Model-Based Security Evaluation of Vehicular Networking Architectures

In the design and development process of a new vehicle, different automotive networking architectures have to be assessed and compared. At present, these evaluations focus on aspects like performance or costs as a basis for decision. Although the increased connectivity of vehicles leads to an extended security-risk for the vehicle and road users, security aspects are currently not considered systematically in the development process due to a lack of appropriate methodical support. In this paper, we introduce a method for model-based security evaluation of in-vehicle network architectures that allows to systematically evaluate and compare the strengths and weaknesses of different vehicular network architectures at an early stage of the development life cycle. The method is based on a component-wise assessment of the security characteristics of the architecture and the integration of scores in a multi-dimensional architecture score.

[1]  Thomas Zurawka,et al.  Automotive Software Engineering: Principles, Processes, Methods, and Tools , 2005 .

[2]  William H. Sanders,et al.  Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.

[3]  Yung-Hsiang Lu,et al.  Image-based location awareness and navigation: who cares? , 2004, 6th IEEE Southwest Symposium on Image Analysis and Interpretation, 2004..

[4]  Rasool Jalili,et al.  Network Vulnerability Analysis Through Vulnerability Take-Grant Model (VTG) , 2005, ICICS.

[5]  Jana Dittmann,et al.  Future Perspectives: The Car and Its IP-Address - A Potential Safety and Security Risk Assessment , 2007, SAFECOMP.

[6]  Panagiotis Papadimitratos,et al.  Secure vehicular communication systems: implementation, performance, and research challenges , 2008, IEEE Communications Magazine.

[7]  Nicolas Navet,et al.  Trends in Automotive Communication Systems , 2005, Proceedings of the IEEE.

[8]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[9]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[10]  Marko Wolf Security Engineering For Vehicular It Systems , 2009 .

[11]  Alessandro Birolini Reliability Engineering: Theory and Practice , 1999 .

[12]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..