@inproceedings{icissp23_1, author = {Dantas, Yuri Gil and Nigam, Vivek and Sch{\"{o}}pp, Ulrich and Barner, Simon and Ke, Pei}, title = {Automating Vehicle SOA Threat Analysis using a Model-Based Methodology}, booktitle = {Proceedings of the 9th International Conference on Information Systems Security and Privacy (ICISSP)}, publisher = {SciTePress}, pages = {180-191}, year = {2023}, month = feb, abstract = {This article proposes automated methods for threat analysis using a model-based engineering methodology that provides precise guarantees with respect to safety goals. This is accomplished by proposing an intruder model for automotive SOA which together with the system architecture and the loss scenarios identified by safety analysis are used as input for computing assets, impact rating, damage/threat scenarios, and attack paths. To validate the proposed methodology, we developed a faithful model of the autonomous driving functions of the Apollo framework, a widely used open source autonomous driving stack. The proposed machinery automatically enumerates several attack paths on Apollo, including attack paths not reported in the literature.}, isbn = {978-989-758-624-8}, issn = {2184-4356}, doi = {10.5220/0011786400003405}, keywords = {automotive, threat analysis, service-oriented architectures, Apollo, automation, safe and secure-by-design, MbSE, Model-based Systems Engineering, AutoFOCUS3, AF3}, } @inproceedings{, author = {Huber, Michael M. and Brunner, Michael and Sauerwein, Clemens and C{\^{a}}rlan, Carmen and Breu, Ruth}, title = {Roadblocks on the Highway to Secure Cars: An Exploratory Survey on the Current Safety and Security Practice of the Automotive Industry}, booktitle = {Proceedings of the 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP 2018)}, publisher = {Springer}, series = {Lecture Notes in Computer Science}, volume = {11093}, pages = {157--171}, year = {2018}, abstract = {With various advances in technology, cars evolved to highly interconnected and complex Cyber-Physical Systems. Due to this development, the security of involved components and systems needs to be addressed in a rigorous way. The resulting necessity of combining safety and security aspects during the development processes has proven to be non-trivial due to the high interference between these aspects and their respective treatment. This paper discusses the results of an exploratory survey on how organizations from the automotive industry in the Euroregion tackle the challenge of integrating safety and security aspects during system development. The observed state of practice shows that there are significant deficits in the integration of both domains. The results of the exploratory survey enabled us to identify the most common challenges of realizing an integrated approach in a practical setting and discuss implications for future research.}, doi = {10.1007/978-3-319-99130-6_11}, keywords = {Automotive, Cyber-Physical Systems, Safety-Security Integration, Industrial survey, Model-based systems engineering, MbSE}, } @phdthesis{, author = {Becker, Klaus}, title = {Software Deployment Analysis for Mixed Reliability Automotive Systems}, publisher = {TU M{\"{u}}nchen}, year = {2017}, month = jun, organization = {TU M{\"{u}}nchen}, school = {TU M{\"{u}}nchen}, institution = {TU M{\"{u}}nchen}, abstract = {Safety critical systems require rising dependability due to increasing autonomy. Fault-tolerance is necessary, but failures may cause system resources to become insufficient to provide all intended functional features. We introduce an approach to formally analyze failure scenarios in mixed criticality systems, combined with the synthesis of valid deployments of software to hardware, incorporating adequate redundancy to address mixed reliability. Based on a formal system model, we provide a structural analysis of necessary degradations and failovers in failure scenarios, while ensuring the fulfillment of fail-operational requirements.}, keywords = {Fault Tolerance, Graceful Degradation, Fail-Operational, Dependability, Reliability, Mixed Criticality, Safety, Deployment, Redundancy, Synthesis, Automotive, Formal Methods, Model-based Systems Engineering, MbSE}, url = {http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:bvb:91-diss-20170726-1345914-1-1}, } @inproceedings{Prehofer:TTApfoC:2016, author = {Prehofer, Christian and Horst, Oliver and Dodi, Riccardo and Geven, Arjan and Kornaros, George and Montanari, Eleonora and Paolino, Michele}, title = {Towards Trusted Apps platforms for open {CPS}}, booktitle = {3rd International Workshop on Emerging Ideas and Trends in Engineering of Cyber-Physical Systems {(EITEC)}}, pages = {23--28}, year = {2016}, month = apr, owner = {horst}, abstract = {For many cyber-physical systems, there is a strong trend towards open systems, which can be extended during operation by instantly adding functionalities on demand. We discuss this trend in the context of automotive and medical systems. The goal of this paper is to elaborate the research challenges of new platforms for such open systems. A main problem is that such CPS apps shall be able to access and modify safety critical device internals. We present results of the TAPPS (Trusted Apps for open CPS) project, which develops an end-to-end solution for development and deployment of trusted apps. The main approach is to devise different execution environments for highly-trusted CPS apps. We present the architecture approach and its key components, and methods for CPS apps, including tool chain and development support.}, doi = {10.1109/EITEC.2016.7503692}, keywords = {cyber-physical systems;open systems;safety-critical software;CPS apps;TAPPS;automotive systems;cyberphysical systems;medical systems;open CPS;open systems;safety critical device internals;tool chain;trusted apps platforms;Automotive engineering;Computer architecture;Electronic mail;Hardware;Real-time systems;Security;Vehicles;architecture;cyber-physical-systems;open-source;real-time systems;trusted apps}, } @inproceedings{Buechel2015, author = {Buechel, Martin and Frtunikj, Jelena and Becker, Klaus and Sommer, Stephan and Buckl, Christian and Armbruster, Michael and Klein, Cornel and Marek, Andre and Zirkler, Andreas and Knoll, Alois}, title = {An Automated Electric Vehicle Prototype Showing New Trends in Automotive Architectures}, booktitle = {IEEE 18th International Conference on Intelligent Transportation Systems (ITSC)}, year = {2015}, location = {Las Palmas, Gran Canaria, Spain}, abstract = {The automotive domain is challenged by the increasing importance of Information Technology (IT) based functions. To show the possibilities of modern IT systems, a demonstrator car was developed in RACE (Robust and Reliant Automotive Computing Environment for Future eCars) based on a completely redesigned E/E architecture, which supports the integration of mixed-criticality components and offers features like Plug&Play. This paper presents the architecture and components of this vehicle prototype, which is equipped with modern systems such as Steer-by-Wire without mechanical fallback. It was designed to support future driver assistance systems, e.g. to carry out autonomous parking maneuvers onto an inductive charging station, a task, which is hard to achieve accurately enough for a human driver. Therefore, a special emphasis lies on the description of the sensor set for automated operation.}, doi = {10.1109/ITSC.2015.209}, keywords = {Automated Vehicles, automotive architecture, autonomous driving, electric vehicle, Vehicle Prototype, Model-based Systems Engineering, MbSE}, } @inproceedings{MK_IMBSA_2014, author = {Khalil, Maged and Prieto, Alejandro and H{\"{o}}lzl, Florian}, title = {A pattern-based approach towards the guided reuse of safety mechanisms in the automotive domain}, booktitle = {Proceedings of the International Symposium on Model-Based Safety and Assessment ({IMBSA} 2014)}, publisher = {Springer}, series = {LNCS}, volume = {8822}, pages = {137--151}, year = {2014}, abstract = {The reuse of architectural measures or safety mechanisms is widely-spread in practice, especially in well-understood domains, as is reusing the corresponding safety-case to document the fulfillment of the target safety goal(s). This seems to harmonize well with the fact that safety standards recommend (if not dictate) performing many analyses during the concept phase of development as well as the early adoption of multiple measures at the architectural design level. Yet this front-loading is hindered by the fact that safety argumentation is not well-integrated into architectural models in the automotive domain and as such does not support comprehensible and reproducible argumentation nor any evidence for argument correctness. The reuse is neither systematic nor adequate. Using a simplified description of safety mechanisms, we defined a pattern library capturing known solution algorithms and architectural measures/constraints in a seamless holistic model-based approach with corresponding tool support. Based on a meta-model encompassing both development artifacts and safety case elements, the pattern library encapsulates all the information necessary for reuse, which can then be integrated into existing development environments. This paper explores the model and the approach using an illustrative implementation example, along with the supporting workflow for the usage of the approach in both “designer” and “user” roles.}, doi = {10.1007/978-3-319-12214-4_11}, keywords = {Safety-critical systems, pattern-based design, architectures, safety cases, automotive, reuse, Model-based Systems Engineering, MbSE}, } @inproceedings{Diebold:2014:PRE:2601248.2601250, author = {Diebold, Philipp and Lampasona, Constanza and Zverlov, Sergey and Voss, Sebastian}, title = {Practitioners' and Researchers' Expectations on Design Space Exploration for Multicore Systems in the Automotive and Avionics Domains: A Survey}, booktitle = {Proceedings of the 18th International Conference on Evaluation and Assessment in Software Engineering}, publisher = {ACM}, series = {EASE '14}, pages = {1:1--1:10}, year = {2014}, address = {New York, NY, USA}, location = {London, England, United Kingdom}, abstract = {Background: The mobility domains are moving towards the adoption of multicore technology. Appropriate methods, techniques, and tools need to be developed or adapted in order to fulfill the existing requirements. This is a case for design space exploration methods and tools. Objective: Our goal was to understand the importance of different design space exploration goals with respect to their relevance, frequency of use, and tool support required in the development of multicore systems from the point of view of the ARAMiS project members. Our aim was to use the results to guide further work in the project. Method: We conducted a survey regarding the current state of the art in design space exploration in industry and research and collected the expectations of project members regarding design space exploration goals. Results: The results show that design space exploration is an important topic in industry as well as in research. It is used very often with different important goals to optimize the system. Conclusions: Current tools provide only partial solutions for design space exploration. Our results can be used for improving them and guiding their development according to the priorities explained in this contribution.}, isbn = {978-1-4503-2476-2}, doi = {10.1145/2601248.2601250}, keywords = {automotive, avionics, design space exploration, industry, multicore, research, Survey, Model-based Systems Engineering, MbSE}, }