Auflistung nach:
Auflistung P269 - Automotive - Safety & Security 2017 nach Erscheinungsdatum
1 - 10 von 12
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragA Testing Framework Architecture for Automotive Intrusion Detection Systems(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Corbett, Christopher; Basic, Tobias; Lukaseder, Thomas; Kargl, FrankVehicles are the target of a rising number of hacking attacks. The integration of in-vehicle intrusion detection systems is a common approach to increase the overall system security. However, testing and evaluating these systems is difficult due to the lack of tools to generate realistic benign and malicious workloads as well as sharing these workloads with other researchers. Currently, test- ing tools are predominantly intended for Network Intrusion Detection System (NIDS) in company or industrial networks where their usefulness became apparent. Yet, in the automotive domain, development of testing tools is still in the early stages. Existing non-commercial automotive tools only focus on one specific bus technology each. However, in-vehicle communication exceeds bus technology boundaries and a testing tool must cover multiple technologies. We propose a framework architecture concept for in-vehicle NIDS testing and evaluation to enable the creation of realistic network traffic and attacks in consideration of automotive specific challenges. Our concept provides the opportunity to share data without additional anonymization effort therefore improving cooperation and reproducibility of testing results.
- KonferenzbeitragExploring and Understanding Multicore Interference from Observable Factors(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Lesage, Benjamin; Griffin,David; Bate, Iain; Soboczenski, FrankMulti-core processors bring a wide variety of challenges to the development, maintenance and certification of safety-critical systems. One of the key challenges is to understand how tasks sharing the processing resource affect one another, and to build an understanding of existing or new platforms. Industry reports that interference can lead to large variations in execution times which can lead to a wide variety of problems including timing overruns. To support performance improvements, debugging and timing analysis, a framework is presented in this paper for reliably establishing the interference patterns of tasks using simple contenders. These contenders systematically manipulate the shared resources so the effect on interferences can be understood and analysed. The approach relies on guided exploration of the interference space and existing performance monitoring infrastructure. It has been implemented on a Tricore AURIX platform to analyse the behaviour of multiple real and kernel applications.
- KonferenzbeitragRisk-Oriented Security Engineering(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Ebert, ChristofVirtually every connected system will be attacked sooner or later. A 100% secure solution is not feasible. Therefore, advanced risk assessment and mitigation is the order of the day. Risk-oriented security engineering for automotive systems helps in both designing for robust systems as well as effective mitigation upon attacks or exploits of vulnerabilities. Security must be integrated early in the design phase of a vehicle to understand the threats and risks to car functions. The security analysis provides requirements and test vectors and adequate measures can be derived for balanced costs and efforts. The results are useful in the partitioning phase when functionality is distributed to ECUs and networks. We will show with concrete examples how risk-oriented cyber security can be successfully achieved in automotive systems. Three levers for automotive security are addressed: (1) Product, i.e., designing for security for components and the system, (2) Process, i.e., implementing cyber security concepts in the development process and (3) Field, i.e., ensuring security concepts are applied during service activities and effective during regular operations.
- KonferenzbeitragFunktionale Sicherheit in Automotive und Avionik: Ein Staffellauf(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Schwierz, Andreas; Seifert, Georg; Hiergeist, SebastianDer nachfolgende Bericht geht auf die gemeinsamen Interessen von sicherheitskritischen Systemen aus der Luftfahrt- und der Automobilbranche ein. Hierbei wird dargelegt, dass die Software- Funktionalität stark von der eingesetzten Hardware abhängig ist und Auswirkungen auf die gewünschte Sicherheit hat. In diesem Bereich können beide Branchen voneinander profitieren. Die Luftfahrt hat historisch gesehen schon früh angefangen, systematisch funktionale Sicherheit zu standardisieren, wohingegen die Automobilbranche seit 2011 nachzieht und mit ihrer großen Marktmacht auf die Hardwarehersteller einwirken kann. Hieraus könnte auch die Luftfahrtindustrie ihren Nutzen ziehen.
- KonferenzbeitragHacking Trucks - Cybersecurity Risks and Effective Cybersecurity Protection for Heavy Duty Vehicles(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Wolf, Marko; Lambert, RobertSimilar to passenger cars, heavy-duty vehicles, such as commercial trucks and buses, are becoming increasingly software-driven, interconnected and semi-automated, and hence are also becoming increasingly susceptible to cybersecurity attacks. This article will identify and evaluate these cybersecurity threats and risks affecting the monetary business operation, reliability, and safety of heavy-duty vehicles, comparing them with similar cybersecurity risks for typical passenger vehicles. Based on this overall cybersecurity threat and risk analysis, the article will then present and explain our holistic and multi-layer protection approach to reduce such cybersecurity risks for heavy-duty vehicles.
- ZeitschriftenartikelAdapting Organic Computing Architectures to an Automotive Environment to Increase Safety & Security(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Lamshöft, Kevin; Altschaffel, Robert; Dittmann, JanaModern cars are very complex systems operating in a diverse environment. Today they incorporate an internal network connecting an array of actuators and sensors to ECUs (Electronic Control Units) which implement basic functions and advanced driver assistance systems. Opening these networks to outside communication channels (like Car-to-X-communication) new possibilities but also new attack vectors arise. Recent work has shown that it is possible for an attacker to infiltrate the ECU network insides a vehicle using these external communication channels. Any attack on the security of a vehicle comes implies an impact on the safety of road traffic. This paper discusses the possibilities of using architectures suggested by Organic Computing to reduce these arising security risks and therefore improve safety. A proposed architecture is implemented in a demonstrator and evaluated using different attack scenarios.
- KonferenzbeitragUsing STPA in Compliance with ISO 26262 for Developing a Safe Architecture for Fully Automated Vehicles(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Abdulkhaleq, Asim; Wagner, Stefan; Lammering, Daniel; Boehmert, Hagen; Blueher, PierreSafety has become of paramount importance in the development lifecycle of the modern automobile systems. However, the current automotive safety standard ISO 26262 does not specify clearly the methods for safety analysis. Different methods are recommended for this purpose. FTA (Fault Tree Analysis) and FMEA (Failure Mode and Effects Analysis) are used in the most recent ISO 26262 applications to identify component failures, errors and faults that lead to specific hazards (in the presence of faults). However, these methods are based on reliability theory, and they are not adequate to address new hazards caused by dysfunctional component interactions, software failure or human error. A holistic approach was developed called STPA (Systems-Theoretic Process Analysis) which addresses more types of hazards and treats safety as a dynamic control problem rather than an individual component failure. STPA also addresses types of hazardous causes in the absence of failure. Accordingly, there is a need for investigating hazard analysis techniques like STPA. In this paper, we present a concept on how to use STPA to extend the safety scope of ISO 26262 and support the Hazard Analysis and Risk Assessments (HARA) process. We applied the proposed concept to a current project of a fully automated vehicle at Continental. As a result, we identified 24 system- level accidents, 176 hazards, 27 unsafe control actions, and 129 unsafe scenarios. We conclude that STPA is an effective and efficient approach to derive detailed safety constraints. STPA can support the functional safety engineers to evaluate the architectural design of fully automated vehicles and build the functional safety concept.
- KonferenzbeitragOntologiebasierte Abhängigkeitsanalyse im Projektlastenheft(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Zichler, Konstantin; Helke, SteffenZu Beginn eines Projekts dokumentieren interdisziplinäre Domänen-Experten die Anforderungen an alle Lebensphasen eines Nutzfahrzeugs und die entsprechenden Realisierungskonzepte im Projektlastenheft. Die Kenntnis der Abhängigkeiten zwischen Anforderungen bietet den Vorteil, fehlerhafte Produktkonzepte bereits in der frühen Projektphase zu vermeiden. Bei der Durchführung von Abhängigkeitsanalysen besteht für die Experten der einzelnen Abteilungen die Schwierigkeit darin, von den dokumentierten Einzelbeiträgen auf domänenübergreifende Abhängigkeiten zwischen den Anforderungen zu schließen. Bisher werden diese Analysen für gewöhnlich manuell durchgeführt, da es dafür kaum Werkzeugunterstützung gibt. Wir stellen ein neuartiges Verfahren vor, bei dem das für die Abhängigkeitsanalyse erforderliche, fachspezifische Wissen zu einer gemeinsamen Wissensbasis in Form einer Ontologie aggregiert wird. Zusammen mit Axiomen, einem Reasoner und Werkzeugen aus dem Natural Language Processing wird eine automatisierte Abhängigkeitsanalyse im Projektlastenheft realisiert, mit der es möglich ist, bisher nicht berücksichtigte Abhängigkeiten zwischen Anforderungen zu identifizieren.
- KonferenzbeitragTowards the Use of Controlled Natural Languages in Hazard Analysis and Risk Assessment(Automotive - Safety & Security 2017 - Sicherheit und Zuverlässigkeit für automobile Informationstechnik, 2017) Chomicz, Paul; Müller-Lerwe, Armin; Wegner, Götz-Philipp; Busch, Rainer; Kowalewski, StefanNew safety-critical and software-controlled systems of automobiles have to be developed according to the functional safety standard ISO 26262. A hazard analysis and risk assessment has to be performed for such systems. The sub-activities of this analysis technique are defined by the standard, but informative definitions leave room for subjective variation, and documentation details are left to the car manufacturer. Usually, natural languages are used for the documentation, which are powerful and expressive but also complex and ambiguous. We propose the usage of controlled natural languages for the documentation of the results of the hazard analysis and risk assessment. In a first step, we developed a controlled natural language for the description of the hazardous events. The language reduces ambiguity and improves the consistency across hazard analyses and risk as- sessments.