Building an automotive security assurance case using systematic security evaluations

Cheah, Madeline; Shaikh, Siraj Ahmed; Bryans, Jeremy; Wooderson, Paul

doi:10.1016/j.cose.2018.04.008

Cited by 43 publications

(36 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The proposed approach requires very few configurations at the cloud side, and can be offered through the Security-as-a-Service paradigm. (Cheah et al, 2018) considered the automotive world, where cases are generated after evaluating the severity of threats. Threats are found through threat modeling and confirmed with a penetration testing.…”

Section: Comparison With Existing Solutionsmentioning

confidence: 99%

“…Although they provide outstanding benefits on the perceived trust, they lack of generality and cannot be easily adapted to current scenarios, where different services deployed on hybrid public and private infrastructures are composed at run time. Many of these solutions are in fact ad hoc (Cheah et al, 2018;Elsayed and Zulkernine, 2018), meaning they cannot handle a modern IT system as a whole. Moreover, existing assurance techniques, and corresponding frameworks, require some effort for being integrated with the target system, interfering with its normal operation (e.g., performance), and introducing not-negligible (monetary and business) costs.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems

Anisetti

Ardagna

Bena

et al. 2020

Proceedings of the 17th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

Security assurance provides a wealth of techniques to demonstrate that a target system holds some nonfunctional properties and behaves as expected. These techniques have been recently applied to the cloud ecosystem, while encountering some critical issues that reduced their benefit when hybrid systems, mixing public and private infrastructures, are considered. In this paper, we present a new assurance framework that evaluates the trustworthiness of hybrid systems, from traditional private networks to public clouds. It implements an assurance process that relies on a Virtual Private Network (VPN)-based solution to smoothly integrate with the target systems. The assurance process provides a transparent and non-invasive solution that does not interfere with the working of the target system. The performance of the framework have been experimentally evaluated in a simulated scenario.

show abstract

Section: Comparison With Existing Solutionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems

Anisetti

Ardagna

Bena

et al. 2020

Proceedings of the 17th International Joint Conference on E-Business and Telecommunications

View full text Add to dashboard Cite

show abstract

“…The presented approach has been applied by some automotive manufacturers and been proven by a few projects. An automotive testing and evaluation methodology is proposed and validated for the case study of automotive Bluetooth interface [90]. The testing is carried out based on the EVITA threat model and the attack trees after the analysis.…”

Section: Evitamentioning

confidence: 99%

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Hao

Han

2020

Future Internet

View full text Add to dashboard Cite

As the intelligent car-networking represents the new direction of the future vehicular development, automotive security plays an increasingly important role in the whole car industry chain. On condition that the accompanying problems of security are proofed, vehicles will provide more convenience while ensuring safety. Security models can be utilized as tools to rationalize the security of the automotive system and represent it in a structured manner. It is essential to improve the knowledge about security models by comparing them besides proposing new methods. This paper aims to give a comprehensive introduction to the topic of security models for the Intelligent Transport System (ITS). A survey of the current methodologies for security modeling is conducted and a classification scheme is subsequently proposed. Furthermore, the existing framework and methods to build automotive security models are broadly examined according to the features of automotive electronic system. A number of fundamental aspects are defined to compare the presented methods in order to comprehend the automotive security modeling in depth.

show abstract

“…The SAE refers to two security classification methods, which provide engineering process suggestions aligned to ISO 26262 (Martin et al, 2017;Salay et al, 2018) standard: HEAVENS (HEAling Vulnerabilities to ENhance Software security and safety) and EVITA (E-Safety Vehicle Intrusion Protected Applications) (Cheah et al, 2018). Now I will describe the EVITA method and define additional improvement suggestion in regard to its methodology.…”

Section: Classification Of Security Levelsmentioning

confidence: 99%

Novel Approaches to Evaluate the Ability of Vehicles for Secured Transportation

Kocsis

Vida

Szalay

et al. 2019

Period. Polytech. Transp. Eng.

View full text Add to dashboard Cite

The assurance of process safety plays an important role in the field of information technology. Securing the information has become one of the biggest challenges in the present day. Whenever we think about the protected systems the first thing that comes to our mind can be malicious interventions which are increasing immensely day by day. Nowadays we live the world of huge automotive developments with the appearance of the demand for autonomous vehicles. On the other hand, technological developments also provide a lot of advantages for the society. The benefits of autonomous cars include reduced mobility costs, increased safety, increased mobility, significant reduction of traffic collisions. However, it cannot be forgotten that the extension of cyberspace affects the transportation increasingly. Accordingly, cars are produced with high level of connectivity and automation. Therefore, the risks arriving from the cyberspace can now endanger the safe and secured transportation. These tendencies shall motivate manufacturers and developers to permanently improve the ability of vehicles to protect themselves and their passengers.

show abstract

Building an automotive security assurance case using systematic security evaluations

Cited by 43 publications

References 20 publications

Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems

Stay Thrifty, Stay Secure: A VPN-based Assurance Framework for Hybrid Systems

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Novel Approaches to Evaluate the Ability of Vehicles for Secured Transportation

Contact Info

Product

Resources

About