Abstract
Cybersecurity is given a prominent role in curbing risks encountered by novel technologies, specifically the case in the automotive domain, where the possibility of cyberattacks impacts vehicle operation and safety. The potential threats must be identified and mitigated to guarantee the flawless operation of the safety-critical systems. This paper presents a novel approach to identify security vulnerabilities in automotive architectures and automatically propose mitigation strategies using rule-based reasoning. The rules, encoded in ontologies, enable establishing clear relationships in the vast combinatorial space of possible security threats and related assets, security measures, and security requirements from the relevant standards. We evaluate our approach on a mixed-criticality platform, typically used to develop Autonomous Driving (AD) features, and provide a generalized threat model that serves as a baseline for threat analysis of proprietary AD architectures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Armengaud, E., Peischl, B., Priller, P., Veledar, O.: Automotive meets ICT—enabling the shift of value creation supported by European R&D. In: Langheim, J. (ed.) Electronic Components and Systems for Automotive Applications. LNM, pp. 45–55. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14156-1_4
Veledar, O.: New business models to realise benefits of the IoT technology within the automotive industry. Master’s thesis, WU Executive Academy (2019)
SAE J3016: Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles. Technical Report, SAE International (2018)
Shostack, A.: Threat Modeling: Designing for Security. Wiley (2014). OCLC: ocn855043351
ThreatGet: Threat analysis and risk management. https://www.threatget.com/. Accessed 9 Feb 2021
Microsoft Threat Modeling Tool. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 9 Feb 2021
ISA: The 62443 series of standards: industrial automation and control systems security (1–4) (2018)
ISO 15408: Information technology - security techniques - evaluation criteria for IT security Common Criteria - part 1: introduction and general model (2009)
Zhao, K., Ge, L.: A survey on the internet of things security. In: Ninth International Conference on Computational Intelligence and Security, pp. 663–667. IEEE (2013)
Veledar, O., et al.: Safety and security of IoT-based solutions for autonomous driving: architectural perspective (2019)
Burzio, G., Cordella, G.F., Colajanni, M., Marchetti, M., Stabili, D.: Cybersecurity of connected autonomous vehicles: a ranking based approach. In: 2018 International Conference of Electrical and Electronic Technologies for Automotive, pp. 1–6. IEEE (2018)
Shaaban, A.M., Schmittner, C., Gruber, T., Mohamed, A.B., Quirchmayr, G., Schikuta, E.: Ontology-based model for automotive security verification and validation. In: Proceedings of the 21st International Conference on Information Integration and Web-based Applications & Services, pp. 73–82 (2019)
Ruddle, A., Ward, D., Weyl, B., et al.: Security requirements for automotive on-board networks based on dark-side scenarios. EVITA Deliverable D 2(3) (2009)
Islam, M., et al.: Deliverable d1.1 needs and requirements. HEAVENS Project (2016)
Ma, Z., Schmittner, C.: Threat modeling for automotive security analysis. Adv. Sci. Technol. Lett. 139, 333–339 (2016)
Shaaban, A.M., Kristen, E., Schmittner, C.: Application of IEC 62443 for IoT components. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 214–223. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_19
Macher, G., Schmittner, C., Veledar, O., Brenner, E.: ISO/SAE DIS 21434 automotive cybersecurity standard - in a nutshell. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12235, pp. 123–135. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55583-2_9
Shevchenko, N.: Threat modeling: 12 available methods 2018. https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html. Accessed 26 Apr 2021
Souag, A., Salinesi, C., Wattiau, I., Mouratidis, H.: Using security and domain ontologies for security requirements analysis. In: 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops, pp. 101–107. IEEE (2013)
Magdy, A., Schmittner, C., Gruber, T., Baith Mohamed, A., Quirchmayr, G., Schikuta, R.: Ontology-based model for automotive security verification and validation. In: 21st International Conference on Information Integration and Web-Based Applications and Services, iiWAS 2019, December 2019
Bartsch, M., Bobel, A., Niehöfer, B., Wagner, M., Wahner, M.: OTP Protection profile of an automotive gateway (2020). https://unece.org/fileadmin/DAM/trans/doc/2020/wp29/WP29-181-10e.pdf
Enterprise Architect (2021). http://www.sparxsystems.com/. Accessed 4 Apr 2021
El Sadany, M., Schmittner, C., Kastner, W.: Assuring compliance with protection profiles with ThreatGet. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 62–73. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_5
Shaaban, A.M., Schmittner, C.: ThreatGet: new approach towards automotive security-by-design. In: 28th Interdisciplinary Information Management Talks, pp. 413–419 (2020)
Ontotext: What are ontologies? (2018). https://ontotext.com/knowledgehub/fundamentals/what-are-ontologies/. Accessed 19 Feb 2021
W3C Member: SWRL: a semantic web rule language (2004). https://www.w3.org/Submission/SWRL/. Accessed 26 Apr 2021
O’Connor, M.J.: SWRLAPI (2019). https://github.com/protegeproject/swrlapi. Accessed 8 Feb 2021
O’Connor, M.J.: Reasoner not yet wired up (2020). https://github.com/protegeproject/swrlapi/issues/65. Accessed 8 Feb 2021
O’Connor, M.J., Das, A.K.: SQWRL: a query language for OWL. In: OWLED, vol. 529 (2009)
Bücs, R.L., Lakshman, P., Weinstock, J.H., Walbroel, F., Leupers, R., Ascheid, G.: Fully virtual rapid ADAS prototyping via a joined multi-domain co-simulation ecosystem. In: VEHITS, pp. 59–69 (2018)
RazorMotion (2021). https://www.tttech-auto.com/products/automated-driving/razormotion-tttech-auto/. Accessed 8 Feb 2021
D’Amato, A., Pianese, C., Arsie, I., Armeni, S., Nesci, W., Peciarolo, A.: Development and on-board testing of an ADAS-based methodology to enhance cruise control features towards CO\(_2\) reduction. In: 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS), pp. 503–508. IEEE (2017)
International Organization for Standardization: ISO 26262:2018 road vehicles - functional safety (2018)
Acknowledgment
This work has received funding from the IoT4CPS and AFarCloud projects, under grant agreements No. 6112792 and No. 783221. The IoT4CPS is funded by the Austrian Research Promotion Agency (FFG) and the Austrian Federal Ministry for Transport, Innovation, and Technology (BMVIT), within the “ICT of the Future” project. AFarCloud is partially funded by the EC Horizon 2020 Programme, ECSEL JU, and the partner National Funding Authorities (for Austria, these are bmvit and FFG).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Shaaban, A.M., Jaksic, S., Veledar, O., Mauthner, T., Arnautovic, E., Schmittner, C. (2021). Rule-Based Threat Analysis and Mitigation for the Automotive Domain. In: Habli, I., Sujan, M., Gerasimou, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops. SAFECOMP 2021. Lecture Notes in Computer Science(), vol 12853. Springer, Cham. https://doi.org/10.1007/978-3-030-83906-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-83906-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83905-5
Online ISBN: 978-3-030-83906-2
eBook Packages: Computer ScienceComputer Science (R0)