A Comprehensive Attack and Defense Model for the Automotive Domain

In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of the authors' knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses. In this work, the authors propose a comprehensive model covering all relevant aspects of the automotive environment and link it with selected attack scenarios and defense strategies already discussed in academic literature. This showcases the capabilities of the authors' model to build new attack chains, to compare alternative defense strategies, to structure existing work, and to identify possibilities for future research.

• Record URL:
  https://doi.org/10.4271/11-02-01-0001
• Availability:
  • Find a library where document is available. Order URL: http://worldcat.org/oclc/974641606
• Supplemental Notes:
  • Abstract reprinted with permission of SAE International.
• Authors:
  • Hutzelmann, Thomas
  • Banescu, Sebastian
  • Pretschner, Alexander
• Publication Date: 2019-1-17

Language

• English

Media Info

• Media Type: Web
• Features: References;
• Pagination: pp 5-20
• Serial:
  • SAE International Journal of Transportation Cybersecurity and Privacy
  • Volume: 2
  • Issue Number: 1
  • Publisher: SAE International
  • ISSN: 1570-761X
  • Serial URL: https://www.sae.org/publications/collections/content/e-journal-11/

Subject/Index Terms

• TRT Terms: Autonomous land vehicles; Autonomous vehicles; Computer security; Conceptual models; Cruise control; Research; Sensors; Simulation
• Subject Areas: Highways; Research; Security and Emergencies; Vehicles and Equipment;

Filing Info

• Accession Number: 01691853
• Record Type: Publication
• Source Agency: SAE International
• Report/Paper Numbers: 11-02-01-0001
• Files: TRIS, SAE
• Created Date: Jan 30 2019 10:15AM