Skip to main content
SpringerLink
Log in

Efficient Attack Forest Construction for Automotive On-board Networks

  • Conference paper
Information Security (ISC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8783))

Included in the following conference series:

Abstract

Software-intensive, modern vehicles comprise about 100 computers, which allow a plethora of attack combinations. This paper proposes an efficient attack forest construction method for a vehicle’s on-board network security evaluation, based on our system model, and predictions about attractiveness, exploitability, and attackers. We compiled various vehicle development databases and documents to a homogeneous system model. Our algorithm implementation can construct attack forests with typically sized system models usually within a few minutes and with an asymptotic, computational complexity of O(n * log(n)). Attack forests are a foundation for further security analysis and evaluation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ablon, L., Libicki, M.C., Golay, A.A.: Markets for cybercrime tools and stolen data. Technical Report RR-610-JNI, RAND National Security Research Divison (2014)

    Google Scholar 

  2. BSI. IT-Grundschutz-Kataloge. 13. Ergänzungslieferung (September 2013)

    Google Scholar 

  3. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 2011 Usenix Security (2011)

    Google Scholar 

  4. Damm, W., Achatz, R., Beetz, K., Broy, M., Daembkes, H., Grimm, K., Liggesmeyer, P.: Nationale roadmap embedded systems. In: Broy, M. (ed.) Cyber-Physical Systems. acatech DISKUTIERT, pp. 67–136. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  5. Evans, S., Wallner, J.: Risk-based security engineering through the eyes of the adversary. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, pp. 158–165 (June 2005)

    Google Scholar 

  6. Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. Journal of Systems and Software 81(8), 1327–1345 (2008)

    Article  Google Scholar 

  7. Hart, P.E., Nilsson, N.J., Raphael, B.: A formal basis for the heuristic determination of minimum cost paths. IEEE Transactions on Systems Science and Cybernetics 4(2), 100–107 (1968)

    Article  Google Scholar 

  8. Juniper Networks, Inc. Juniper networks third annual mobile threats report - March 2012 through March 2013 (June 2013)

    Google Scholar 

  9. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (May 2010)

    Google Scholar 

  10. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-based evaluation: from dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1), 48–65 (2004)

    Article  Google Scholar 

  12. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 336–345 (2006)

    Google Scholar 

  13. Roschke, S., Cheng, F., Schuppenies, R., Meinel, C.: Towards unifying vulnerability information for attack graph construction. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 218–233. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  14. Schechter, S.E.: Toward econometric models of the security risk from remote attacks. IEEE Security Privacy 3(1), 40–44 (2005)

    Article  Google Scholar 

  15. Schneier, B.: Attack trees. Dr. Dobb’s Journal of Software Tools, 21–22, 24, 26, 28–29 (1999)

    Google Scholar 

  16. Schneier, B.: Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons (March 2004)

    Google Scholar 

  17. Schneier, B.: The importance of security engineering. IEEE Security Privacy 10(5), 88–88 (2012)

    Article  Google Scholar 

  18. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, SP 2002, pp. 273–284. IEEE Computer Society, Washington, DC (2002)

    Chapter  Google Scholar 

  19. Sheyner, O.M.: Scenario graphs and attack graphs. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA, AAI3126929 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. BMW Forschung und Technik GmbH, Munich, Germany

    Martin Salfer & Hendrik Schweppe

  2. Technische Universität München, Germany

    Claudia Eckert

Authors
  1. Martin Salfer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hendrik Schweppe
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudia Eckert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Engineering, Chinese University of Hong Kong, Room 808, Ho Sin Hang Engineering Building, Sha Tin, N.T., Hong Kong, China

    Sherman S. M. Chow

  2. IBM Research Zurich, Säumerstrasse 4, 8803, Rüschlikon, Switzerland

    Jan Camenisch

  3. Department of Computer Science, The University of Hong Kong, Chow Yei Ching Building, Pokfulam Road, Hong Kong, China

    Lucas C. K. Hui  & Siu Ming Yiu  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Salfer, M., Schweppe, H., Eckert, C. (2014). Efficient Attack Forest Construction for Automotive On-board Networks. In: Chow, S.S.M., Camenisch, J., Hui, L.C.K., Yiu, S.M. (eds) Information Security. ISC 2014. Lecture Notes in Computer Science, vol 8783. Springer, Cham. https://doi.org/10.1007/978-3-319-13257-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13257-0_27

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13256-3

  • Online ISBN: 978-3-319-13257-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation