Abdelkader Magdy Shaaban
ABSTRACT
Modern automobiles are considered semi-autonomous vehicles regarding new adaptive technologies. New cars consist of a vast number of electronic units for managing and controlling the functional safety in a vehicle. In the vehicular industry, safety and security are considered two sides for the same coin. Therefore, improving functional safety in the vehicular industry is essential to protect the vehicle from different attack scenarios. This work introduces an ontology-based model for security verification and validation in the vehicular domain. The model performs a series of logical quires and inference rules to ensure that the security requirements are fulfilled. It endeavors to enhance the current security state of a vehicle by selecting additional security requirements that can handle existence security weaknesses and meet the actual security goal.
- IEC 62443-3-1(TR): Industrial communication networks - network and system security - part 3-1: Security technologies for industrial automation and control systems. Technical Report.Google Scholar
- IEC 62443-3-3: Industrial communication networks - network and system security - part 3-3: System security requirements and security levels.Google Scholar
- ISO 15408, information technology - security techniques - evaluation criteria for IT security (common criteria).Google Scholar
- Abdelkader Magdy Shaaban, Christoph Schmittner, A. B. The design of a divide-and-conquer security framework for autonomous vehicles.Google Scholar
- AIT. Threatget - threat analysis and risk management. https://www.threatget.com, 2019. Acessed: 2019-10-20.Google Scholar
- Chakraborty, S., Al Faruque, M. A., Chang, W., Goswami, D., Wolf, M., and Zhu, Q. Automotive cyber-physical systems: A tutorial introduction. IEEE Design & Test 33, 4 (2016), 92--108.Google ScholarCross Ref
- Ekclhart, A., Fenz, S., Goluch, G., and Weippl, E. Ontological mapping of common criteria's security assurance requirements. In IFIP International Information Security Conference (2007), Springer, pp. 85--95.Google ScholarCross Ref
- Ekelhart, A., Fenz, S., Klemen, M., and Weippl, E. Security ontologies: Improving quantitative risk analysis. In 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07) (2007), IEEE, pp. 156a-156a.Google ScholarDigital Library
- El Sadany, M., Schmittner, C., and Kastner, W. Assuring compliance with protection profiles with threatget. In International Conference on Computer Safety, Reliability, and Security (2019), Springer, pp. 62--73.Google ScholarCross Ref
- Glas, B., Gramm, J., and Vembar, P. Towards an information security framework for the automotive domain. Automotive-Safety & Security 2014 (2015).Google Scholar
- Hernan, S., Lambert, S., Ostwald, T., and Shostack, A. Threat modeling-uncover security design flaws using the stride approach. MSDN Magazine-Louisville (2006), 68--75.Google Scholar
- KASTEBO, M., and NORDH, V. Model-based security testing in automotive industry. Master's thesis, Department of Computer Science and Engineering -UNIVERSITY OF GOTHENBURG, Gothenburg, Sweden, 2017.Google Scholar
- Lévy-Bencheton, C., Marinos, L., Mattioli, R., King, T., Dietzel, C., and Stumpf, J. Threat landscape and good practice guide for internet infrastructure. EU Agency for Network and Information Security (ENISA) (2015).Google Scholar
- Ma, Z., and Schmittner, C. Threat modeling for automotive security analysis.Google Scholar
- Macher, G., Armengaud, E., Brenner, E., and Kreiner, C. Threat and risk assessment methodologies in the automotive domain. Procedia computer science 83 (2016), 1288--1294.Google Scholar
- McAfee. Automotive security best practices. Tech. rep., McAfee, June 2016. Recommendations for security and privacy in the era of the next-generation car.Google Scholar
- Member, W. Swrl: A semantic web rule language. https://www.w3.org/Submission/SWRL/, 2004. Accessed: 2019-10-18.Google Scholar
- Miller, C., and Valasek, C. Adventures in automotive networks and control units. Def Con 21 (2013), 260--264.Google Scholar
- Miller, C., and Valasek, C. A survey of remote automotive attack surfaces. black hat USA 2014 (2014), 94.Google Scholar
- Mozzaquatro, B. A., Jardim-Goncalves, R., and Agostinho, C. Towards a reference ontology for security in the internet of things. In Measurements & Networking (M&N), 2015 IEEE International Workshop on (2015), IEEE, pp. 1--6.Google Scholar
