More Web Proxy on the site http://driver.im/

research-article

Modeling and generation of secure component communications in AUTOSAR

Authors:

Cinzia Bernardeschi,

Marco Di Natale,

Dario VaranoAuthors Info & Claims

SAC '17: Proceedings of the Symposium on Applied Computing

Pages 1473 - 1480

https://doi.org/10.1145/3019612.3019682

Published: 03 April 2017 Publication History

Abstract

The AUTOSAR standard acknowledges the need for improved security in automotive communications by providing a set of standard modules for encryption and authentication, to ensure confidentiality and integrity. However, these modules are not currently matched by corresponding models for security at the application level, and their use is somewhat in violation of the established AUTOSAR methodology that relies on code generation from high level specifications for all the communications and scheduling features. In this paper we present modeling extensions and code generation features, developed in the context of the EU project Sahire, that aim at bridging this gap.

References

[1]

AUTOSAR, (http://www.autosar.org/).

[2]

EVITA - E-safety vehicle intrusion protected applications, Seventh Research Framework Programme of the European Community, Project reference: 224275. http://evita-project.org/.

[3]

SAFURE - Safety And Security By Design For Interconnected Mixed-Critical Cyber-Physical Systems, horizon 2020, project reference: 644080. https://safure.eu//.

[4]

AUTOSAR. AUTOSAR Specification of Crypto Abstraction Library: AUTOSAR Release 4.2.2.

[5]

AUTOSAR. AUTOSAR Specification of Crypto Service Manager: AUTOSAR Release 4.2.2.

[6]

AUTOSAR. AUTOSAR Specification of Module Secure Onboard Communication: A UTOSAR Release 4.2.2.

[7]

D. Basin, J. Doser, and T. Lodderstedt. Model driven security for process-oriented systems. In Proceedings of the eighth ACM symposium on Access control models and technologies, pages 100--109. ACM, 2003.

Digital Library

[8]

C. Bernardeschi, G. Del Vigna, M. Di Natale, G. Dini, and D. Varano. Using autosar high-level specifications for the synthesis of security components in automotive systems. In Intl. Work, on Modelling and Simulation for Autonomous Systems, pages 101--117. Springer, 2016.

Digital Library

[9]

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, et al. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Security Symposium. San Francisco, 2011.

Digital Library

[10]

I. Gashi, A. Povyakalo, L. Strigini, M. Matschnig, T. Hinterstoisser, and B. Fischer. Diversity for safety and security in embedded systems. In Proceedings of the IEEE Intl. Conf. on Dependable Systems and Networks, pages 1--2, 2014.

[11]

J. Jürjens. UMLsec: Extending UML for secure systems development. In UML 2002---The Unified Modeling Language, pages 412--425. Springer, 2002.

Digital Library

[12]

K. Koscher, Czeskis, et al. Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy, pages 447--462. IEEE, 2010.

Digital Library

[13]

C.-W. Lin and A. Sangiovanni-Vincentelli. Cyber-security for the Controller Area Network (CAN) communication protocol. In 2012 International Conference on Cyber Security, pages 1--7. IEEE, 2012.

Digital Library

[14]

T. Lodderstedt, D. Basin, and J. Doser. SecureUML: A UML-based modeling language for model-driven security. In UML 2002--The Unified Modeling Language 2002, pages 426--441. Springer, 2002.

Digital Library

[15]

G. Macher, M. Stolz, E. Armengaud, and C. Kreiner. Filling the gap between automotive systems, safety, and software engineering, e & i Elektrotechnik und Informationstechnik, 132(3):142--148, 2015.

[16]

M. Saadatmand, A. Cicchetti, and M. Sjödin. On the need for extending MARTE with security concepts. In International Workshop on Model Based Engineering for Embedded Systems Design (M-BED 2011), 2011.

[17]

M. Saadatmand and T. Leveque. Modeling security aspects in distributed real-time component-based embedded systems. In Information Technology: New Generations (ITNG), 2012 Ninth International Conference on, pages 437--444. IEEE, 2012.

Digital Library

Cited By

Becker MCasini D(2024)The MATERIAL framework: Modeling and AuTomatic code Generation of Edge Real-TIme AppLications under the QNX RTOSJournal of Systems Architecture10.1016/j.sysarc.2024.103219154(103219)Online publication date: Sep-2024
https://doi.org/10.1016/j.sysarc.2024.103219
Bella GBiondi PCostantino GMatteucci I(2022)Designing and implementing an AUTOSAR-based Basic Software Module for enhanced securityComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109377218:COnline publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.109377
Bella GBiondi PCostantino GMatteucci I(2020)CINNAMON: A Module for AUTOSAR Secure Onboard Communication2020 16th European Dependable Computing Conference (EDCC)10.1109/EDCC51268.2020.00026(103-110)Online publication date: Sep-2020
https://doi.org/10.1109/EDCC51268.2020.00026
Show More Cited By

Index Terms

Modeling and generation of secure component communications in AUTOSAR
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Redundancy
  2. Embedded and cyber-physical systems
    1. Embedded systems
2. Networks
  1. Network properties
    1. Network reliability

Recommendations

Defending AUTOSAR Safety Critical Systems Against Code Reuse Attacks
AutoSec '19: Proceedings of the ACM Workshop on Automotive Cybersecurity

With the emergence of AUTOSAR as the dominant software platform for deeply embedded automotive systems, securing AUTOSAR against software based attacks becomes essential to securing most vehicles. However security countermeasures have to fit within the ...
Using AUTOSAR High-Level Specifications for the Synthesis of Security Components in Automotive Systems
MESAS 2016: Proceedings of the Third International Workshop on Modelling and Simulation for Autonomous Systems - Volume 9991

The increasing complexity and autonomy of modern automotive systems, together with the safety-sensitive nature of many vehicle information flows require a careful analysis of the security requirements and adequate mechanisms for ensuring integrity and ...
Secure communications over insecure channels

According to traditional conceptions of cryptographic security, it is necessary to transmit a key, by secret means, before encrypted massages can be sent securely. This paper shows that it is possible to select a key over open communications channels in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '17: Proceedings of the Symposium on Applied Computing

April 2017

2004 pages

ISBN:9781450344869

DOI:10.1145/3019612

Conference Chair:
Sung Y. Shin
South Dakota State University
,
Program Chairs:
Dongwan Shin
New Mexico Tech
,
Maria Lencastre
University of Pernambuco, Brazil

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2017

Sponsor:

SIGAPP

SAC 2017: Symposium on Applied Computing

April 3 - 7, 2017

Marrakech, Morocco

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
222
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)2

Reflects downloads up to 10 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Becker MCasini D(2024)The MATERIAL framework: Modeling and AuTomatic code Generation of Edge Real-TIme AppLications under the QNX RTOSJournal of Systems Architecture10.1016/j.sysarc.2024.103219154(103219)Online publication date: Sep-2024
https://doi.org/10.1016/j.sysarc.2024.103219
Bella GBiondi PCostantino GMatteucci I(2022)Designing and implementing an AUTOSAR-based Basic Software Module for enhanced securityComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2022.109377218:COnline publication date: 9-Dec-2022
https://dl.acm.org/doi/10.1016/j.comnet.2022.109377
Bella GBiondi PCostantino GMatteucci I(2020)CINNAMON: A Module for AUTOSAR Secure Onboard Communication2020 16th European Dependable Computing Conference (EDCC)10.1109/EDCC51268.2020.00026(103-110)Online publication date: Sep-2020
https://doi.org/10.1109/EDCC51268.2020.00026
Bernardeschi CDi Natale MDini GPalmieri M(2018)Verifying data secure flow in AUTOSAR modelsJournal of Computer Virology and Hacking Techniques10.1007/s11416-018-0317-y14:4(269-289)Online publication date: 6-Mar-2018
https://doi.org/10.1007/s11416-018-0317-y
Long AOuhammou YGrolleau EFejoz LRioux LBini EPagetti C(2017)Bridging the gap between practical cases and temporal performance analysisProceedings of the 25th International Conference on Real-Time Networks and Systems10.1145/3139258.3139286(178-187)Online publication date: 4-Oct-2017
https://dl.acm.org/doi/10.1145/3139258.3139286

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents