Skip to main content
SpringerLink
Log in

SAM: A Security Abstraction Model for Automotive Software Systems

  • Conference paper
  • First Online:
Security and Safety Interplay of Intelligent Software Systems (CSITS 2018, ISSA 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11552))

Abstract

Due to the emergence of (semi-)autonomous vehicles and networked technologies in the automotive domain, the development of secure and reliable vehicles plays an increasingly important role in the protection of road users. Safe and secure road transport is a major societal and political objective, which is substantiated by the concrete goal of the European Commission to “move close to zero fatalities in road transport” (White Paper of the European Commission Roadmap to a Single European Transport Area—Towards a competitive and resource efficient transport system, 2011, page 10.) within the next three decades. One historically often neglected aspect of this objective in automotive system development is security, i.e., freedom from maliciously implemented threats. In the automotive software industry, model-based engineering is the current state of the practice. Instead of integrating security into the entire system development process, it currently tends to be an afterthought. Because of the tight interdependencies and integration of components, the consequences of gaping security flaws are grave. The contribution of this paper is a secure modeling approach enabling the automotive engineer to analyze the software system in the context of industrial model-based engineering in an early phase. The security modeling language specification is presented as a proposed annex to the relevant industry standard EAST-ADL, and therefore offers a common modeling approach for architectural and security aspects. All security extensions are in line with this standard and its meta level, which is shared with AUTOSAR. The security modeling language specification is demonstrated in a small modeling example, along with a formal evaluation which applies the Grounded Theory method to a set of expert interviews, showing that it is comprehensive and embraces even non-standardized pertinent research.

Supported by the ZD.B and the BayWISS Consortium Digitization.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.aadl.info.

  2. 2.

    https://github.com/MarkusZoppelt/SAM.

  3. 3.

    http://www.in.th-nuernberg.de/SAM.

  4. 4.

    https://www.in.th-nuernberg.de/Professors/AS2E/SAM/GT-Eval.pdf.

References

  1. AUTOSAR: Enabling Continuous Innovations (2018). https://www.autosar.org/

  2. AUTOSAR AP Release 17–10: Requirements on Security Management for Adaptive Platform. https://www.autosar.org/fileadmin/user_upload/standards/adaptive/17-10/AUTOSAR_RS_SecurityManagement.pdf

  3. Bißmeyer, N., et al.: PREparing SEcuRe VEhicle-to-X Communication Systems - Deliverable 1.3 - V2X Security Architecture v2 (2014)

    Google Scholar 

  4. Blom, H., et al.: EAST-ADL-an architecture description language for automotive software-intensive systems-white paper version 2.1.12. http://www.maenad.eu/public/conceptpresentations/EAST-ADL_WhitePaper_M2. Accessed Jan 2013

  5. Chen, M., Qian, Y., Mao, S., Tang, W., Yang, X.: Software-defined mobile networks security. Mob. Netw. Appl. 21(5), 729–743 (2016)

    Article  Google Scholar 

  6. Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Socio-technical Aspects in Security and Trust (STAST), pp. 1–8. IEEE (2011). https://doi.org/10.1109/STAST.2011.6059249

  7. Glaser, B.G., Strauss, A.L., Strutzel, E.: The discovery of grounded theory; strategies for qualitative research. Nurs. Res. 17(4), 364 (1968)

    Article  Google Scholar 

  8. Happel, A., Ebert, C.: Security in vehicle networks of connected cars. In: Bargende, M., Reuss, H.C., Wiedemann, J. (eds.) 15. Internationales Stuttgarter Symposium: Automobil- und Motorentechnik (March), pp. 233–246. Springer, Wiesbaden (2015). https://doi.org/10.1007/978-3-658-08844-6_16

    Chapter  Google Scholar 

  9. Haskins, C., Forsberg, K., Krueger, M., Walden, D., Hamelin, D.: Systems engineering handbook. In: INCOSE (2006)

    Google Scholar 

  10. Henniger, O., Apvrille, L., Fuchs, A., Roudier, Y., Ruddle, A., Weyl, B.: Security requirements for automotive on-board networks. In: 2009 9th International Conference on Intelligent Transport Systems Telecommunications, ITST 2009, pp. 641–646. IEEE (2009). https://doi.org/10.1109/ITST.2009.5399279

  11. Holm, H., Ekstedt, M., Sommestad, T., Korman, M.: A Manual for the Cyber Security Modeling Language (2014)

    Google Scholar 

  12. International Organization for Standardization: Road vehicles - functional safety - Part 2: Management of functional safety. International Organization for Standardization 066(20), 26 (2009)

