Secure Automotive Software: The Next Steps

Pike, Lee; Sharp, Jamey; Tullsen, Mark; Hickey, Patrick C.; Bielman, James

doi:10.1109/ms.2017.78

Cited by 17 publications

(6 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lee et al [12] discussed how compile-time assurance, runtime protection, automated testing and architectural security could be used in automotive software. Seshia et al [13] discussed the major challenges in applying formal methods in the specification, design and verification of semi-autonomous vehicles.…”

Section: ) Safety and Security Of Autonomous Driving Vehiclesmentioning

confidence: 99%

Guardauto: A Decentralized Runtime Protection System for Autonomous Driving

Cheng

Zhou

Chen

et al. 2020

Preprint

View full text Add to dashboard Cite

Due to the broad attack surface and the lack of runtime protection, potential safety and security threats hinder the real-life adoption of autonomous vehicles. Although efforts have been made to mitigate some specific attacks, there are few works on the protection of the self-driving system. This paper presents a decentralized self-protection framework called Guardauto to protect the self-driving system against runtime threats. First, Guardauto proposes an isolation model to decouple the selfdriving system and isolate its components with a set of partitions. Second, Guardauto provides self-protection mechanisms for each target component, which combines different methods to monitor the target execution and plan adaption actions accordingly. Third, Guardauto provides cooperation among local self-protection mechanisms to identify the root-cause component in the case of cascading failures affecting multiple components. A prototype has been implemented and evaluated on the open-source autonomous driving system Autoware. Results show that Guardauto could effectively mitigate runtime failures and attacks, and protect the control system with acceptable performance overhead.

show abstract

Section: ) Safety and Security Of Autonomous Driving Vehiclesmentioning

confidence: 99%

Guardauto: A Decentralized Runtime Protection System for Autonomous Driving

Cheng

Zhou

Chen

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Although common IT security concepts can be used to design car electronics, there are some specific constraints to consider both in the hardware and the software side, as summarised by Studnia et al [26] and Pike et al [18]:…”

Section: A Constraintsmentioning

confidence: 99%

Automotive Cybersecurity: Foundations for Next-Generation Vehicles

Scalas

Giacinto

2019

2019 2nd International Conference on New Trends in Computing Sciences (ICTCS)

View full text Add to dashboard Cite

The automotive industry is experiencing a serious transformation due to a digitalisation process and the transition to the new paradigm of Mobility-as-a-Service. The next-generation vehicles are going to be very complex cyber-physical systems, whose design must be reinvented to fulfil the increasing demand of smart services, both for safety and entertainment purposes, causing the manufacturers' model to converge towards that of IT companies. Connected cars and autonomous driving are the preeminent factors that drive along this route, and they cause the necessity of a new design to address the emerging cybersecurity issues: the "old" automotive architecture relied on a single closed network, with no external communications; modern vehicles are going to be always connected indeed, which means the attack surface will be much more extended. The result is the need for a paradigm shift towards a secure-by-design approach.In this paper, we propose a systematisation of knowledge about the core cybersecurity aspects to consider when designing a modern car. The major focus is pointed on the in-vehicle network, including its requirements, the current most used protocols and their vulnerabilities. Moreover, starting from the attackers' goals and strategies, we outline the proposed solutions and the main projects towards secure architectures. In this way, we aim to provide the foundations for more targeted analyses about the security impact of autonomous driving and connected cars.

show abstract

“…Finally, we conducted the full-text reading and excluded 40 more publications. As a result, the set of 28 publications remained ( [28], [35], [52], [40], [27], [57], [63], [51], [50], [65], [42], [38], [31], [47], [62], [46], [30], [34], [37], [61], [36], [44], [53], [39], [32], [45], [29]), which was used for executing the snowballing iterations. Finally, 11 new publications were identified with the snowballing methodology: ( [48], [49], [55], [43], [64], [33], [41], [60], [56], [58], [54]), which were added to the final set of 39 papers.…”

Section: Selection Processmentioning

confidence: 99%

“…One may question the fact that we code-based techniques applying attacks on the privacy, availability and authentication. A reason might be that code-based techniques were paired together with penetration testing and dynamic analysis approaches as demonstrated in [29] and [53].…”

Section: Key Findings and Interpretationmentioning

confidence: 99%

Applying Security Testing Techniques to Automotive Engineering

Pekaric

Sauerwein

Felderer

2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Over the past few decades, the automotive industry was mostly focused on testing the safety aspects of a vehicle. However, this was not the case with security testing as it only began to be addressed recently. As a result, multiple approaches applying various security testing techniques on different software-based vehicle IT components emerged. With that said, the research and practice lack an overview about these techniques. In this paper, we conduct a systematic mapping study. This involved the investigation on the following five dimensions: (1) security testing techniques, (2) AUTOSAR layers, (3) functional interfaces of AUTOSAR, (4) vehicle lifecycle phases and (5) attacks. In total, 39 papers presenting approaches for security testing in automotive engineering were systematically selected and classified. The results identify multiple security testing techniques focusing on early phases of vehicle life cycle through the application and services layer of the AUTOSAR architecture. Finally, there is a need for security regression testing approaches, as well as combined security and safety testing approaches. CCS CONCEPTS• Security and privacy → Distributed systems security;

show abstract

Secure Automotive Software: The Next Steps

Cited by 17 publications

References 11 publications

Guardauto: A Decentralized Runtime Protection System for Autonomous Driving

Guardauto: A Decentralized Runtime Protection System for Autonomous Driving

Automotive Cybersecurity: Foundations for Next-Generation Vehicles

Applying Security Testing Techniques to Automotive Engineering

Contact Info

Product

Resources

About