TY - GEN
T1 - Security analysis of automotive architectures using probabilistic model checking
AU - Mundhenk, Phil IPp
AU - Steinhorst, Sebastian
AU - Lukasiewycz, Martin
AU - Fahmy, Suhaib A.
AU - Chakraborty, Samarjit
N1 - Generated from Scopus record by KAUST IRTS on 2021-03-16
PY - 2015/1/1
Y1 - 2015/1/1
N2 - This paper proposes a novel approach to security analysis of automotive architectures at the system-level. With an increasing amount of software and connectedness of cars, security challenges are emerging in the automotive domain. Our proposed approach enables assessment of the security of architecture variants and can be used by decision makers in the design process. First, the automotive Electronic Control Units (ECUs) and networks are modelled at the system-level using parameters per component, including an exploitability score and patching rates that are derived from an automated or manual assessment. For any specific architecture variant, a Continuous-Time Markov Chain (CTMC) model is determined and analyzed in terms of confidentiality, integrity and availability, using probabilistic model checking. The introduced case study demonstrates the applicability of our approach, enabling, for instance, the exploration of parameters like patch rate targets for ECU manufacturers.
AB - This paper proposes a novel approach to security analysis of automotive architectures at the system-level. With an increasing amount of software and connectedness of cars, security challenges are emerging in the automotive domain. Our proposed approach enables assessment of the security of architecture variants and can be used by decision makers in the design process. First, the automotive Electronic Control Units (ECUs) and networks are modelled at the system-level using parameters per component, including an exploitability score and patching rates that are derived from an automated or manual assessment. For any specific architecture variant, a Continuous-Time Markov Chain (CTMC) model is determined and analyzed in terms of confidentiality, integrity and availability, using probabilistic model checking. The introduced case study demonstrates the applicability of our approach, enabling, for instance, the exploration of parameters like patch rate targets for ECU manufacturers.
UR - https://dl.acm.org/doi/10.1145/2744769.2744906
UR - http://www.scopus.com/inward/record.url?scp=84944128120&partnerID=8YFLogxK
U2 - 10.1145/2744769.2744906
DO - 10.1145/2744769.2744906
M3 - Conference contribution
SN - 9781450335201
BT - Proceedings - Design Automation Conference
PB - Institute of Electrical and Electronics Engineers Inc.
ER -