Skip to main content
SpringerLink
Log in

Rule-Based Threat Analysis and Mitigation for the Automotive Domain

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops (SAFECOMP 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 12853))

Included in the following conference series:

  • 1304 Accesses

Abstract

Cybersecurity is given a prominent role in curbing risks encountered by novel technologies, specifically the case in the automotive domain, where the possibility of cyberattacks impacts vehicle operation and safety. The potential threats must be identified and mitigated to guarantee the flawless operation of the safety-critical systems. This paper presents a novel approach to identify security vulnerabilities in automotive architectures and automatically propose mitigation strategies using rule-based reasoning. The rules, encoded in ontologies, enable establishing clear relationships in the vast combinatorial space of possible security threats and related assets, security measures, and security requirements from the relevant standards. We evaluate our approach on a mixed-criticality platform, typically used to develop Autonomous Driving (AD) features, and provide a generalized threat model that serves as a baseline for threat analysis of proprietary AD architectures.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.ait.ac.at/en/.

References

  1. Armengaud, E., Peischl, B., Priller, P., Veledar, O.: Automotive meets ICT—enabling the shift of value creation supported by European R&D. In: Langheim, J. (ed.) Electronic Components and Systems for Automotive Applications. LNM, pp. 45–55. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-14156-1_4

    Chapter  Google Scholar 

  2. Veledar, O.: New business models to realise benefits of the IoT technology within the automotive industry. Master’s thesis, WU Executive Academy (2019)

    Google Scholar 

  3. SAE J3016: Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles. Technical Report, SAE International (2018)

    Google Scholar 

  4. Shostack, A.: Threat Modeling: Designing for Security. Wiley (2014). OCLC: ocn855043351

    Google Scholar 

  5. ThreatGet: Threat analysis and risk management. https://www.threatget.com/. Accessed 9 Feb 2021

  6. Microsoft Threat Modeling Tool. https://www.microsoft.com/en-us/download/details.aspx?id=49168. Accessed 9 Feb 2021

  7. ISA: The 62443 series of standards: industrial automation and control systems security (1–4) (2018)

    Google Scholar 

  8. ISO 15408: Information technology - security techniques - evaluation criteria for IT security Common Criteria - part 1: introduction and general model (2009)

    Google Scholar 

  9. Zhao, K., Ge, L.: A survey on the internet of things security. In: Ninth International Conference on Computational Intelligence and Security, pp. 663–667. IEEE (2013)

    Google Scholar 

  10. Veledar, O., et al.: Safety and security of IoT-based solutions for autonomous driving: architectural perspective (2019)

    Google Scholar 

  11. Burzio, G., Cordella, G.F., Colajanni, M., Marchetti, M., Stabili, D.: Cybersecurity of connected autonomous vehicles: a ranking based approach. In: 2018 International Conference of Electrical and Electronic Technologies for Automotive, pp. 1–6. IEEE (2018)

    Google Scholar 

  12. Shaaban, A.M., Schmittner, C., Gruber, T., Mohamed, A.B., Quirchmayr, G., Schikuta, E.: Ontology-based model for automotive security verification and validation. In: Proceedings of the 21st International Conference on Information Integration and Web-based Applications & Services, pp. 73–82 (2019)

    Google Scholar 

  13. Ruddle, A., Ward, D., Weyl, B., et al.: Security requirements for automotive on-board networks based on dark-side scenarios. EVITA Deliverable D 2(3) (2009)

    Google Scholar 

  14. Islam, M., et al.: Deliverable d1.1 needs and requirements. HEAVENS Project (2016)

    Google Scholar 

  15. Ma, Z., Schmittner, C.: Threat modeling for automotive security analysis. Adv. Sci. Technol. Lett. 139, 333–339 (2016)

    Article  Google Scholar 

  16. Shaaban, A.M., Kristen, E., Schmittner, C.: Application of IEC 62443 for IoT components. In: Gallina, B., Skavhaug, A., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2018. LNCS, vol. 11094, pp. 214–223. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99229-7_19

    Chapter  Google Scholar 

  17. Macher, G., Schmittner, C., Veledar, O., Brenner, E.: ISO/SAE DIS 21434 automotive cybersecurity standard - in a nutshell. In: Casimiro, A., Ortmeier, F., Schoitsch, E., Bitsch, F., Ferreira, P. (eds.) SAFECOMP 2020. LNCS, vol. 12235, pp. 123–135. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-55583-2_9

    Chapter  Google Scholar 

  18. Shevchenko, N.: Threat modeling: 12 available methods 2018. https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html. Accessed 26 Apr 2021

  19. Souag, A., Salinesi, C., Wattiau, I., Mouratidis, H.: Using security and domain ontologies for security requirements analysis. In: 2013 IEEE 37th Annual Computer Software and Applications Conference Workshops, pp. 101–107. IEEE (2013)

    Google Scholar 

  20. Magdy, A., Schmittner, C., Gruber, T., Baith Mohamed, A., Quirchmayr, G., Schikuta, R.: Ontology-based model for automotive security verification and validation. In: 21st International Conference on Information Integration and Web-Based Applications and Services, iiWAS 2019, December 2019

    Google Scholar 

  21. Bartsch, M., Bobel, A., Niehöfer, B., Wagner, M., Wahner, M.: OTP Protection profile of an automotive gateway (2020). https://unece.org/fileadmin/DAM/trans/doc/2020/wp29/WP29-181-10e.pdf

  22. Enterprise Architect (2021). http://www.sparxsystems.com/. Accessed 4 Apr 2021

  23. El Sadany, M., Schmittner, C., Kastner, W.: Assuring compliance with protection profiles with ThreatGet. In: Romanovsky, A., Troubitsyna, E., Gashi, I., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2019. LNCS, vol. 11699, pp. 62–73. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26250-1_5

    Chapter  Google Scholar 

  24. Shaaban, A.M., Schmittner, C.: ThreatGet: new approach towards automotive security-by-design. In: 28th Interdisciplinary Information Management Talks, pp. 413–419 (2020)

    Google Scholar 

  25. Ontotext: What are ontologies? (2018). https://ontotext.com/knowledgehub/fundamentals/what-are-ontologies/. Accessed 19 Feb 2021

  26. W3C Member: SWRL: a semantic web rule language (2004). https://www.w3.org/Submission/SWRL/. Accessed 26 Apr 2021

  27. O’Connor, M.J.: SWRLAPI (2019). https://github.com/protegeproject/swrlapi. Accessed 8 Feb 2021

  28. O’Connor, M.J.: Reasoner not yet wired up (2020). https://github.com/protegeproject/swrlapi/issues/65. Accessed 8 Feb 2021

  29. O’Connor, M.J., Das, A.K.: SQWRL: a query language for OWL. In: OWLED, vol. 529 (2009)

    Google Scholar 

  30. Bücs, R.L., Lakshman, P., Weinstock, J.H., Walbroel, F., Leupers, R., Ascheid, G.: Fully virtual rapid ADAS prototyping via a joined multi-domain co-simulation ecosystem. In: VEHITS, pp. 59–69 (2018)

    Google Scholar 

  31. RazorMotion (2021). https://www.tttech-auto.com/products/automated-driving/razormotion-tttech-auto/. Accessed 8 Feb 2021

  32. D’Amato, A., Pianese, C., Arsie, I., Armeni, S., Nesci, W., Peciarolo, A.: Development and on-board testing of an ADAS-based methodology to enhance cruise control features towards CO\(_2\) reduction. In: 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS), pp. 503–508. IEEE (2017)

    Google Scholar 

  33. International Organization for Standardization: ISO 26262:2018 road vehicles - functional safety (2018)

    Google Scholar 

Download references

Acknowledgment

This work has received funding from the IoT4CPS and AFarCloud projects, under grant agreements No. 6112792 and No. 783221. The IoT4CPS is funded by the Austrian Research Promotion Agency (FFG) and the Austrian Federal Ministry for Transport, Innovation, and Technology (BMVIT), within the “ICT of the Future” project. AFarCloud is partially funded by the EC Horizon 2020 Programme, ECSEL JU, and the partner National Funding Authorities (for Austria, these are bmvit and FFG).

Author information

Authors and Affiliations

  1. AIT Austrian Institute of Technology GmbH, Vienna, Austria

    Abdelkader Magdy Shaaban, Stefan Jaksic & Christoph Schmittner

  2. AVL List GmbH, Graz, Austria

    Omar Veledar & Thomas Mauthner

  3. TTTech Computertechnik AG, Vienna, Austria

    Edin Arnautovic

Authors
  1. Abdelkader Magdy Shaaban
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefan Jaksic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Omar Veledar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Mauthner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Edin Arnautovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Christoph Schmittner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stefan Jaksic .

Editor information

Editors and Affiliations

  1. University of York, York, UK

    Ibrahim Habli

  2. Human Factors Everywhere Ltd., Woking, UK

    Mark Sujan

  3. University of York, York, UK

    Simos Gerasimou

  4. AIT Austrian Institute of Technology GmbH, Vienna, Austria

    Erwin Schoitsch

  5. Thales Deutschland GmbH, Ditzingen, Germany

    Friedemann Bitsch

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shaaban, A.M., Jaksic, S., Veledar, O., Mauthner, T., Arnautovic, E., Schmittner, C. (2021). Rule-Based Threat Analysis and Mitigation for the Automotive Domain. In: Habli, I., Sujan, M., Gerasimou, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2021 Workshops. SAFECOMP 2021. Lecture Notes in Computer Science(), vol 12853. Springer, Cham. https://doi.org/10.1007/978-3-030-83906-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-83906-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-83905-5

  • Online ISBN: 978-3-030-83906-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation