Abstract
Due to the emergence of (semi-)autonomous vehicles and networked technologies in the automotive domain, the development of secure and reliable vehicles plays an increasingly important role in the protection of road users. Safe and secure road transport is a major societal and political objective, which is substantiated by the concrete goal of the European Commission to “move close to zero fatalities in road transport” (White Paper of the European Commission Roadmap to a Single European Transport Area—Towards a competitive and resource efficient transport system, 2011, page 10.) within the next three decades. One historically often neglected aspect of this objective in automotive system development is security, i.e., freedom from maliciously implemented threats. In the automotive software industry, model-based engineering is the current state of the practice. Instead of integrating security into the entire system development process, it currently tends to be an afterthought. Because of the tight interdependencies and integration of components, the consequences of gaping security flaws are grave. The contribution of this paper is a secure modeling approach enabling the automotive engineer to analyze the software system in the context of industrial model-based engineering in an early phase. The security modeling language specification is presented as a proposed annex to the relevant industry standard EAST-ADL, and therefore offers a common modeling approach for architectural and security aspects. All security extensions are in line with this standard and its meta level, which is shared with AUTOSAR. The security modeling language specification is demonstrated in a small modeling example, along with a formal evaluation which applies the Grounded Theory method to a set of expert interviews, showing that it is comprehensive and embraces even non-standardized pertinent research.
Supported by the ZD.B and the BayWISS Consortium Digitization.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
AUTOSAR: Enabling Continuous Innovations (2018). https://www.autosar.org/
AUTOSAR AP Release 17–10: Requirements on Security Management for Adaptive Platform. https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-10/AUTOSAR_RS_SecurityManagement.pdf
Bißmeyer, N., et al.: PREparing SEcuRe VEhicle-to-X Communication Systems - Deliverable 1.3 - V2X Security Architecture v2 (2014)
Blom, H., et al.: EAST-ADL-an architecture description language for automotive software-intensive systems-white paper version 2.1.12. http://www.maenad.eu/public/conceptpresentations/EAST-ADL_WhitePaper_M2. Accessed Jan 2013
Chen, M., Qian, Y., Mao, S., Tang, W., Yang, X.: Software-defined mobile networks security. Mob. Netw. Appl. 21(5), 729–743 (2016)
Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Socio-technical Aspects in Security and Trust (STAST), pp. 1–8. IEEE (2011). https://doi.org/10.1109/STAST.2011.6059249
Glaser, B.G., Strauss, A.L., Strutzel, E.: The discovery of grounded theory; strategies for qualitative research. Nurs. Res. 17(4), 364 (1968)
Happel, A., Ebert, C.: Security in vehicle networks of connected cars. In: Bargende, M., Reuss, H.C., Wiedemann, J. (eds.) 15. Internationales Stuttgarter Symposium: Automobil- und Motorentechnik (March), pp. 233–246. Springer, Wiesbaden (2015). https://doi.org/10.1007/978-3-658-08844-6_16
Haskins, C., Forsberg, K., Krueger, M., Walden, D., Hamelin, D.: Systems engineering handbook. In: INCOSE (2006)
Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, ITST 2009, pp. 641–646. IEEE (2009). https://doi.org/10.1109/ITST.2009.5399279
Holm, H., Ekstedt, M., Sommestad, T., Korman, M.: A Manual for the Cyber Security Modeling Language (2014)
International Organization for Standardization: Road vehicles - functional safety - Part 2: Management of functional safety. International Organization for Standardization 066(20), 26 (2009)
ISO/IEC: ISO/IEC 15408–1:2009 - Evaluation Criteria for IT Security 2009, 64 (2009)
Johansson, C., Bucanac, C.: The V-Model. IDE, University Of Karlskrona, Ronneby (1999)
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32
Lee, J., Bagheri, B., Kao, H.A.: A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015)
Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_21
Mash, C.: Ethernet set to bring about radical shift in how automotive networks are implemented, January 2018. http://www.digitimes.com/news/a20180115PR203.html
Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)
Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Defcon 22, 1–90 (2014)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007). https://doi.org/10.1142/S0218194007003240
Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study (2017). https://doi.org/10.1016/j.infsof.2016.11.004
Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A stealth, selective, link-layer denial-of-service attack against automotive networks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 185–206. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_9
Rao, K.R.M., Pant, D.: A threat risk modeling framework for Geospatial Weather Information System (GWIS): a DREAD based study. Int. J. Adv. Comput. Sci. Appl. 1(3) (2010)
Ross, R., McEvilley, M., Carrier Oren, J.: Systems security engineering: considerations for a multidisciplinary approach in the engineering of trustworthy secure systems, vol. 160, November 2016. https://doi.org/10.6028/NIST.SP.800-160. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf
Sandelin, A., Alkema, W., Engström, P., Wasserman, W.W., Lenhard, B.: JASPAR: an open-access database for eukaryotic transcription factor binding profiles. Nucleic Acids Res. 32(Suppl. 1), D91–D94 (2004)
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Smith, C., Francisco, S.: The Car Hacker’s Handbook a Guide for the Penetration Tester About the Contributing Author About the Technical Reviewer (2016)
Thing, V.L., Wu, J.: Autonomous vehicle security: a taxonomy of attacks and defences. In: Proceedings - 2016 IEEE International Conference on Internet of Things; IEEE Green Computing and Communications; IEEE Cyber, Physical, and Social Computing; IEEE Smart Data, iThings-GreenCom-CPSCom-Smart Data 2016, pp. 164–170 (2017). https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.52
Tuohy, S., Glavin, M., Hughes, C., Jones, E., Trivedi, M., Kilmartin, L.: Intra-vehicle networks: a review (2015). https://doi.org/10.1109/TITS.2014.2320605
Valasek, C., Miller, C.: Adventures in automotive networks and control units. Technical White Paper, vol. 21, p. 99 (2013)
Van Tilborg, H.C.A., Jajodia, S.: Encyclopedia of Cryptography and Security. Springer, New York (2014)
Zeng, W., Khalid, M.A., Chowdhury, S.: In-vehicle networks outlook: achievements and challenges. IEEE Commun. Surv. Tutor. 18(3), 1552–1571 (2016). https://doi.org/10.1109/COMST.2016.2521642
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zoppelt, M., Tavakoli Kolagari, R. (2019). SAM: A Security Abstraction Model for Automotive Software Systems. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds) Security and Safety Interplay of Intelligent Software Systems. CSITS ISSA 2018 2018. Lecture Notes in Computer Science(), vol 11552. Springer, Cham. https://doi.org/10.1007/978-3-030-16874-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-16874-2_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16873-5
Online ISBN: 978-3-030-16874-2
eBook Packages: Computer ScienceComputer Science (R0)