Biblio

Modern vehicles may contain a considerable number of ECUs (Electronic Control Units) which are connected through various means of communication, with the CAN (Controller Area Network) protocol being the most widely used. However, several vulnerabilities such as the lack of authentication and the lack of data encryption have been pointed out by several authors, which ultimately render vehicles unsafe to their users and surroundings. Moreover, the lack of security in modern automobiles has been studied and analyzed by other researchers as well as several reports about modern car hacking have (already) been published. The contribution of this work aimed to analyze and test the level of security and how resilient is the CAN protocol by taking a BMW E90 (3-series) instrument cluster as a sample for a proof of concept study. This investigation was carried out by building and developing a rogue device using cheap commercially available components while being connected to the same CAN-Bus as a man in the middle device in order to send spoofed messages to the instrument cluster.

Software development for Cyber-Physical Systems (CPS), e.g., autonomous vehicles, requires both functional and non-functional quality assurance to guarantee that the CPS operates safely and effectively. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. We have previously modified EAST-ADL to include energy constraints and transformed energy-aware real-time (ERT) behaviors modeled in EAST-ADL/Stateflow into UPPAAL models amenable to formal verification. Previous work is extended in this paper by including support for Simulink and an integration of Simulink/Stateflow (S/S) within the same too lchain. S/S models are transformed, based on the extended ERT constraints with probability parameters, into verifiable UPPAAL-SMC models and integrate the translation with formal statistical analysis techniques: Probabilistic extension of EAST-ADL constraints is defined as a semantics denotation. A set of mapping rules is proposed to facilitate the guarantee of translation. Formal analysis on both functional- and non-functional properties is performed using Simulink Design Verifier and UPPAAL-SMC. Our approach is demonstrated on the autonomous traffic sign recognition vehicle case study.

Software has emerged as a significant part of many domains, including financial service platforms, social networks and vehicle control. Standards organizations have responded to this by creating regulations to address issues such as safety and privacy. In this context, compliance of software with standards has emerged as a key issue. For software development organizations, compliance is a complex and costly goal to achieve and is often accomplished by producing so-called assurance cases, which demonstrate that the system indeed satisfies the property imposed by a standard (e.g., safety, privacy, security). As systems and standards undergo evolution for a variety of reasons, maintaining assurance cases multiplies the effort. In this work, we propose to exploit the connection between the field of model management and the problem of compliance management and propose methods that use model management techniques to address compliance scenarios such as assurance case evolution and reuse. For validation, we ground our approaches on the automotive domain and the ISO 26262 standard for functional safety of road vehicles.

Currently, the networking of everyday objects, socalled Internet of Things (IoT), such as vehicles and home automation environments is progressing rapidly. Formerly deployed as domain-specific solutions, the development is continuing to link different domains together to form a large heterogeneous IoT ecosystem. This development raises challenges in different fields such as scalability of billions of devices, interoperability across different IoT domains and the need of mobility support. The Information-Centric Networking (ICN) paradigm is a promising candidate to form a unified platform to connect different IoT domains together including infrastructure, wireless, and ad-hoc environments. This paper describes a vision of a harmonized architectural design providing dynamic access of data and services based on an ICN. Within the context of connected vehicles, the paper introduces requirements and challenges of the vision and contributes in open research directions in Information-Centric Networking.

The connection of automotive systems with other systems such as road-side units, other vehicles, and various servers in the Internet opens up new ways for attackers to remotely access safety relevant subsystems within connected cars. The security of connected cars and the whole vehicular ecosystem is thus of utmost importance for consumer trust and acceptance of this emerging technology. This paper describes an approach for on-board detection of unanticipated sequences of events in order to identify suspicious activities. The results show that this approach is fast enough for in-vehicle application at runtime. Several behavior models and synchronization strategies are analyzed in order to narrow down suspicious sequences of events to be sent in a privacy respecting way to a global security operations center for further in-depth analysis.

The importance and potential advantages with a comprehensive product architecture description are well described in the literature. However, developing such a description takes additional resources, and it is difficult to maintain consistency with evolving implementations. This paper presents an approach and industrial experience which is based on architecture recovery from source code at truck manufacturer Scania CV AB. The extracted representation of the architecture is presented in several views and verified on CAN signal level. Lessons learned are discussed.
 

In this paper, we propose SAFE (Security Aware FlexRay scheduling Engine), to provide a problem definition and a design framework for FlexRay static segment schedule to address the new challenge on security. From a high level specification of the application, the architecture and communication middleware are synthesized to satisfy security requirements, in addition to extensibility, costs, and end-to-end latencies. The proposed design process is applied to two industrial case studies consisting of a set of active safety functions and an X-by-wire system respectively.