TY - GEN
T1 - Security analysis of automotive architectures using probabilistic model checking
AU - Mundhenk, Phil IPp
AU - Steinhorst, Sebastian
AU - Lukasiewycz, Martin
AU - Fahmy, Suhaib A.
AU - Chakraborty, Samarjit
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/7/24
Y1 - 2015/7/24
N2 - This paper proposes a novel approach to security analysis of automotive architectures at the system-level. With an increasing amount of software and connectedness of cars, security challenges are emerging in the automotive domain. Our proposed approach enables assessment of the security of architecture variants and can be used by decision makers in the design process. First, the automotive Electronic Control Units (ECUs) and networks are modelled at the system-level using parameters per component, including an exploitability score and patching rates that are derived from an automated or manual assessment. For any specific architecture variant, a Continuous-Time Markov Chain (CTMC) model is determined and analyzed in terms of confidentiality, integrity and availability, using probabilistic model checking. The introduced case study demonstrates the applicability of our approach, enabling, for instance, the exploration of parameters like patch rate targets for ECU manufacturers.
AB - This paper proposes a novel approach to security analysis of automotive architectures at the system-level. With an increasing amount of software and connectedness of cars, security challenges are emerging in the automotive domain. Our proposed approach enables assessment of the security of architecture variants and can be used by decision makers in the design process. First, the automotive Electronic Control Units (ECUs) and networks are modelled at the system-level using parameters per component, including an exploitability score and patching rates that are derived from an automated or manual assessment. For any specific architecture variant, a Continuous-Time Markov Chain (CTMC) model is determined and analyzed in terms of confidentiality, integrity and availability, using probabilistic model checking. The introduced case study demonstrates the applicability of our approach, enabling, for instance, the exploration of parameters like patch rate targets for ECU manufacturers.
KW - Automotive
KW - Model checking
KW - Networks
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84944128120&partnerID=8YFLogxK
U2 - 10.1145/2744769.2744906
DO - 10.1145/2744769.2744906
M3 - Conference contribution
AN - SCOPUS:84944128120
T3 - Proceedings - Design Automation Conference
BT - 2015 52nd ACM/EDAC/IEEE Design Automation Conference, DAC 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 52nd ACM/EDAC/IEEE Design Automation Conference, DAC 2015
Y2 - 8 June 2015 through 12 June 2015
ER -