- MUTSCHLER, A. S. Data storage issues grow for cars. https://semiengineering.com/data-issues-grow-for-cars/. Accessed: 19-10-2019.Google Scholar
- NASA. Your device has more computing power. https://www.nasa.gov/mission_pages/voyager/multimedia/vgrmemory.html. Accessed: 18.10.2019.Google Scholar
- NHTSA. Vehicle cybersecurity. https://www.nhtsa.gov/technologyinnovation/vehicle-cybersecurity. Accessed: 17.10.2019.Google Scholar
- O'Connor, M.J., and Das, A. K. Sqwrl: A query language for owl. In OWLED (2009), vol. 529.Google ScholarDigital Library
- Ramesh, R., Prabu, M., Magibalan, S., and Senthilkumar, P. Hazard identification and risk assessment in automotive industry. International Journal of ChemTech Research 10, 4 (2017), 352--358.Google Scholar
- Recommendation, W. Sparql query language for rdf. https://www.w3.org/TR/rdfsparql-query/. Accessed: 19.10.2019.Google Scholar
- Schikuta, E., Magdy, a., Haq, I. U., Mohamed, A. B., Pittl, B., and Mach, W. Searching the sky for neural networks. In International Work-Conference on Artificial Neural Networks (2017), Springer, pp. 167--178.Google ScholarCross Ref
- Schikuta, E., Magdy, A., and Mohamed, A. B. A framework for ontology based management of neural network as a service. In International Conference on Neural Information Processing (2016), Springer, pp. 236--243.Google ScholarCross Ref
- Schmittner, C., Gruber, T., Puschner, P., and Schoitsch, E. Security application of failure mode and effect analysis (fmea). In International Conference on Computer Safety, Reliability, and Security (2014), Springer, pp. 310--325.Google ScholarDigital Library
- Schmittner, C., Latzenhofer, M., Abdelkader Magdy, S., and Hofer, M. A proposal for a comprehensive automotive cybersecurity reference architecture. In VEHICULAR 2018, The Seventh International Conference on Advances in Vehicular Systems, Technologies and Applications (2018).Google Scholar
- Schoitsch, E., Schmittner, C., Ma, Z., and Gruber, T. The need for safety and cyber-security co-engineering and standardization for highly automated automotive vehicles. In Advanced Microsystems for Automotive Applications 2015. Springer, 2016, pp. 251--261.Google Scholar
- Sommer, F., Dürrwang, J., and Kriesten, R. Survey and classification of automotive security attacks. Information 10, 4 (2019), 148.Google ScholarCross Ref
- Souag, A., Salinesi, C., Mazo, R., and Comyn-Wattiau, I. A security ontology for security requirements elicitation. In International symposium on engineering secure software and systems (2015), Springer, pp. 157--177.Google ScholarCross Ref
- Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S., Tauber, M., and Delsing, J. Connected cars---threats, vulnerabilities and their impact. In 2018 IEEE Industrial Cyber-Physical Systems (ICPS) (2018), IEEE, pp. 375--380.Google ScholarCross Ref
Index Terms
- Ontology-Based Model for Automotive Security Verification and Validation
Recommendations
Elicitation of Security requirements for E-Health system by applying Model Oriented Security Requirements Engineering (MOSRE) Framework
CCSEIT '12: Proceedings of the Second International Conference on Computational Science, Engineering and Information TechnologyE-health is a health care system which is supported by electronic process and communication. The information that is kept in the system must be accurate. In case of false information, it may cause harm to human life. So this system needs more security ...
Effectiveness and performance analysis of model-oriented security requirements engineering to elicit security requirements: a systematic solution for developing secure software systems
Software systems are becoming more and more critical in every domain of human society. These systems are used not only by corporates and governments, but also by individuals and across networks of organizations. The wide use of software systems has ...
Theoretical analysis of security warnings in vehicles and design challenges for the evaluation of security warnings in virtual environments
IWDE '10: Proceedings of the First International Workshop on Digital EngineeringIn this paper, we present an approach for designing security warnings in vehicles for software based security incidents. With this we pursue the goal of reducing safety relevant component failures, which can be caused by manipulated or malicious ...
Comments