Security requirements for automotive on-board networks

Henniger, Olaf; Apvrille, Ludovic; Fuchs, Andreas; Roudier, Yves; Ruddle, Alastair R.; Weyl, Benjamin

doi:10.1109/itst.2009.5399279

Cited by 80 publications

(62 citation statements)

References 3 publications

(3 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another way is to exploit the wireless communication interfaces such as Bluetooth and keyless entry system (e.g., the work in [4] shows unlocking a car without a car key is possible). Once the attackers have gained access to in-vehicle architecture platform, they can then exploit the vulnerabilities of aforementioned bus systems to deploy sensor spoofing attacks [12], replay attacks, masquerade attacks, DoS attacks, etc.…”

Section: Intra-vehicle Securitymentioning

confidence: 99%

Design and verification for transportation system security

Zheng

Deng

et al. 2015

Proceedings of the 52nd Annual Design Automation Conference

View full text Add to dashboard Cite

Cyber-security has emerged as a pressing issue for transportation systems. Studies have shown that attackers can attack modern vehicles from a variety of interfaces and gain access to the most safety-critical components. Such threats become even broader and more challenging with the emergence of vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication technologies. Addressing the security issues in transportation systems requires comprehensive approaches that encompass considerations of security mechanisms, safety properties, resource constraints, and other related system metrics. In this work, we propose an integrated framework that combines hybrid modeling, formal verification, and automated synthesis techniques for analyzing the security and safety of transportation systems and carrying out design space exploration of both in-vehicle electronic control systems and vehicle-to-vehicle communications. We demonstrate the ideas of our framework through a case study of cooperative adaptive cruise control.

show abstract

Section: Intra-vehicle Securitymentioning

confidence: 99%

Design and verification for transportation system security

Zheng

Deng

et al. 2015

Proceedings of the 52nd Annual Design Automation Conference

View full text Add to dashboard Cite

show abstract

“…Edge et al [Edge et al, 2006] introduce protection costs; Byres et al [Byres et al, 2004] use detectability which illustrates how easily a defender can discover an attack and difficulty which specifies the needed skill of the attacker. As suggested by Henniger et al [Henniger et al, 2009], attack time -which models an amount of time needed to perform an attack -may be considered independent of an attacker's skill, costs or resources. Attacks that a defender cannot really protect himself against can be annotated as unmitigatable.…”

Section: Attribute Overviewmentioning

confidence: 99%

“…A similar approach has been used in [Jürgenson and Willemson, 2008], where the costs, success probability, gain and penalty attributes have been combined in order to define a new attribute called the exact expected outcome of the attacker. Henniger et al [Henniger et al, 2009] combine the attributes elapsed time, expertise, knowledge of system, window of opportunity and required equipment, in order to deduce the required attack potential. Finally, Fung et al [Fung et al, 2005] show how the difficulty level associated to the non-refined nodes can be used to estimate the survivability in the root node.…”

Section: General Calculation With Attributesmentioning

confidence: 99%

“…Difficulty [Byres et al, 2004, Fung et al, 2005, Tanu and Arreymbi, 2010, Henniger et al, 2009, Amenaza, 2001, Mauw and Oostdijk, 2005, Abdulla et al, 2010, Amoroso, 1994, Wang et al, 2011 The technical or social skill level needed for the attacker or defender to succeed.…”

Section: Adtree Decoration With Attributesmentioning

confidence: 99%

“…False (F): No special skill is required. Time [Henniger et al, 2009, Schneier, 1999, Wang et al, 2011 For the attacker this is the time needed to perform the attack, independent of difficulty and costs of attack.…”

Section: Binary Valuementioning

confidence: 99%

See 2 more Smart Citations

Attribute Decoration of Attack–Defense Trees

Bagnato

Kordy

Meland

et al. 2012

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, we create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, we explore how to use a rich set of attributes for attack and defense nodes and how to assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. We discuss different modeling choices and trade-offs. The case study led us to define concrete guidelines that can be used by software developers, security analysts and system owners when performing similar assessments.

show abstract

Cyber Security Risk Analysis for Intelligent Transport Systems and In‐vehicle Networks

Ruddle

Ward

2015

Intelligent Transport Systems

View full text Add to dashboard Cite

Security requirements for automotive on-board networks

Cited by 80 publications

References 3 publications

Design and verification for transportation system security

Design and verification for transportation system security

Attribute Decoration of Attack–Defense Trees

Cyber Security Risk Analysis for Intelligent Transport Systems and In‐vehicle Networks

Contact Info

Product

Resources

About