Open Problems when Mapping Automotive Security Levels to System Requirements
Paper i proceeding, 2018

Securing the vehicle has become an important matter in the automotive industry. The communication of vehicles increases tremendously, they communicate with each other and to the infrastructure, they will be remotely diagnosed and provide the users with third-party applications. Given these areas of application, it is evident that a security standard for the automotive domain that considers security from the beginning of the development phase to the operational and maintenance phases is needed. Proposed security models in the automotive domain describe how to derive different security levels that indicate the demand on security, but do not further provide methods that map these levels to predefined system requirements nor security mechanisms. We continue at this point and describe open problems that need to be addressed in a prospective security framework for the automotive domain. Based on a study of several safety and security standards from other areas as well as suggested automotive security models, we propose an appropriate representation of security levels which is similar to, and will work in parallel with traditional safety, and a method to perform the mapping to a set of predefined system requirements, design rules and security mechanisms.

system security

vehicular security

requirements engineering

security classification

Författare

Thomas Rosenstatter

Chalmers, Data- och informationsteknik, Nätverk och system

Tomas Olovsson

Chalmers, Data- och informationsteknik, Nätverk och system

Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems

251-260
978-989-758-293-6 (ISBN)

4th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2018 (http://vehits.org)
Funchal, Madeira, Portugal,

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA (2015-06894), 2016-04-01 -- 2019-03-31.

Styrkeområden

Informations- och kommunikationsteknik

Transport

Ämneskategorier

Inbäddad systemteknik

Datavetenskap (datalogi)

Datorsystem

DOI

10.5220/0006665302510260

Mer information

Senast uppdaterat

2022-05-20