Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS)

DOI: http://dx.doi.org/10.15439/2024F5017

Citation: Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS), M. Bolanowski, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 39, pages 319–329 (2024)

Full text

Abstract. Rapid advances of connected and autonomous vehicle technology have led to an increase in cyber-attacks. This in turn has driven the development of the ISO 21434 standard aimed at supporting the management of cybersecurity risks in the automotive industry. There is, however, a disconnect between the standard and the currently applied model-based development approaches that are increasingly applied for systems and software development. In this paper, we present tool support created for model-based automotive cybersecurity engineering. This tool is built upon the existing automotive systems development language, EAST-ADL, with extensions to address security in accordance with the ISO 21434 standard covering modeling support, calculation of security-related metrics such as impact, risk, and attack feasibility, and generation of ISO 21434 compliant security threat reports. Meeting the requirements of cybersecurity engineeering according to ISO 21434 are demonstrated with two examples.

References

1. “ISO/SAE 21434:2021, Road vehicles – Cybersecurity engineering,” Aug. 2021, https://www.iso.org/standard/70918.html
2. J. Li, Y. Dong, S. Fang, H. Zhang, and D. Xu. 2020. “User Context Detection for Relay Attack Resistance in Passive Keyless Entry and Start System,” Sensors, vol. 20, no. 16, p. 4446, Aug. 2020, http://dx.doi.org/https://doi.org/10.3390/s20164446.
3. F. D. Garcia, D. Oswald, T. Kasper, and P. Pavlidès. 2016. “Lock it and still lose it – on the (In)Security of automotive remote keyless entry systems,” in 25th USENIX Security Symposium (USENIX Security 16), ser. SEC’16. Austin, TX, USA, Aug. 2016, pp. 929-944.
4. L. Wouters, E. Marin, T. Ashur, B. Gierlichs, and B. Preneel. 2019. “Fast, furious and insecure: Passive keyless entry and start systems in modern supercars,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2019, no. 3, pp. 66-85, https://doi.org/10.13154/tches.v2019.i3.66-85
5. Costantino, A. La Marra, F. Martinelli, and I. Matteucci. 2018. “Candy: A social engineering attack to leak information from infotainment system,” in 2018 IEEE 87th Vehicular Technology Conference (VTC Spring), pp. 1-5, https://doi.org/10.1109/VTCSpring.2018.8417879
6. H. Gustavsson, E. P. Enoiu and J. Carlson. 2022. "Model-Based System Engineering Adoption in the Vehicular Systems Domain," 2022 17th Conference on Computer Science and Intelligence Systems (FedCSIS), Sofia, Bulgaria, pp. 907-911, https://doi.org/10.15439/2022F47.
7. M. Broy, M. Feilkas, M. Herrmannsdoerfer, S. Merenda and D. Ratiu. 2010. "Seamless Model-Based Development: From Isolated Tools to Integrated Model Engineering Environments," in Proceedings of the IEEE, vol. 98, no. 4, pp. 526-545, https://doi.org/10.1109/JPROC.2009.2037771.
8. OMG. Unified modeling language specification version 2.5.1. 2017. https://www.omg.org/spec/UML/2.5.1/
9. OMG. Systems Modeling Language Specification version 1.6. 2019. https://www.omg.org/spec/SysML/1.6/
10. P. H. Feiler, D. P. Gluch and J. Hudak. 2006. “The Architecture Analysis & Design Language (AADL): An Introduction,” https://doi.org/10.1184/r1/6584909.v1
11. AUTOSAR: Enabling Continuous Innovations. 2024. https://www.autosar.org/
12. H. Blom, H. Lönn, F. Hagl, Y. Papadopoulos, M.-O. Reiser, C.-J. Sjöstedt, D.-J. Chen, F. Tagliabò, S. Torchiaro, S. Tucci et al. 2013. “EASTADL: An architecture description language for automotive software-intensive systems,” in Embedded Computing Systems: Applications, Optimization, and Advanced Design. IGI Global, pp. 456-470.
13. M. Bergler, J.-P. Tolvanen, M. Zoppelt, and R. Tavakoli Kolagari. 2021. “Social Engineering Exploits in Automotive Software Security: Modeling Human targeted Attacks with SAM,” 31st European Safety and Reliability Conference, ESREL 2021, Sep. 2021, pp. 2502-2509, https://dx.doi.org/10.3850/978-981-18-2016-8_720-cd
14. MetaCase. 2023. MetaEdit+ 5.5 User’s Guides, https://metacase.com/support/55/manuals/ (accessed May 2024)
15. J.-P. Tolvanen and S. Kelly. 2023. "Effort used to create domain-specific modeling languages," 21st ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, Oct. 2023, https:///doi.org/10.1145/3239372.3239410.
16. C. Jakobs, M. Werner, K. Schmidt and G. Hansch. 2022. "Heuristic Risk Treatment for ISO/SAE 21434 Development Projects," 2022 17th Conference on Computer Science and Intelligence Systems (FedCSIS), Sofia, Bulgaria, pp. 653-662, https:///doi.org/10.15439/2022F136.
17. M. Zoppelt and R. Tavakoli Kolagari. 2019. “SAM: A security abstraction model for automotive software systems,” in Security and Safety Interplay of Intelligent Software Systems, B. Hamid, B. Gallina, A. Shabtai, Y. Elovici, and J. Garcia-Alfaro, Eds. Cham: Springer International Publishing, pp. 59-74, https://doi.org/10.1007/978-3-030-16874-2
18. M. Bergler and R. Tavakoli-Kolagari. 2023. "Automotive Software Security Engineering based on the ISO 21434", in Proceedings of the 2023 5th World Symposium on Software Engineering. Association for Computing Machinery, New York, NY, USA, 17–26, https://doi.org/10.1145/3631991.3631994
19. J.-P. Tolvanen and S. Kelly. 2023. "Evaluating Tool Support for Co-Evolution of Modeling Languages, Tools and Models", 2023 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), https://doi.org/10.1109/models-c59198.2023.00144
20. Macher, C. Schmittner, O. Veledar, and E. Brenner. 2020. “ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell,” Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops, pp. 123–135, https://doi.org/10.1007/978-3-030-55583-2