Skip to main content
SpringerLink
Log in

Collecting and Classifying Security and Privacy Design Patterns for Connected Vehicles: SECREDAS Approach

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops (SAFECOMP 2020)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12235))

Included in the following conference series:

Abstract

In the past several years, autonomous driving turned out to be a target for many technical players. Automated driving requires new and advanced mechanisms to provide safe functionality and the increased communication makes automated vehicles more vulnerable to attacks. Security is already well-established in some domains, such as the IT sector, and now spills over to Automotive. In order to not reinvent the wheel, existing security methods and tools can be evaluated and adapted to be applicable in other domains, such as Automotive. In the European H2020 ECSEL project SECREDAS, this approach is followed and existing methods, tools, protocols, best practices etc. are analyzed, combined and improved to be applicable in the field of connected vehicles. To provide modular and reusable designs, solutions are collected in form of design patterns. The SECREDAS design patterns describe solution templates to solve security, safety and privacy issues related to automated systems. The grouping and classification of design patterns is important to facilitate the selection process which is a challenging task and weak classification schemes can be a reason for a sparse application of security patterns, which represent a subgroup of design patterns. This work aims to assist automotive software and systems engineers in adopting and using technologies available on the market. The SECREDAS security patterns are based on existing technologies, so-called Common Technology Elements, and describe how and where to apply them in context of connected vehicles by making a reference to a generic architecture. This allows developers to easily find solutions to common problems and reduces the development effort by providing concrete, trustworthy solutions. The whole approach and classification scheme is illustrated based on one example security pattern.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://secredas.eu/.

References

  1. Bécsi, T., Aradi, S., Gáspár, P.: Security issues and vulnerabilities in connected car systems. In: 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS), pp. 477–482 (2015)

    Google Scholar 

  2. Caiza, J.C., Martín, Y.S., Del Alamo, J.M., Guamán, D.S.: Organizing design patterns for privacy: a taxonomy of types of relationships. In: Proceedings of the 22nd European Conference on Pattern Languages of Programs, pp. 1–11 (2017)

    Google Scholar 

  3. Cheng, B.H., Doherty, B., Polanco, N., Pasco, M.: Security patterns for automotive systems. In: 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), pp. 54–63 (2019)

    Google Scholar 

  4. Common Criteria Working Group: Common Methodology for Information Technology Security Evaluation (2017). https://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R5.pdf, Version 3.1 Revision 5

  5. van Den Berghe, A., Yskout, K., Joosen, W.: Security patterns 2.0: toward security patterns based on security building blocks. In: 2018 IEEE/ACM 1st International Workshop on Security Awareness from Design to Deployment (SEAD), pp. 45–48 (2018)

    Google Scholar 

  6. ENISA: ENISA good practices for security of smart cars. Report, European Union Agency for Cybersecurity (2019)

    Google Scholar 

  7. Hafiz, M.: A collection of privacy design patterns. In: Proceedings of the 2006 Conference on Pattern Languages of Programs, PLoP 2006, pp. 1–13. Association for Computing Machinery, New York (2006)

    Google Scholar 

  8. Hafiz, M., Adamczyk, P., Johnson, R.E.: Towards an organization of security patterns. https://munawarhafiz.com/research/patterns/haj07-security-patterns.pdf. Accessed 30 Jan 2020

  9. Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_38

    Chapter  Google Scholar 

  10. Hudaib, A., Edinat, A.: A survey on security patterns and their classification schemes. Int. J. Sci. Eng. Res. 6, 79–90 (2019)

    Article  Google Scholar 

  11. Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository version 1.0. DARPA, Washington DC (2002)

    Google Scholar 

  12. Laverdiere, M., Mourad, A., Hanna, A., Debbabi, M.: Security design patterns: survey and evaluation. In: 2006 Canadian Conference on Electrical and Computer Engineering, pp. 1605–1608 (2006)

    Google Scholar 

  13. McAfee: Automotive Security Best Practices (2016). https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-automotive-security.pdf, Accessed 30 Jan 2020

  14. Munawar, H.S.: A pattern language for developing privacy enhancing technologies. Softw.: Pract. Exp. 43(7), 769–787 (2013)

    Google Scholar 

  15. NHTSA: Cybersecurity Best Practices for Modern Vehicles. Report DOT HS 812 333, National Highway Traffic Safety Administration (2016)

    Google Scholar 

  16. van der Sanden, B., Vasenev, A.: Architectural guidance in automotive for privacy and security: survey and classification. In: Annual IEEE International Systems Conference (SysCon) (IEEE SysCon 2020) (2020, accepted)

    Google Scholar 

  17. Schumacher, M., Fernandez, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Hoboken (2006)

    Google Scholar 

  18. Siljee, J.: Privacy transparency patterns. In: Proceedings of the 20th European Conference on Pattern Languages of Programs, pp. 1–11 (2015)

    Google Scholar 

  19. Vasenev, A., et al.: Practical security and privacy threat analysis in the automotive domain: long term support scenario for over-the-air updates. In: Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS 2019), pp. 550–555 (2019)

    Google Scholar 

  20. Weiss, M., Mouratidis, H.: Selecting security patterns that fulfill security requirements. In: 2008 16th IEEE International Requirements Engineering Conference, pp. 169–172 (2008)

    Google Scholar 

  21. Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inform. 5(5), 35–47 (2008)

    Article  Google Scholar 

Download references

Acknowlegements

This work has been partially funded by EU ECSEL Project SECREDAS. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 783119. The publication was written at VIRTUAL VEHICLE Research Center in Graz and partially funded by the COMET K2 – Competence Centers for Excellent Technologies Programme of the Federal Ministry for Transport, Innovation and Technology (bmvit), the Federal Ministry for Digital, Business and Enterprise (bmdw), the Austrian Research Promotion Agency (FFG), the Province of Styria and the Styrian Business Promotion Agency (SFG). We are also grateful to Netherlands Organization for Applied Scientific Research TNO for supporting this research.

Author information

Authors and Affiliations

  1. VIRTUAL VEHICLE, Graz, Austria

    Nadja Marko

  2. Joint Innovation Centre ESI (TNO), Eindhoven, The Netherlands

    Alexandr Vasenev

  3. AIT Austrian Institute of Technology, Vienna, Austria

    Christoph Striecks

Authors
  1. Nadja Marko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandr Vasenev
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoph Striecks
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nadja Marko .

Editor information

Editors and Affiliations

  1. University of Lisbon, Lisbon, Portugal

    António Casimiro

  2. Otto-von-Guericke University, Magdeburg, Germany

    Frank Ortmeier

  3. Austrian Institute of Technology, Vienna, Austria

    Erwin Schoitsch

  4. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

  5. University of Lisbon, Lisbon, Portugal

    Pedro Ferreira

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Marko, N., Vasenev, A., Striecks, C. (2020). Collecting and Classifying Security and Privacy Design Patterns for Connected Vehicles: SECREDAS Approach. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops. SAFECOMP 2020. Lecture Notes in Computer Science(), vol 12235. Springer, Cham. https://doi.org/10.1007/978-3-030-55583-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-55583-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-55582-5

  • Online ISBN: 978-3-030-55583-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation