K. Maliatsos, Christos Lyvas, P. Pantazopoulos, C. Lambrinoudakis, A. Kanatas, Matthieu Gay, A. Amditis
{"title":"Standardizing Security Evaluation Criteria for Connected Vehicles: A Modular Protection Profile","authors":"K. Maliatsos, Christos Lyvas, P. Pantazopoulos, C. Lambrinoudakis, A. Kanatas, Matthieu Gay, A. Amditis","doi":"10.1109/CSCN.2019.8931344","DOIUrl":null,"url":null,"abstract":"The so-far most credible approach to Security Evaluation, the Common Criteria standard, relies on a thorough methodology to provide confidence that the security requirements of an IT system are satisfied. Towards that end, a Protection Profile (PP) document gathers carefully all required data and identifies in an implementation-independent way the security requirements of the studied system, referred to as Target of Evaluation (ToE). When the connected vehicles paradigm that integrates a mosaic of third-party modules and interfaces constitutes the ToE, the PP development calls for agile solutions.In this work, we introduce a modular approach to the design of a PP for connected vehicles, as developed in the SAFERtec project. Our starting point is a generic architecture of the Vehicle (V-ITS-S) that helps us identify all involved assets and accordingly introduce a flexible discrimination of the base and associated PP modules as well as their interplay. We discuss the way our modular PP can cope with various V-ITS-S implementation approaches and provide insights on its applicability on a real-world V-ITS-S bench we have developed. The proposed solution can pave the way for devising standardized security assurance arguments towards safer connected driving.","PeriodicalId":102095,"journal":{"name":"2019 IEEE Conference on Standards for Communications and Networking (CSCN)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Standards for Communications and Networking (CSCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCN.2019.8931344","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
The so-far most credible approach to Security Evaluation, the Common Criteria standard, relies on a thorough methodology to provide confidence that the security requirements of an IT system are satisfied. Towards that end, a Protection Profile (PP) document gathers carefully all required data and identifies in an implementation-independent way the security requirements of the studied system, referred to as Target of Evaluation (ToE). When the connected vehicles paradigm that integrates a mosaic of third-party modules and interfaces constitutes the ToE, the PP development calls for agile solutions.In this work, we introduce a modular approach to the design of a PP for connected vehicles, as developed in the SAFERtec project. Our starting point is a generic architecture of the Vehicle (V-ITS-S) that helps us identify all involved assets and accordingly introduce a flexible discrimination of the base and associated PP modules as well as their interplay. We discuss the way our modular PP can cope with various V-ITS-S implementation approaches and provide insights on its applicability on a real-world V-ITS-S bench we have developed. The proposed solution can pave the way for devising standardized security assurance arguments towards safer connected driving.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
