Understanding Common Automotive Security Issues and Their Implications
Paper in proceeding, 2019

With increased connectivity of safety-critical systems such as vehicles and industrial control systems, the importance of secure software rises in lock-step. Even systems that are traditionally considered to be non safety-critical can become safety-critical if they are willfully manipulated. In this paper, we identify 8 important security issues of automotive software based on a conceptually simple yet interesting example. The issues encompass problems from the design phase, including requirements engineering, to the choice of concrete parameters for an API. We then investigate how these issues are perceived by automotive security experts through a survey.

The survey results indicate that the identified issues are indeed problematic in real industry use-cases. Based on the collected data, we draw conclusions which problems deserve further attention and how the problems can be addressed. In particular, we find that key distribution is a major issue. Finally, many of the identified issues can be addressed by improved documentation and access to security experts.

Automotive Application Development

Automotive Security

Expert Survey

Author

Aljoscha Lautenbach

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Magnus Almgren

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Tomas Olovsson

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11552 19-34
978-303016873-5 (ISBN)

The International Workshop on Interplay of Security, Safety and System/Software Architecture
Barcelona, Spain,

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA (2015-06894), 2016-04-01 -- 2019-03-31.

Resilient Information and Control Systems (RICS)

Swedish Civil Contingencies Agency (2015-828), 2015-09-01 -- 2020-08-31.

Areas of Advance

Information and Communication Technology

Transport

Subject Categories

Software Engineering

Computer Science

Computer Systems

DOI

10.1007/978-3-030-16874-2_2

More information

Latest update

12/14/2021