Understanding Common Automotive Security Issues and Their Implications
Paper i proceeding, 2019

With increased connectivity of safety-critical systems such as vehicles and industrial control systems, the importance of secure software rises in lock-step. Even systems that are traditionally considered to be non safety-critical can become safety-critical if they are willfully manipulated. In this paper, we identify 8 important security issues of automotive software based on a conceptually simple yet interesting example. The issues encompass problems from the design phase, including requirements engineering, to the choice of concrete parameters for an API. We then investigate how these issues are perceived by automotive security experts through a survey.

The survey results indicate that the identified issues are indeed problematic in real industry use-cases. Based on the collected data, we draw conclusions which problems deserve further attention and how the problems can be addressed. In particular, we find that key distribution is a major issue. Finally, many of the identified issues can be addressed by improved documentation and access to security experts.

Automotive Application Development

Automotive Security

Expert Survey

Författare

Aljoscha Lautenbach

Chalmers, Data- och informationsteknik, Nätverk och system

Magnus Almgren

Chalmers, Data- och informationsteknik, Nätverk och system

Tomas Olovsson

Chalmers, Data- och informationsteknik, Nätverk och system

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

03029743 (ISSN) 16113349 (eISSN)

Vol. 11552 19-34
978-303016873-5 (ISBN)

The International Workshop on Interplay of Security, Safety and System/Software Architecture
Barcelona, Spain,

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA (2015-06894), 2016-04-01 -- 2019-03-31.

Säkra IT-system för drift och övervakning av samhällskritisk infrastruktur

Myndigheten för samhällsskydd och beredskap (2015-828), 2015-09-01 -- 2020-08-31.

Styrkeområden

Informations- och kommunikationsteknik

Transport

Ämneskategorier

Programvaruteknik

Datavetenskap (datalogi)

Datorsystem

DOI

10.1007/978-3-030-16874-2_2

Mer information

Senast uppdaterat

2021-12-14