Automation in automotive security by using attacker privileges
- Modern vehicles contain a large number of electronic information technology components which are increasingly connected to the outside world. This results in a higher risk for possible cyber attacks. To prevent such attacks, threat and risk analyses and comprehensive security tests are carried out during the development of a vehicle in order to identify and mitigate potential vulnerabilities. However, these processes are usually carried out manually. Due to the increasing complexity of modern vehicles, manual analysis and test methods reach their limits. For this reason, we present an approach of modeling attacker privileges which are used to automate the threat and risk analysis as well as the security testing process. Thereby, we illustrate how these privileges are applied to formalize a vehicle’s internal network. We use this formal model to generate attack trees and security test cases. Furthermore, we show the application of our approach on an exemplary vehicle network and illustrate how to derive attack trees by model checking techniques in an automated way.
Author: | Jürgen DürrwangORCiDGND, Florian SommerORCiDGND, Reiner KriestenGND |
---|---|
URN: | urn:nbn:de:hbz:294-83575 |
DOI: | https://doi.org/10.13154/294-8357 |
Parent Title (English): | 19\(^{th}\) escar Europe : The World's Leading Automotive Cyber Security Conference (Konferenzveröffentlichung) |
Document Type: | Part of a Book |
Language: | English |
Date of Publication (online): | 2021/09/29 |
Date of first Publication: | 2021/09/29 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | Attacker Privileges; Automation; Security Testing; Threat and Risk Analysis |
First Page: | 137 |
Last Page: | 152 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
Konferenz-/Sammelbände: | 19th escar Europe : The World's Leading Automotive Cyber Security Conference |
Licence (German): | Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |