安全关键型汽车软件安全性和鲁棒性分析的CAD支持

IF 2 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS ACM Transactions on Cyber-Physical Systems Pub Date : 2022-11-18 DOI:10.1145/3571287
Ipsita Koley, Soumyajit Dey, Debdeep Mukhopadhyay, Sachin Kumar Singh, Lavanya Lokesh, Shantaram Vishwanath Ghotgalkar
{"title":"安全关键型汽车软件安全性和鲁棒性分析的CAD支持","authors":"Ipsita Koley, Soumyajit Dey, Debdeep Mukhopadhyay, Sachin Kumar Singh, Lavanya Lokesh, Shantaram Vishwanath Ghotgalkar","doi":"10.1145/3571287","DOIUrl":null,"url":null,"abstract":"Modern vehicles contain a multitude of electronic control units that implement software features controlling most of the operational, entertainment, connectivity, and safety aspects of the vehicle. However, with security requirements often being an afterthought in automotive software development, incorporation of such software features with intra- and inter-vehicular connectivity requirements often opens up new attack surfaces. Demonstrations of such security vulnerabilities in past reports and literature bring in the necessity to formally analyze how secure automotive control systems really are against adversarial attacks. Modern vehicles often incorporate onboard monitoring systems that test the sanctity of data samples communicated among controllers and detect possible attack/noise insertion scenarios. The performance of such monitors against security threats also needs to be verified. In this work, we outline a rigorous methodology for estimating the vulnerability of automotive CPSs. We provide a computer-aided design framework that considers the model-based representation of safety-critical automotive controllers and monitoring systems working in a closed loop with vehicle dynamics and verifies their safety and robustness w.r.t. false data injection attacks. Symbolically exploring all possible combinations of attack points of the input automotive CPS, the proposed framework tries to find out which sensor and/or actuation signal is vulnerable by generating stealthy and successful attacks using a formal method-based counter-example guided abstract refinement process. We also validate the efficacy of the proposed framework using a case study performed in an industry-scale simulator.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":"7 1","pages":"1 - 26"},"PeriodicalIF":2.0000,"publicationDate":"2022-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"CAD Support for Security and Robustness Analysis of Safety-critical Automotive Software\",\"authors\":\"Ipsita Koley, Soumyajit Dey, Debdeep Mukhopadhyay, Sachin Kumar Singh, Lavanya Lokesh, Shantaram Vishwanath Ghotgalkar\",\"doi\":\"10.1145/3571287\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Modern vehicles contain a multitude of electronic control units that implement software features controlling most of the operational, entertainment, connectivity, and safety aspects of the vehicle. However, with security requirements often being an afterthought in automotive software development, incorporation of such software features with intra- and inter-vehicular connectivity requirements often opens up new attack surfaces. Demonstrations of such security vulnerabilities in past reports and literature bring in the necessity to formally analyze how secure automotive control systems really are against adversarial attacks. Modern vehicles often incorporate onboard monitoring systems that test the sanctity of data samples communicated among controllers and detect possible attack/noise insertion scenarios. The performance of such monitors against security threats also needs to be verified. In this work, we outline a rigorous methodology for estimating the vulnerability of automotive CPSs. We provide a computer-aided design framework that considers the model-based representation of safety-critical automotive controllers and monitoring systems working in a closed loop with vehicle dynamics and verifies their safety and robustness w.r.t. false data injection attacks. Symbolically exploring all possible combinations of attack points of the input automotive CPS, the proposed framework tries to find out which sensor and/or actuation signal is vulnerable by generating stealthy and successful attacks using a formal method-based counter-example guided abstract refinement process. We also validate the efficacy of the proposed framework using a case study performed in an industry-scale simulator.\",\"PeriodicalId\":7055,\"journal\":{\"name\":\"ACM Transactions on Cyber-Physical Systems\",\"volume\":\"7 1\",\"pages\":\"1 - 26\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2022-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Transactions on Cyber-Physical Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3571287\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Cyber-Physical Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3571287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}
引用次数: 1

摘要

现代车辆包含大量电子控制单元,这些电子控制单元实现软件功能,控制车辆的大部分操作、娱乐、连接和安全方面。然而,在汽车软件开发中,安全要求往往是事后考虑的问题,将此类软件功能与车内和车间连接要求相结合往往会开辟新的攻击面。在过去的报告和文献中对此类安全漏洞的演示使得有必要正式分析汽车控制系统在对抗性攻击中的安全性。现代车辆通常包含车载监测系统,该系统测试控制器之间通信的数据样本的神圣性,并检测可能的攻击/噪声插入场景。还需要验证此类监控器对安全威胁的性能。在这项工作中,我们概述了一种评估汽车消费品安全漏洞的严格方法。我们提供了一个计算机辅助设计框架,该框架考虑了与车辆动力学闭环工作的安全关键型汽车控制器和监控系统的基于模型的表示,并验证了它们的安全性和稳健性。该框架象征性地探索了输入汽车CPS的攻击点的所有可能组合,试图通过使用基于形式方法的反例引导的抽象细化过程生成隐蔽和成功的攻击,找出哪个传感器和/或驱动信号是易受攻击的。我们还通过在行业规模的模拟器中进行的案例研究验证了所提出的框架的有效性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
CAD Support for Security and Robustness Analysis of Safety-critical Automotive Software
Modern vehicles contain a multitude of electronic control units that implement software features controlling most of the operational, entertainment, connectivity, and safety aspects of the vehicle. However, with security requirements often being an afterthought in automotive software development, incorporation of such software features with intra- and inter-vehicular connectivity requirements often opens up new attack surfaces. Demonstrations of such security vulnerabilities in past reports and literature bring in the necessity to formally analyze how secure automotive control systems really are against adversarial attacks. Modern vehicles often incorporate onboard monitoring systems that test the sanctity of data samples communicated among controllers and detect possible attack/noise insertion scenarios. The performance of such monitors against security threats also needs to be verified. In this work, we outline a rigorous methodology for estimating the vulnerability of automotive CPSs. We provide a computer-aided design framework that considers the model-based representation of safety-critical automotive controllers and monitoring systems working in a closed loop with vehicle dynamics and verifies their safety and robustness w.r.t. false data injection attacks. Symbolically exploring all possible combinations of attack points of the input automotive CPS, the proposed framework tries to find out which sensor and/or actuation signal is vulnerable by generating stealthy and successful attacks using a formal method-based counter-example guided abstract refinement process. We also validate the efficacy of the proposed framework using a case study performed in an industry-scale simulator.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Transactions on Cyber-Physical Systems
ACM Transactions on Cyber-Physical Systems COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-
CiteScore
5.70
自引率
4.30%
发文量
40
期刊最新文献
On Cyber-Physical Fault Resilience in Data Communication: A Case From A LoRaWAN Network Systems Design DistressNet-NG: A Resilient Data Storage and Sharing Framework for Mobile Edge Computing in Cyber-Physical Systems A Blockchain Architecture to Increase the Resilience of Industrial Control Systems from the Effects of a Ransomware Attack: A Proposal and Initial Results A Combinatorial Optimization Analysis Method for Detecting Malicious Industrial Internet Attack Behaviors Statistical Verification using Surrogate Models and Conformal Inference and a Comparison with Risk-aware Verification
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1