Building an automotive security assurance case using systematic security evaluations

Madeline Cheah, Siraj Shaikh, Jeremy Bryans, Paul Wooderson

    Research output: Contribution to journalArticlepeer-review

    37 Citations (Scopus)
    1009 Downloads (Pure)

    Abstract

    Security testing and assurance in the automotive domain is challenging. This is predominantly due to the increase in the amount of software and the number of connective entry points in the modern vehicle. In this paper we build on earlier work by using a systematic security evaluation to enumerate undesirable behaviours, enabling the assignment of severity ratings in a (semi-) automated manner. We demonstrate this in two case studies; firstly with the native Bluetooth connection in an automotive head unit, and secondly with an aftermarket diagnostics device. We envisage that the resulting severity classifications would add weight to a security assurance case, both as evidence and as guidance for future test cases.
    Original languageEnglish
    Pages (from-to)360-379
    Number of pages20
    JournalComputers and Security
    Volume77
    Early online date13 Apr 2018
    DOIs
    Publication statusPublished - Aug 2018

    Bibliographical note

    NOTICE: this is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security. Vol 77,(2018), DOI: 10.1016/j.cose.2018.04.008

    © 2017, Elsevier. Licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International http://creativecommons.org/licenses/by-nc-nd/4.0/

    Keywords

    • Automotive
    • Bluetooth
    • Cybersecurity
    • Security assurance
    • Penetration testing

    Fingerprint

    Dive into the research topics of 'Building an automotive security assurance case using systematic security evaluations'. Together they form a unique fingerprint.

    Cite this