    Google Scholar 

  13. ISO/IEC: ISO/IEC 15408–1:2009 - Evaluation Criteria for IT Security 2009, 64 (2009)

    Google Scholar 

  14. Johansson, C., Bucanac, C.: The V-Model. IDE, University Of Karlskrona, Ronneby (1999)

    Google Scholar 

  15. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45800-X_32

    Chapter  MATH  Google Scholar 

  16. Lee, J., Bagheri, B., Kao, H.A.: A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manuf. Lett. 3, 18–23 (2015)

    Article  Google Scholar 

  17. Macher, G., Höller, A., Sporer, H., Armengaud, E., Kreiner, C.: A combined safety-hazards and security-threat analysis method for automotive systems. In: Koornneef, F., van Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 237–250. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24249-1_21

    Chapter  Google Scholar 

  18. Mash, C.: Ethernet set to bring about radical shift in how automotive networks are implemented, January 2018. http://www.digitimes.com/news/a20180115PR203.html

  19. Mell, P., Scarfone, K., Romanosky, S.: A complete guide to the common vulnerability scoring system version 2.0. In: Published by FIRST-Forum of Incident Response and Security Teams, vol. 1, p. 23 (2007)

    Google Scholar 

  20. Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Defcon 22, 1–90 (2014)

    Google Scholar 

  21. Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Softw. Eng. Knowl. Eng. 17(02), 285–309 (2007). https://doi.org/10.1142/S0218194007003240

    Article  Google Scholar 

  22. Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study (2017). https://doi.org/10.1016/j.infsof.2016.11.004

  23. Palanca, A., Evenchick, E., Maggi, F., Zanero, S.: A stealth, selective, link-layer denial-of-service attack against automotive networks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 185–206. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-60876-1_9

    Chapter  Google Scholar 

  24. Rao, K.R.M., Pant, D.: A threat risk modeling framework for Geospatial Weather Information System (GWIS): a DREAD based study. Int. J. Adv. Comput. Sci. Appl. 1(3) (2010)

    Google Scholar 

  25. Ross, R., McEvilley, M., Carrier Oren, J.: Systems security engineering: considerations for a multidisciplinary approach in the engineering of trustworthy secure systems, vol. 160, November 2016. https://doi.org/10.6028/NIST.SP.800-160. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf

  26. Sandelin, A., Alkema, W., Engström, P., Wasserman, W.W., Lenhard, B.: JASPAR: an open-access database for eukaryotic transcription factor binding profiles. Nucleic Acids Res. 32(Suppl. 1), D91–D94 (2004)

    Article  Google Scholar 

  27. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  28. Smith, C., Francisco, S.: The Car Hacker’s Handbook a Guide for the Penetration Tester About the Contributing Author About the Technical Reviewer (2016)

    Google Scholar 

  29. Thing, V.L., Wu, J.: Autonomous vehicle security: a taxonomy of attacks and defences. In: Proceedings - 2016 IEEE International Conference on Internet of Things; IEEE Green Computing and Communications; IEEE Cyber, Physical, and Social Computing; IEEE Smart Data, iThings-GreenCom-CPSCom-Smart Data 2016, pp. 164–170 (2017). https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2016.52

  30. Tuohy, S., Glavin, M., Hughes, C., Jones, E., Trivedi, M., Kilmartin, L.: Intra-vehicle networks: a review (2015). https://doi.org/10.1109/TITS.2014.2320605

  31. Valasek, C., Miller, C.: Adventures in automotive networks and control units. Technical White Paper, vol. 21, p. 99 (2013)

    Google Scholar 

  32. Van Tilborg, H.C.A., Jajodia, S.: Encyclopedia of Cryptography and Security. Springer, New York (2014)

    MATH  Google Scholar 

  33. Zeng, W., Khalid, M.A., Chowdhury, S.: In-vehicle networks outlook: achievements and challenges. IEEE Commun. Surv. Tutor. 18(3), 1552–1571 (2016). https://doi.org/10.1109/COMST.2016.2521642

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nuremberg Institute of Technology, Nuremberg, Germany

    Markus Zoppelt & Ramin Tavakoli Kolagari

Authors
  1. Markus Zoppelt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ramin Tavakoli Kolagari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Markus Zoppelt or Ramin Tavakoli Kolagari .

Editor information

Editors and Affiliations

  1. University of Toulouse, Toulouse, France

    Brahim Hamid

  2. Mälardalen University, Västerås, Sweden

    Barbara Gallina

  3. Ben-Gurion University, Beer-Sheva, Israel

    Asaf Shabtai

  4. Ben-Gurion University, Beer-Sheva, Israel

    Yuval Elovici

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zoppelt, M., Tavakoli Kolagari, R. (2019). SAM: A Security Abstraction Model for Automotive Software Systems. In: Hamid, B., Gallina, B., Shabtai, A., Elovici, Y., Garcia-Alfaro, J. (eds) Security and Safety Interplay of Intelligent Software Systems. CSITS ISSA 2018 2018. Lecture Notes in Computer Science(), vol 11552. Springer, Cham. https://doi.org/10.1007/978-3-030-16874-2_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-16874-2_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-16873-5

  • Online ISBN: 978-3-030-16874-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation