Auflistung nach Autor:in "Wolf, Marko"
1 - 5 von 5
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragDigital Rights Management Systeme als Enabling Technology im Automobil(Sicherheit 2005, Sicherheit – Schutz und Zuverlässigkeit, 2005) Wolf, Marko; Weimerskirch, André; Paar, ChristofMit dem Einzug moderner Multimedia- und Computertechnik im Automobilbereich werden eine Vielzahl neuer Möglichkeiten aber auch Risiken durch die Verwendung geschützter digitaler Inhalte im Automobil zur Realität. Die Umsetzung von Digital Rights Management Systemen (DRMS) im Automobil ist daher nicht nur eine notwendige, sondern auch eine viel versprechende Herausforderung.
- KonferenzbeitragHacking Trucks - Cybersecurity Risks and Effective Cybersecurity Protection for Heavy Duty Vehicles(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Wolf, Marko; Lambert, RobertSimilar to passenger cars, heavy-duty vehicles, such as commercial trucks and buses, are becoming increasingly software-driven, interconnected and semi-automated, and hence are also becoming increasingly susceptible to cybersecurity attacks. This article will identify and evaluate these cybersecurity threats and risks affecting the monetary business operation, reliability, and safety of heavy-duty vehicles, comparing them with similar cybersecurity risks for typical passenger vehicles. Based on this overall cybersecurity threat and risk analysis, the article will then present and explain our holistic and multi-layer protection approach to reduce such cybersecurity risks for heavy-duty vehicles.
- KonferenzbeitragSecurity crash test - practical security evaluations of automotive onboard IT components(Automotive - Safety & Security 2014, 2015) Bayer, Stephanie; Enderle, Thomas; Oka, Dennis-Kengo; Wolf, MarkoModern vehicles consist of many interconnected, software-based IT components which are tested very carefully for correct functional behavior to avoid safety problems, e.g. that the brakes suddenly stop working. However, in contrast to safety testing systematic testing against potential security gaps is not yet a common procedure within the automotive domain. This however could eventually enable a malicious entity to be able to attack a safety-critical IT component or even the whole vehicle. Several real-world demonstrations have already shown that this risk is not only academic theory [1]. Facing this challenge, the paper at hand first introduces some potential automotive security attacks and some important automotive security threats. It then explains in more detail how to identify and evaluate potential security threats for automotive IT components based on theoretical security analyses and practical security testing. Lastly, we propose “automotive security evaluation assurance levels” (ASEAL) which define up to four discrete security testing levels.
- KonferenzbeitragSecurity Requirements Engineering in the Automotive Domain: On Specification Procedures and Implementational Aspects(SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 2008) Wolf, Marko; Paar, ChristofIt is not necessary to always present the terrorist attacker that encroaches into another’s ABS as the dramatic example to alert the need for vehicular IT security. It may suffice to imagine some very simple encroachments on in-vehicle communication integrity or on functional availability that could cause a suddenly uncontrolled spattering windshield washer or a malfunctioning door look system that—in the wrong situation—actually can suffice to threaten life [Ban03]. Although most vehicular applications are developed to face (random) technical failures, they almost never consider a human malicious encroachment. Hence, many vehicular IT systems are susceptible to security issues and hence, can quickly become also safety-critical. This work describes how to identify the individual security objectives of all entities involved in a typical vehicular IT application. It describes how to deduce the corresponding security requirements that fulfill the security objectives identified before. Finally, this work indicates some helpful vantages and several constraints characteristical when establishing IT security in the automotive domain.
- KonferenzbeitragA systematic approach to a qualified security risk analysis for vehicular IT systems(Automotive - Safety & Security 2012, 2012) Wolf, Marko; Scheibel, MichaelBy now, security engineering is an accepted challenge in the development of most vehicular IT systems. However, even though many vehicular security threats and effective protection measures are known in general, automotive engineers have difficulties to realize efficient security solutions such that the costs for certain protection measures are appropriate to the actual security threats in order to avoid “underprotection” as well as “over-protection”, which both are unacceptable particularly in the automotive domain. By applying a thorough security risk analysis, which incorporates the special characteristics of the automotive domain, we would have a qualified taxonomy to make well-founded decisions about the security measures effectively required. We therefor present a methodical approach for conducting a meaningful security risk analysis, which focusses particularly on vehicular IT systems. This approach applies systematic estimations for the two mandatory factors of any risk analysis, the potential damages and the probability of a successful security attack, both based on industry-proven methods and taxonomies carefully adapted to vehicular IT security scenarios.