TY - GEN
T1 - Attack graph-based assessment of exploitability risks in automotive on-board networks
AU - Salfer, Martin
AU - Eckert, Claudia
N1 - Publisher Copyright:
© 2018 Copyright held by the owner/author(s).
PY - 2018/8/27
Y1 - 2018/8/27
N2 - High-end vehicles incorporate about one hundred computers; physical and virtualized ones; self-driving vehicles even more. This allows a plethora of attack combinations. This paper demonstrates how to assess exploitability risks of vehicular on-board networks via automatically generated and analyzed attack graphs. Our stochastic model and algorithm combine all possible attack vectors and consider attacker resources more efficiently than Bayesian networks. We designed and implemented an algorithm that assesses a compilation of real vehicle development documents within only two CPU minutes, using an average of about 100 MB RAM. Our proof of concept “Security Analyzer for Exploitability Risks” (SAlfER) is 200 to 5 000 times faster and 40 to 200 times more memory-efficient than an implementation with UnBBayes1. Our approach aids vehicle development by automatically re-checking the architecture for attack combinations that may have been enabled by mistake and which are not trivial to spot by the human developer. Our approach is intended for and relevant for industrial application. Our research is part of a collaboration with a globally operating automotive manufacturer and is aimed at supporting the security of autonomous, connected, electrified, and shared vehicles.
AB - High-end vehicles incorporate about one hundred computers; physical and virtualized ones; self-driving vehicles even more. This allows a plethora of attack combinations. This paper demonstrates how to assess exploitability risks of vehicular on-board networks via automatically generated and analyzed attack graphs. Our stochastic model and algorithm combine all possible attack vectors and consider attacker resources more efficiently than Bayesian networks. We designed and implemented an algorithm that assesses a compilation of real vehicle development documents within only two CPU minutes, using an average of about 100 MB RAM. Our proof of concept “Security Analyzer for Exploitability Risks” (SAlfER) is 200 to 5 000 times faster and 40 to 200 times more memory-efficient than an implementation with UnBBayes1. Our approach aids vehicle development by automatically re-checking the architecture for attack combinations that may have been enabled by mistake and which are not trivial to spot by the human developer. Our approach is intended for and relevant for industrial application. Our research is part of a collaboration with a globally operating automotive manufacturer and is aimed at supporting the security of autonomous, connected, electrified, and shared vehicles.
KW - Attack graph construction
KW - Network hardening
KW - Probabilistic model
KW - Security evaluation
KW - Vehicle security
KW - Vulnerability assessment
UR - http://www.scopus.com/inward/record.url?scp=85055255854&partnerID=8YFLogxK
U2 - 10.1145/3230833.3230851
DO - 10.1145/3230833.3230851
M3 - Conference contribution
AN - SCOPUS:85055255854
T3 - ACM International Conference Proceeding Series
BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security
PB - Association for Computing Machinery
T2 - 13th International Conference on Availability, Reliability and Security, ARES 2018
Y2 - 27 August 2018 through 30 August 2018
ER -
