Refine Your Search

Topic

Author

Affiliation

Search Results

Research Report

Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared Vehicles

2021-09-13
EPR2021019
Modern automobiles collect around 25 gigabytes of data per hour and autonomous vehicles are expected to generate more than 100 times that number. In comparison, the Apollo Guidance Computer assisting in the moon launches had only a 32-kilobtye hard disk. Without question, the breadth of in-vehicle data has opened new possibilities and challenges. The potential for accessing this data has led many entrepreneurs to claim that data is more valuable than even the vehicle itself. These intrepid data-miners seek to explore business opportunities in predictive maintenance, pay-as-you-drive features, and infrastructure services. Yet, the use of data comes with inherent challenges: accessibility, ownership, security, and privacy. Unsettled Legal Issues Facing Data in Autonomous, Connected, Electric, and Shared Vehicles examines some of the pressing questions on the minds of both industry and consumers. Who owns the data and how can it be used?
Research Report

Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation

2021-09-13
EPR2021020
Their associated information technology and cyber physical systems—along with an exponentially resultant number of interconnections—present a massive cybersecurity challenge. Unlike the physical security challenge, which was treated in earnest throughout the last decades, cyber-attacks on airports keep coming, but most airport lack essential means to confront such cyber-attacks. ...These missing means are not technical tools, but rather holistic regulatory directives, technical and process standards, guides, and best practices for airports cybersecurity—even airport cybersecurity concepts and basic definitions are missing in certain cases. Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity. ...Unsettled Topics Concerning Airport Cybersecurity Standards and Regulation offers a deeper analysis of these issues and their causes, focusing on the unique characteristics of airports in general, specific cybersecurity challenges, missing definitions, and conceptual infrastructure for the standardization and regulation of airports cybersecurity.
Research Report

Unsettled Topics Concerning Airworthiness Cybersecurity Regulation

2020-08-31
EPR2020013
Its extensive application of data networks, including enhanced external digital communication, forced the Federal Aviation Administration (FAA), for the first time, to set “Special Conditions” for cybersecurity. In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. ...In the 15 years that ensued, airworthiness regulation followed suit, and all key rule-, regulation-, and standard-making organizations weighed in to establish a new airworthiness cybersecurity superset of legislation, regulation, and standardization. The resulting International Civil Aviation Organization (ICAO) resolutions, US and European Union (EU) legislations, FAA and European Aviation Safety Agency (EASA) regulations, and the DO-326/ED-202 set of standards are already the de-facto, and soon becoming the official, standards for legislation, regulation, and best practices, with the FAA already mandating it to a constantly growing extent for a few years now—and EASA adopting the set in its entirety in July 2020. ...Click here to access The Mobility Frontier: Cybersecurity on the Air & Ground Click here to access the full SAE EDGETM Research Report portfolio.
Journal Article

Using AADL to Assess Architectural Concerns for Cyber Security

2023-03-07
2023-01-0998
We describe how we apply the SAE AS 5506 Architecture and Analysis Design Language (AADL) [4] to reason about contextual and architectural concerns for cyber security. A system’s cyber security certification requires verification that the system’s cyber security mechanisms are correct, non-bypassable, and tamper-resistant. We can verify correctness by examining the mechanism itself, but verifying the other qualities requires us to examine the context in which that mechanism resides. Understanding that context and validating the system’s evolving design against that context is an objective for the Architecture Centric Virtual Integration Process (ACVIP), an AADL-based approach to model and detect system design defects before they become too costly to fix. We describe our work to apply AADL to assess non-bypassability and tamper-resistance. The results of our research - tool plugins for cyber security architectural validation - support system developers today in their ACVIP activities.
Journal Article

Using Delphi and System Dynamics for IoT Cybersecurity: Preliminary Airport Implications

2021-03-02
2021-01-0019
Day by day, airports adopt more IoT devices. However, airports are not exempt from possible failures due to malware’s proliferation that can abuse vulnerabilities. Computer criminals can access, corrupt, and extract information from individuals or companies. This paper explains the development of a propagation model, which started with a Delphi process. We discuss the preliminary implications for airports of the simulation model built from the Delphi recommendations.
Journal Article

Using a Dual-Layer Specification to Offer Selective Interoperability for Uptane

2020-08-24
Abstract This work introduces the concept of a dual-layer specification structure for standards that separate interoperability functions, such as backward compatibility, localization, and deployment, from those essential to reliability, security, and functionality. The latter group of features, which constitute the actual standard, make up the baseline layer for instructions, while all the elements required for interoperability are specified in a second layer, known as a Protocols, Operations, Usage, and Formats (POUF) document. We applied this technique in the development of a standard for Uptane [1], a security framework for over-the-air (OTA) software updates used in many automobiles. This standard is a good candidate for a dual-layer specification because it requires communication between entities, but does not require a specific format for this communication.
Standard

V2X Misbehavior Reporting

2024-08-30
CURRENT
J3287_202408
This standard provides a specification of a general misbehavior report format suitable for reporting misbehavior observed by a system running SAE V2X applications, and specific report contents for specific instances of misbehavior. It also provides an overview of the architecture of a system-wide misbehavior management service for the V2X system and positions the misbehavior reporting services within that architecture.
Standard

V2X Misbehavior Reporting™ SET File

2024-08-30
CURRENT
J3287SET_202408
This set of Abstract Syntax Notation (ASN.1) modules contains the precise definitions of data structures used in the SAE J3287 standard. Using the ASN.1 specification, a compiler tool can produce libraries that enable software applications to use the data structures and produce corresponding encodings using the Octet Encoding Rules (OER). For further information see the body of SAE J3287. You may also be interested in: V2X Misbehavior Reporting™ the J3287 PDF. V2X Misbehavior Reporting™ J3287 ASN File that includes the ASN file (ZIP format) - download purchase only.
Standard

VENDOR COMPONENT PROGRAM DATA FILE INTERFACE FOR OEM ASSEMBLY OPERATIONS

1997-02-01
HISTORICAL
J2286_199702
This interface document SAE J2286 revises the requirements for file formats as described in SAE J1924. This document describes Interface 1 (I/F 1) in SAE J2214. This document does not imply the use of a specific hardware interface, but may be used with other hardware interfaces such as SAE J1939. The requirements of SAE J2286 supersede the requirements defined by SAE J1924.
Technical Paper

Vehicle Cyber Engineering (VCE) Testbed with CLaaS (Cyber-Security Labs as a Service)

2024-04-09
2024-01-2796
The VCE Laboratory testbeds are connected with an Amazon Web Services (AWS) cloud-based Cyber-security Labs as a Service (CLaaS) system, which allows students and researchers to access the testbeds from any place that has a secure internet connection. ...VCE students are assigned predefined virtual machines to perform designated cyber-security experiments. The CLaaS system has low administrative overhead associated with experiment setup and management. ...VCE Laboratory CLaaS experiments have been developed for demonstrating man-in-the-middle cyber-security attacks from actual compromised hardware or software connected with the TestCube.
X