Building an automotive security assurance case using systematic security evaluations

Building an automotive security assurance case using systematic security evaluations

Security testing and assurance in the automotive domain is challenging. This is predominantly due to the increase in the amount of software and the number of connective entry points in the modern vehicle. In this paper we build on earlier work by using a systematic security evaluation to enumerate u...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2018-08, Vol.77, p.360-379
Hauptverfasser: Cheah, Madeline, Shaikh, Siraj A., Bryans, Jeremy, Wooderson, Paul
Format: Artikel
Sprache:eng
Schlagworte:
Assurance
Automotive
Automotive electronics
Bluetooth
Cybersecurity
Fuel consumption
Penetration testing
Security
Security assurance
Software
Software engineering
URLs
Weight
Wireless communications
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Security testing and assurance in the automotive domain is challenging. This is predominantly due to the increase in the amount of software and the number of connective entry points in the modern vehicle. In this paper we build on earlier work by using a systematic security evaluation to enumerate undesirable behaviours, enabling the assignment of severity ratings in a (semi-) automated manner. We demonstrate this in two case studies; firstly with the native Bluetooth connection in an automotive head unit, and secondly with an aftermarket diagnostics device. We envisage that the resulting severity classifications would add weight to a security assurance case, both as evidence and as guidance for future test cases.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2018.04.008