Refine Your Search

Topic

Author

Affiliation

Search Results

Training / Education

Intelligent Vehicles From Functional Framework to Vehicle Architecture

2021-07-09
Considering the increasing demand for vehicle intelligence, more and more students, engineers and researchers are involved in this field. It can be challenging, however, to gain an understanding of the growing variety of intelligent vehicle technologies and how they must function together effectively as a system. This course provides an overview of state-of-the-art intelligent vehicles, presents a systematic framework for intelligent technologies and vehicle-level architecture, and introduces testing methodologies to evaluate individual and integrated intelligent functions.
Training / Education

Introduction to Automotive Cybersecurity

2021-07-07
This course has been developed for the Chinese auto industry to provide engineers and software developers involved in V2X and related industries with important knowledge about vehicle cybersecurity, including basic cybersecurity practices, interpretation of SAE J3061 standards, connected vehicle attack & defense approaches and the Security Development Lifecycle (SDL).
Technical Paper

Is the Age of the Automotive V-model Over?

2021-04-06
2021-01-0065
The V-model has been central to rigorous vehicle engineering for decades. However, there are three factors that could be used to argue whether the V-model is still a good fit for the automotive industry as we move into the connected autonomous vehicle (CAV) era. The first is the shift during development towards simulation to reduce costs, which means that testing runs can be done quickly, reminiscent of the software development AGILE methodology. The second is the need to monitor vehicles after production due to ever-increasing software functionality on a vehicle. This is for two reasons: firstly, the software over the lifetime of the vehicle would need updating, and secondly, monitoring is required for incident response in the event of a cyber-attack. Since the V-model traditionally doesn't consider the product after the vehicle enters the market, there is an absence of a widely accepted model to follow.
Technical Paper

Integrating Fuzz Testing into the Cybersecurity Validation Strategy

2021-04-06
2021-01-0139
Therefore, modern cybersecurity validation is highly stressed for finding security vulnerabilities and robustness issues early and systematically at every stage of the product development process. ...The integration of a sophisticated fuzz testing program within the overall cybersecurity validation strategy allows for accommodating towards these challenging demands. In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight which of its shortcomings can be complemented by fuzz testing. ...In this paper, we review a general automotive cybersecurity engineering process containing functional testing, vulnerability scanning and penetration testing, and highlight which of its shortcomings can be complemented by fuzz testing.
Technical Paper

Cybersecurity Metrics for Automotive Systems

2021-04-06
2021-01-0138
We present in this paper the context surrounding cybersecurity metrics from literature and highlight the first potential steps towards a common understanding of how much cybersecurity is enough. With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the new ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...With the increased need for cybersecurity in automotive systems due to the development of more advanced technologies and corresponding increased threat vectors, coupled with the new ISO/SAE 21434 cybersecurity standard for automotive systems and cybersecurity regulations in UNECE WP.29, it is becoming increasingly important for auto manufacturers and suppliers to have a clear and common understanding and agreement of cybersecurity metrics for the development and deployment of vehicles. ...Cybersecurity for automotive systems is challenging and one of the major challenges is how to measure this system property.
Technical Paper

Secure CAN Logging

2021-04-06
2021-01-0136
However, CAN protocols are vulnerable from a cybersecurity perspective in that they have no mechanism for authentication or authorization. Attacks on vehicle CAN systems present a risk to driver privacy and possibly driver safety. ...Therefore, developing new tools and techniques to detect cybersecurity threats within CAN networks is a critical research topic. A key component of this research is compiling a large database of representative CAN data from operational vehicles on the road.
Technical Paper

Zero-Day Attack Defenses and Test Framework for Connected Mobility ECUs

2021-04-06
2021-01-0141
Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in cur-rent automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, counter-measures and evaluation methods.
Technical Paper

Deep Learning based Real Time Vulnerability fixes Verification Mechanism for Automotive firmware/Software

2021-04-06
2021-01-0183
Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification.
Technical Paper

Simulation Modeling of Malware for IoT: Implications for Aviation

2021-03-02
2021-01-0019
This paper presents the results of a study of the malware, which will affect the Internet of Things (IoT) and its implications for aviation. First, the Delphi methodology is used in order to identify the type of malware which will be more prevalent in IoT devices. Second, several models are developed using system dynamics to study the propagation of malware, and recent cases are simulated (e.g., Sartori Botnet) to study the dynamics of propagation and potential schemes of protection. Third, a generic risk management framework is presented and discussed. Then, guidelines for the aviation industry are considered.
Training / Education

DO-326A and ED-202A An Introduction to the New and Mandatory Aviation Cyber-Security Essentials

2021-03-01
The international standards D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" are the cornerstones of the "DO-326/ED-202 Set" and they are the only Acceptable Means of Compliance (AMC) by FAA & EASA for aviation cyber-security airworthiness certification, as of 2019. The "DO-326/ED-202 Set" also includes companion documents DO-356A/ED-203A: "Airworthiness Security Methods and Considerations" & DO-355/ED-204: "Information Security Guidance for Continuing Airworthiness" (U.S. & Europe) and ED-201: "Aeronautical Information System Security (AISS) Framework Guidance" & ED-205: "Process Standard for Security Certification / Declaration of Air Traffic Management / Air Navigation Services (ATM/ANS) Ground Systems“ (Europe only).
X