Adapted Development Process for Security in Networked Automotive Systems

SAE International Journal of Passenger Cars - Electronic and Electrical Systems

Volumn 7, Issue 2, 2014, Pages 516-526

  Schmidt, Karsten ^a   Tröger, Peter ^b   Kroll, Hans Martin ^c   Bünger, Thomas ^b   Krueger, Florian ^d   Neuhaus, Christian ^b  

^a AUDI ELECTRONICS VENTURE GMBH   (Germany)

^b UNIVERSITY OF POTSDAM   (Germany)

^c FTM Technische Universität Maünchen   (Germany)

^d AUDI AG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMOBILE PARTS AND EQUIPMENT; AUTOMOTIVE ENGINEERING;

AUTOMOTIVE DESIGNS; AUTOMOTIVE SYSTEMS; CLOSED-WORLD ASSUMPTIONS; COMMUNICATION INTERFACE; DEVELOPMENT PROCESS; SECURITY ANALYSIS; SECURITY CHALLENGES; THREAT CLASSIFICATIONS;

VEHICLES;

EID: 84903379059     PISSN: 19464614     EISSN: 19464622     Source Type: Journal    
DOI: 10.4271/2014-01-0334     Document Type: Article

References (36)

1. Anderson, R., "Security Engineering: A Guide to Building Dependable Distributed Systems",. Wiley, 2 edition, 2008.
2. Arkin, B., Stender, S., McGraw, G., "Software penetration testing". Security & Privacy, IEEE, 3:84-87, 2005.
3. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr. C., "Basic concepts and taxonomy of dependable and secure computing", Dependable and Secure Computing, IEEE Transactions on, 1:11-33, 2004.
4. Burton, S., Likkei, J., Vembar P., Wolf, M., "Automotive functional safety = safety + security",. In First International Conference on Security of Internet of Things, pages 150-159, New York, NY, USA, 2012, ACM.
5. BYD Auto, "BYD's Two New Models and Three World-Class Technologies to Premiere at 2012 Beijing International Automotive Exhibition", http://www.energytrend.com/news/BYD_EV_20120419.html, April 2012.
6. Carlson, C., "Effective FMEAs: Achieving Safe, Reliable, and Economical Products and Processes Using Failure Mode and Effects Analysis". Quality and Reliability Engineering Series. Wiley, 2012.
7. Czerny, B., "System Security and System Safety Engineering: Differences and Similarities and a System Security Engineering Process Based on the ISO 26262 Process Framework," SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 6(1):349-359, 2013, doi:10.4271/2013-01-1419.
8. Denning, D., "A lattice model of secure information flow". Communications of the ACM, 19:236-243, 1976.
9. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M., "On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme", volume 5157 of Lecture Notes in Computer Science, pages 203-220. Springer Berlin Heidelberg, 2008.
10. Firesmith, D., "A taxonomy of security-related requirements", In International Workshop on High Assurance Systems, 2005.
11. Gansen, T., Wischhof, L., Ebner, A., "Car-2-X Challenges - Dreams and Nightmares" In Sevecom Workshop on Workshop on Results and Challenges Ahead for Vehicle Communication, Lausanne, 2008.
12. Ericson, C., "Fault Tree Analysis - A History", In 17th International System Safety Conference. System Safety Society, 1999.
13. International Organization for Standardization, Common Criteria for Information Technology Security Evaluation, Technical Report ISO 15408, September 2012.
14. International Organization for Standardization, Road vehicles - Functional safety, Technical Report ISO 26262, November 2011.
15. Jacobson, I., "Object-oriented software engineering: a use case driven approach". Pearson Education India, 1992.
16. Jajodia, S., Noel, S., O'Berry. B., "Topological analysis of network attack vulnerability", pages 247-266. Springer, 2005.
17. Jha, S., Sheyner, O., Wing, J., "Two formal analyses of attack graphs", In Computer Security Foundations Workshop, 2002. Proceedings. 15th IEEE, pages 49-63. IEEE, 2002.
18. Johnston, R., "Being Vulnerable to the Threat of Confusing Threats with Vulnerabilities", Viewpoint Paper. Journal of Physical Security, 4:30-34, 2010.
19. Karimi, R., Rasmussen, N., Wolf. L., "Qualitative and quantitative reliability analysis of safety systems", Technical Report MIT-EL 80-015, Energy Laboratory and Department of Nuclear Engineering, Massachusetts Institute of Technology, Cambridge, Massachusetts 02139, May 1980.
20. Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P., "Attack-Defense Trees", Journal of Logic and Computation, 2012.
21. Kroll, H.-M., Schmidt, K., Buschardt, B., Lienkamp, M., "Utilization of customer-relevant driving behavior for reliable friction potential estimation by scaling nonlinear tyre models", In 14th Stuttgart International Symposium Automotive and Engine Technology, Stuttgart, 2014. Stuttgarter Symposium.
22. Laprie, J. C., Avizienis, A., Kopetz, H., "Dependability: Basic Concepts and Terminology", Springer-Verlag, Secaucus, NJ, USA, 1992.
23. McDermott, J. "Attack net penetration testing", In 2000 workshop on New security paradigms, pages 15-21. ACM, 2001.
24. Meadows, C., "An outline of a taxonomy of computer security research and development", In New Security Paradigms Workshop: Proceedings on the 1992-1993 workshop on New security paradigms, volume 1993, pages 33-35, 1993.
25. Sabelfeld, A., Myers A.C., "Language-based information flow security", Selected Areas in Communications, IEEE Journal on, 21:5-19, 2003.
26. Schleiffer, C., Wolf, M., Weimerskirch, A., and Wolleschensky, L., "Secure Key Management - A Key Feature for Modern Vehicle Electronics," SAE Technical Paper 2013-01-1418, 2013, doi:10.4271/2013-01-1418.
27. Schneier, B., "Attack trees", Dr. Dobb's journal, 24:21-29, 1999.
28. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing. J., "Automated generation and analysis of attack graphs". In Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on, pages 273-284. IEEE, 2002.
29. Shostack, A., "Experiences threat modeling at Microsoft", In Modeling Security Workshop. Dept. of Computing, Lancaster University, UK, 2008.
30. Shostack, A., "Experiences Threat Modeling at Microsoft", In Workshop on Modeling Security, Toulouse, September 2008.
31. Sindre, G., Opdahl, A., "Eliciting security requirements with misuse cases", Requirements Engineering, 10:34-44, 2005.
32. Sutton, M., Greene, A., Amini P., "Fuzzing: brute force vulnerability discovery", Pearson Education, 2007.
33. Ward, D., Ibarra, I., and Ruddle, A., "Threat Analysis and Risk Assessment in Automotive Cyber Security," SAE Int. J. Passeng. Cars - Electron. Electr. Syst. 6(2):507-513, 2013, doi:10.4271/2013-01-1415.
34. Weimerskirch, A., "Do Vehicles Need Data Security?," SAE Technical Paper 2011-01-0040, 2011, doi:10.4271/2011-01-0040.
35. Weimerskirch, A., Wolf, M., and Wollinger, T., "Introduction to Vehicular Embedded Security," SAE Technical Paper 2009-01-0916, 2009, doi:10.4271/2009-01-0916.
36. Wolf, M. Scheibel, M., "A Systematic Approach to a Quantified Security Risk Analysis for Vehicular IT Systems", In Automotive - Safety & Security 2012, volume 210, pages 195-210. GI, November 2012.