JASPAR: an open-access database for eukaryotic transcription factor binding profiles. Nucleic Acids Res. 32(Suppl. 1), D91–D94 (2004)CrossRef

27.

Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

28.

Smith, C., Francisco, S.: The Car Hacker’s Handbook a Guide for the Penetration Tester About the Contributing Author About the Technical Reviewer (2016)

29.

Thing, V.L., Wu, J.: Autonomous vehicle security: a taxonomy of attacks and defences. In: Proceedings - 2016 IEEE International Conference on Internet of Things; IEEE Green Computing and Communications; IEEE Cyber, Physical, and Social Computing; IEEE Smart Data, iThings-GreenCom-CPSCom-Smart Data 2016, pp. 164–170 (2017). https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.52

30.

Tuohy, S., Glavin, M., Hughes, C., Jones, E., Trivedi, M., Kilmartin, L.: Intra-vehicle networks: a review (2015). https://doi.org/10.1109/TITS.2014.2320605

31.

Valasek, C., Miller, C.: Adventures in automotive networks and control units. Technical White Paper, vol. 21, p. 99 (2013)

32.

Van Tilborg, H.C.A., Jajodia, S.: Encyclopedia of Cryptography and Security. Springer, New York (2014)MATH

33.

Zeng, W., Khalid, M.A., Chowdhury, S.: In-vehicle networks outlook: achievements and challenges. IEEE Commun. Surv. Tutor. 18(3), 1552–1571 (2016). https://doi.org/10.1109/COMST.2016.2521642CrossRef

Title: SAM: A Security Abstraction Model for Automotive Software Systems
Authors: Markus Zoppelt
Ramin Tavakoli Kolagari
Publisher: Springer International Publishing
Book: Security and Safety Interplay of Intelligent Software Systems
Print ISBN: 978-3-030-16873-5

Electronic ISBN: 978-3-030-16874-2

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-16874-2_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner