Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2019 | Buch

Towards Safety and Security Co-engineering Kapitel lesen Erstes Kapitel lesen

Security and Safety Interplay of Intelligent Software Systems

ESORICS 2018 International Workshops, ISSA 2018 and CSITS 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers

herausgegeben von: Dr. Brahim Hamid, Barbara Gallina, Asaf Shabtai, Dr. Yuval Elovici, Joaquin Garcia-Alfaro

Verlag: Springer International Publishing

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book constitutes the thoroughly refereed post-conference proceedings of the International Workshop on Interplay of Security, Safety and System/Software Architecture, CSITS 2018, and the International Workshop on Cyber Security for Intelligent Transportation Systems, ISSA 2018, held in Barcelona, Spain, in September 2018, in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018.

The ISSA 2018 workshop received 10 submissions from which 3 full papers and 1 short paper were accepted. They cover topics such as software security engineering, domain-specific security and privacy architectures, and automative security. In addition, an invited paper on safety and security co-engineering intertwining is included. The CSITS 2018 workshop received 9 submissions from which 5 full papers and 1 short paper were accepted. The selected papers deal with car security and aviation security.

Inhaltsverzeichnis

Frontmatter

Invited Paper

Frontmatter
Towards Safety and Security Co-engineering
Challenging Aspects for a Consistent Intertwining
Abstract
The emergence of systems identified as both safety and security critical has motivated research and industry to search for novel approaches to conduct multi-concern engineering (co-engineering). But several aspects and issues have arisen during the process what has limited the advances. Among them, there are the specificities found in concepts, methods and development cycles, the current standalone practices of safety and security, and the lack of consolidated metrics for safety-security assessment. This paper presents synthetic discussions on referred topics along with some suggestions for solutions and perspectives.
Gabriel Pedroza

Safety and Security Interplay

Frontmatter
Understanding Common Automotive Security Issues and Their Implications
Abstract
With increased connectivity of safety-critical systems such as vehicles and industrial control systems, the importance of secure software rises in lock-step. Even systems that are traditionally considered to be non safety-critical can become safety-critical if they are willfully manipulated. In this paper, we identify 8 important security issues of automotive software based on a conceptually simple yet interesting example. The issues encompass problems from the design phase, including requirements engineering, to the choice of concrete parameters for an API. We then investigate how these issues are perceived by automotive security experts through a survey.
The survey results indicate that the identified issues are indeed problematic in real industry use-cases. Based on the collected data, we draw conclusions which problems deserve further attention and how the problems can be addressed. In particular, we find that key distribution is a major issue. Finally, many of the identified issues can be addressed by improved documentation and access to security experts.
Aljoscha Lautenbach, Magnus Almgren, Tomas Olovsson
SysML Model Transformation for Safety and Security Analysis
Abstract
While the awareness toward the security and safety of embedded systems has recently improved due to various significant attacks, the issue of building a practical but accurate methodology for designing such safe and secure systems still remains unsolved. Where test coverage is dissatisfying, formal analysis grants much higher potential to discover security vulnerabilities during the design phase of a system. Yet, formal verification methods often require a strong technical background that limits their usage. In this paper, we formally describe a verification process that enables us to prove security-oriented properties such as confidentiality on block and state machine diagrams of SysML. The mathematical description of the translation of these formally defined diagrams into a ProVerif specification enables us to prove the correctness of the verification method.
Rabéa Ameur-Boulifa, Florian Lugou, Ludovic Apvrille
The Challenge of Safety Tactics Synchronization for Cooperative Systems
Abstract
Given rapid progress in integrating operational and industrial technologies and recent increase in the level of automation in safety-related systems, cooperative cyber-physical systems are emerging in a self-contained area requiring new approaches for addressing their critical properties such as safety and security. The notion of tactics is used to describe a relation between a system input and its corresponding response. Cooperative functionalities often rely on wireless communication and incoherent behavior of different wireless channels makes it challenging to achieve harmonization in deployment of systems’ tactics. In this work we focus on safety tactics for cooperative cyber-physical systems as a response to inputs related to both safety and security, i.e., we are interested in security informed safety, and formulate a challenge of synchronization of safety tactics between the cooperating systems. To motivate the requirement on such synchronization we consider a car platoon, i.e., a set of cooperative vehicles, as an example and illustrate possible hazards arising from unsynchronized tactics deployment.
Elena Lisova, Svetlana Girs
SAM: A Security Abstraction Model for Automotive Software Systems
Abstract
Due to the emergence of (semi-)autonomous vehicles and networked technologies in the automotive domain, the development of secure and reliable vehicles plays an increasingly important role in the protection of road users. Safe and secure road transport is a major societal and political objective, which is substantiated by the concrete goal of the European Commission to “move close to zero fatalities in road transport” (White Paper of the European Commission Roadmap to a Single European Transport Area—Towards a competitive and resource efficient transport system, 2011, page 10.) within the next three decades. One historically often neglected aspect of this objective in automotive system development is security, i.e., freedom from maliciously implemented threats. In the automotive software industry, model-based engineering is the current state of the practice. Instead of integrating security into the entire system development process, it currently tends to be an afterthought. Because of the tight interdependencies and integration of components, the consequences of gaping security flaws are grave. The contribution of this paper is a secure modeling approach enabling the automotive engineer to analyze the software system in the context of industrial model-based engineering in an early phase. The security modeling language specification is presented as a proposed annex to the relevant industry standard EAST-ADL, and therefore offers a common modeling approach for architectural and security aspects. All security extensions are in line with this standard and its meta level, which is shared with AUTOSAR. The security modeling language specification is demonstrated in a small modeling example, along with a formal evaluation which applies the Grounded Theory method to a set of expert interviews, showing that it is comprehensive and embraces even non-standardized pertinent research.
Markus Zoppelt, Ramin Tavakoli Kolagari

Car Security

Frontmatter
CAN-FD-Sec: Improving Security of CAN-FD Protocol
Abstract
A modern vehicle consists of more than 70 Electronic Control Unit (ECUs) which are responsible for controlling one or more subsystems in the vehicle. These ECUs are interconnected through a Controller Area Network (CAN) bus, which suffers from some limitations of data payload size, bandwidth, and the security issues. Therefore, to overcome the CAN bus limitations, CAN-FD (CAN with Flexible Data) has been introduced. CAN-FD has advantages over the CAN in terms of data payload size and the bandwidth. Still, security issues have not been considered in the design of CAN-FD. All those attacks that are possible to CAN bus are also applicable on CAN-FD. In 2016, Woo et. al proposed a security architecture for in-vehicle CAN-FD. They used an ISO 26262 standard that defines the safety level to determine the security requirements for each ECU, based on that they provided encryption, authentication, both or no security to each ECU. In this paper, we propose a new security architecture for the communication between ECUs on different channels through gateway ECU (GECU). Our experimental results also demonstrate that using an authenticated encryption scheme has better performance than applying individual primitives for encryption and authentication.
Megha Agrawal, Tianxiang Huang, Jianying Zhou, Donghoon Chang
INCANTA - INtrusion Detection in Controller Area Networks with Time-Covert Authentication
Abstract
We explore the use of delays to create a time-covert cryptographic authentication channel on the CAN bus. The use of clock skews has been recently proposed for detecting intrusions on CAN, using similar mechanisms that were previously exploited in computer or mobile networks in the past decade. However, the fine-grained control of timers easily allows controllers to adjust their clock potentially making such mechanisms ineffective as we argue here and was also proved by a recent research work. We exploit this potential shortcoming in a constructive sense, i.e., the accuracy of arrival times on in-vehicle buses and the fine-grained control of timer/counter circuits on automotive controllers allows us to use time as a covert channel to carry cryptographic authentication. Based on this procedure we propose an effective authentication and intrusion detection mechanism that is fully back-ward compatible with legacy implementations on CAN. Our proposal directly applies to any modern in-vehicle bus, e.g., CAN-FD, FlexRay, etc.
Bogdan Groza, Lucian Popa, Pal-Stefan Murvay
Detection of Injection Attacks in Compressed CAN Traffic Logs
Abstract
Prior research has demonstrated that modern cars are vulnerable to cyber attacks. As such attacks may cause physical accidents, forensic investigations must be extended into the cyber domain. In order to support this, CAN traffic in vehicles must be logged continuously, stored efficiently, and analyzed later to detect signs of cyber attacks. Efficient storage of CAN logs requires compressing them. Usually, this compressed logs must be decompressed for analysis purposes, leading to waste of time due to the decompression operation itself and most importantly due to the fact that the analysis must be carried out on a much larger amount of decompressed data. In this paper, we propose an anomaly detection method that works on the compressed CAN log itself. For compression, we use a lossless semantic compression algorithm that we proposed earlier. This compression algorithm achieves a higher compression ratio than traditional syntactic compression methods do such as gzip. Besides this advantage, in this paper, we show that it also supports the detection of injection attacks without decompression. Moreover, with this approach we can detect attacks with low injection frequency that were not detected reliably in previous works.
András Gazdag, Dóra Neubrandt, Levente Buttyán, Zsolt Szalay
Key is in the Air: Hacking Remote Keyless Entry Systems
Abstract
A Remote Keyless Systems (RKS) is an electronic lock that controls access to a building or vehicle without using a traditional mechanical key. Although RKS have become more and more robust over time, in this paper we show that specifically designed attack strategies are still effective against them. In particular, we show how RKS can be exploited to efficiently hijack cars’ locks.
Our new attack strategy—inspired to a previously introduced strategy named jam-listen-replay—only requires a jammer and a signal logger. We prove the effectiveness of our attack against six different car models. The attack is successful in all of the tested cases, and for a wide range of system parameters. We further compare our solution against state of the art attacks, showing that the discovered vulnerabilities enhance over past attacks, and conclude that RKS solutions cannot be considered secure, calling for further research on the topic.
Omar Adel Ibrahim, Ahmed Mohamed Hussain, Gabriele Oligeri, Roberto Di Pietro

