https://www.mdu.se/

mdu.sePublications
Change search
Refine search result
1 - 5 of 5
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Blazek, Thomas
    et al.
    Silicon Austria Labs GmbH, Australia.
    Ademaj, Fjolla
    Silicon Austria Labs GmbH, Australia.
    Marksteiner, Stefan
    Mälardalen University. AVL List GmbH, Australia.
    Priller, Peter
    AVL List GmbH, Australia.
    Bernhard, Hans-Peter
    Silicon Austria Labs GmbH, Australia; Johannes Kepler University Linz, Australia.
    Wireless Security in Vehicular Ad Hoc Networks: A Survey2022In: SAE International Journal of Connected and Automated Vehicles, ISSN 2574-0741, Vol. 6, no 2Article in journal (Refereed)
    Abstract [en]

    Vehicular communications face unique security issues in wireless communications. While new vehicles are equipped with a large set of communication technologies, product life cycles are long and software updates are not widespread. The result is a host of outdated and unpatched technologies being used on the street. This has especially severe security impacts because autonomous vehicles are pushing into the market, which will rely, at least partly, on the integrity of the provided information. We provide an overview of the currently deployed communication systems and their security weaknesses and features to collect and compare widely used security mechanisms. In this survey, we focus on technologies that work in an ad hoc manner. This includes Long-Term Evolution mode 4 (LTE-PC5), Wireless Access in Vehicular Environments (WAVE), Intelligent Transportation Systems at 5 Gigahertz (ITS-G5), and Bluetooth. First, we detail the underlying protocols and their architectural components. Then, we list security designs and concepts, as well as the currently known security flaws and exploits. Our overview shows the individual strengths and weaknesses of each protocol. This provides a path to interfacing separate protocols while being mindful of their respective limitations.

  • 2.
    Ebrahimi, M.
    et al.
    Graz University of Technology, Graz, Austria.
    Marksteiner, Stefan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. AVL List GmbH, Graz, Austria.
    Ničković, D.
    AIT Austrian Institute of Technology, Vienna, Austria.
    Bloem, R.
    Graz University of Technology, Graz, Austria.
    Schögler, D.
    AVL List GmbH, Graz, Austria.
    Eisner, P.
    AVL List GmbH, Graz, Austria.
    Sprung, S.
    AVL List GmbH, Graz, Austria.
    Schober, T.
    AVL List GmbH, Graz, Austria.
    Chlup, S.
    AIT Austrian Institute of Technology, Vienna, Austria.
    Schmittner, C.
    AIT Austrian Institute of Technology, Vienna, Austria.
    König, S.
    AIT Austrian Institute of Technology, Vienna, Austria.
    A Systematic Approach to Automotive Security2023In: Lecture Notes in Computer Science, vol 14000, Springer Science and Business Media Deutschland GmbH , 2023, p. 598-609Conference paper (Refereed)
    Abstract [en]

    We propose a holistic methodology for designing automotive systems that consider security a central concern at every design stage. During the concept design, we model the system architecture and define the security attributes of its components. We perform threat analysis on the system model to identify structural security issues. From that analysis, we derive attack trees that define recipes describing steps to successfully attack the system’s assets and propose threat prevention measures. The attack tree allows us to derive a verification and validation (V &V) plan, which prioritizes the testing effort. In particular, we advocate using learning for testing approaches for the black-box components. It consists of inferring a finite state model of the black-box component from its execution traces. This model can then be used to generate new relevant tests, model check it against requirements, and compare two different implementations of the same protocol. We illustrate the methodology with an automotive infotainment system example. Using the advocated approach, we could also document unexpected and potentially critical behavior in our example systems. 

  • 3.
    Marksteiner, S.
    et al.
    AVL List Gmbh, Graz, Austria.
    Sirjani, Marjan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sjödin, Mikael
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Using Automata Learning for Compliance Evaluation of Communication Protocols on an NFC Handshake Example2024In: Lecture Notes in Computer Science, Springer Science and Business Media Deutschland GmbH , 2024, p. 170-190Conference paper (Refereed)
    Abstract [en]

    Near-Field Communication (NFC) is a widely adopted standard for embedded low-power devices in very close proximity. In order to ensure a correct system, it has to comply to the ISO/IEC 14443 standard. This paper concentrates on the low-level part of the protocol (ISO/IEC 14443-3) and presents a method and a practical implementation that complements traditional conformance testing. We infer a Mealy state machine of the system-under-test using active automata learning. This automaton is checked for bisimulation with a specification automaton modelled after the standard, which provides a strong verdict of conformance or non-conformance. As a by-product, we share some observations of the performance of different learning algorithms and calibrations in the specific setting of ISO/IEC 14443-3, which is the difficulty to learn models of system that a) consist of two very similar structures and b) very frequently give no answer (i.e. a timeout as an output).

  • 4.
    Marksteiner, Stefan
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. Avl List GmbH, Graz, Austria.
    Schmittner, C.
    Ait Austrian Institute of Technology GmbH, Vienna, Austria.
    Christl, K.
    Ait Austrian Institute of Technology GmbH, Vienna, Austria.
    Nickovic, D.
    Ait Austrian Institute of Technology GmbH, Vienna, Austria.
    Sjödin, Mikael
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Sirjani, Marjan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling2023In: Proceedings: CSCS 2023 - 7th ACM Computer Science in Cars Symposium, Association for Computing Machinery, Inc , 2023Conference paper (Refereed)
    Abstract [en]

    The United Nations Economic Commission for Europe (UNECE) demands the management of cyber security risks in vehicle design and that the effectiveness of these measures is verified by testing. Generally, with rising complexity and openness of systems via software-defined vehicles, verification through testing becomes a very important for security assurance. This mandates the introduction of industrial-grade cybersecurity testing in automotive development processes. Currently, the automotive cybersecurity testing procedures are not specified or automated enough to be able to deliver tests in the amount and thoroughness needed to keep up with that regulation, let alone doing so in a cost-efficient manner. This paper presents a methodology to automatically generate technology-agnostic test scenarios from the results of threat analysis and risk assessment (TARA) process. Our approach is to transfer the resulting threat models into attack trees and label their edges using actions from a domain-specific language (DSL) for attack descriptions. This results in a labelled transitions system (LTS), in which every labelled path intrinsically forms a test scenario. In addition, we include the concept of Cybersecurity Assurance Levels (CALs) and Targeted Attack Feasibility (TAF) into testing by assigning them as costs to the attack path. This abstract test scenario can be compiled into a concrete test case by augmenting it with implementation details. Therefore, the efficacy of the measures taken because of the TARA can be verified and documented. As TARA is a de-facto mandatory step in the UNECE regulation and the relevant ISO standard, automatic test generation (also mandatory) out of it could mean a significant improvement in efficiency, as two steps could be done at once.

  • 5.
    Roberts, A.
    et al.
    Tallinn University of Technology, Estonia.
    Marksteiner, Stefan
    Mälardalen University. AVL List GmbH, Austria.
    Soyturk, M.
    Marmara Üniversitesi, Turkey.
    Yaman, B.
    BigTRI, Turkey.
    Yang, Y.
    AVL China, China.
    A Global Survey of Standardization and Industry Practices of Automotive Cybersecurity Validation and Verification Testing Processes and Tools2023In: SAE International Journal of Connected and Automated Vehicles, ISSN 2574-0741, Vol. 7, no 2Article in journal (Refereed)
    Abstract [en]

    The United Nation Economic Commission for Europe (UNECE) Regulation 155 - Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle's lifecycle. An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval. Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021 - Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. This research provides guidance on automotive cybersecurity testing and verification by providing an overview of the state-of-the-art in relevant automotive standards, outlining their transposition into national regulation and the currently used processes and tools in the automotive industry. Through engagement with state-of-the-art literature and workshops and surveys with industry groups, our study found that national regulatory authorities are moving to enshrine UN R155 as part of their vehicle regulations, with differences of implementation based on regulatory culture and pre-existing approaches to vehicle regulation. Validation and verification testing is developing aligned to UN R155 and ISO21434:2021; however, the testing approaches currently used within industry utilize elements of traditional enterprise information technology methods for penetration testing and toolsets. Electrical/electronic (E/E) components such as embedded control units (ECUs) are considered the primary testing target; however, connected and autonomous vehicle technologies are increasingly attracting more focus for testing.

1 - 5 of 5
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf