Building an automotive security assurance case using systematic security evaluations

Abstract Security testing and assurance in the automotive domain is challenging. This is predominantly due to the increase in the amount of software and the number of connective entry points in the modern vehicle. In this paper we build on earlier work by using a systematic security evaluation to enumerate undesirable behaviours, enabling the assignment of severity ratings in a (semi-) automated manner. We demonstrate this in two case studies; firstly with the native Bluetooth connection in an automotive head unit, and secondly with an aftermarket diagnostics device. We envisage that the resulting severity classifications would add weight to a security assurance case, both as evidence and as guidance for future test cases.

[1]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[2]  Alastair R. Ruddle,et al.  Towards a systematic security evaluation of the automotive Bluetooth interface , 2017, Veh. Commun..

[3]  Marko Wolf,et al.  Security Crash Test - Practical Security Evaluations of Automotive Onboard IT Components , 2014, Automotive - Safety & Security.

[4]  D. Ward,et al.  Automotive cyber-security integrity levels , 2016 .

[5]  John Paul Dunning,et al.  Taming the Blue Beast: A Survey of Bluetooth Based Threats , 2010, IEEE Security & Privacy.

[6]  Ashutosh Tiwari,et al.  An analysis of supply chain issues relating to information flow during the automotive product development , 2015 .

[7]  Srivaths Ravi,et al.  Security in embedded systems: Design challenges , 2004, TECS.

[8]  M. Ufuk Çaglayan,et al.  Relay Attacks on Bluetooth Authentication and Solutions , 2004, ISCIS.

[9]  Muhammad Sabir Idrees A framework towards the efficient identification and modeling of security requirements , 2010 .

[10]  Tobias Hoppe,et al.  Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats , 2009, SAFECOMP.

[11]  Manfred Broy,et al.  Software Engineering for Automotive Systems: A Roadmap , 2007, Future of Software Engineering (FOSE '07).

[12]  Richard F. Paige,et al.  Fault trees for security system design and analysis , 2003, Comput. Secur..

[13]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[14]  Tadayoshi Kohno,et al.  Automobile Driver Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[15]  K. Hypponen,et al.  Man-In-The-Middle attacks on bluetooth: a comparative analysis, a novel attack, and countermeasures , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[16]  Yanguo Liu,et al.  Systematic Security Analysis for Service-Oriented Software Architectures , 2007 .

[17]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[18]  Tomas Olovsson,et al.  A Risk Assessment Framework for Automotive Embedded Systems , 2016, CPSS@AsiaCCS.

[19]  Flavio D. Garcia,et al.  Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[20]  Jürgen Großmann,et al.  Model-Based Security Testing , 2012, MBT.

[21]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[22]  Antonia Bertolino,et al.  Software Testing Research: Achievements, Challenges, Dreams , 2007, Future of Software Engineering (FOSE '07).

[23]  Don D. Ratnayaka CHAPTER 13 – System Design and Analysis , 2009 .

[24]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[25]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[26]  Andrew C. Simpson,et al.  Formal models for automotive systems and vehicular networks: Benefits and challenges , 2016, 2016 IEEE Vehicular Networking Conference (VNC).

[27]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.