Aviation Security

Frontmatter
Surveying Aviation Professionals on the Security of the Air Traffic Control System
Abstract
In this paper, we report findings from an exploratory study concerning the security of 15 different wireless technologies used in aviation. 242 aviation professionals and experts from 24 different countries completed an on-line questionnaire about their use and perceptions of each of these technologies. We examine the respondents’ familiarity with and reliance on each technology, with particular regard to their security. Furthermore, we analyse respondents’ perceptions of the possible impact of a wireless attack on the air traffic control system, from both a safety and a business point of view. We deepen these insights with statistical analysis comparing five different stakeholder groups: pilots, air traffic controllers, aviation authorities, aviation engineers, and private pilots.
Martin Strohmeier, Anna K. Niedbala, Matthias Schäfer, Vincent Lenders, Ivan Martinovic
On the Security of MIL-STD-1553 Communication Bus
Abstract
MIL-STD-1553 is a military standard that defines the physical and logical layers, and a command/response time division multiplexing of a communication bus used in military and aerospace avionic platforms for more than 40 years. As a legacy platform, MIL-STD-1553 was designed for high level of fault tolerance while less attention was taken with regard to security. Recent studies already addressed the impact of successful cyber-attacks on aerospace vehicles that are implementing MIL-STD-1553. In this work we present a security analysis of MIL-STD-1553, which enumerates the assets and threats to the communication bus, as well as defines the attacker’s profile.
Orly Stan, Adi Cohen, Yuval Elovici, Asaf Shabtai
Backmatter
Metadaten
Titel
Security and Safety Interplay of Intelligent Software Systems
herausgegeben von
Dr. Brahim Hamid
Barbara Gallina
Asaf Shabtai
Dr. Yuval Elovici
Joaquin Garcia-Alfaro
Copyright-Jahr
2019
Electronic ISBN
978-3-030-16874-2
Print ISBN
978-3-030-16873-5
DOI
https://doi.org/10.1007/978-3-030-16874-2

Premium Partner

    Bildnachweise