We propose a holistic methodology for designing automotivesystems that consider security a central concern at every design stage.During the concept design, we model the system architecture and definethe security attributes of its components. We perform threat analysis onthe system model to identify structural security issues. From that analysis,we derive attack trees that define recipes describing steps to successfullyattack the system's assets and propose threat prevention measures.The attack tree allows us to derive a verification and validation (V&V)plan, which prioritizes the testing effort. In particular, we advocate usinglearning for testing approaches for the black-box components. It consistsof inferring a finite state model of the black-box component from its executiontraces. This model can then be used to generate new relevanttests, model check it against requirements, and compare two differentimplementations of the same protocol. We illustrate the methodologywith an automotive infotainment system example. Using the advocated approach, we could also document unexpected and potentially criticalbehavior in our example systems.
翻译:我们提出了设计汽车系统的整体方法,该方法将安全视为每个设计阶段的核心关切。在概念设计期间,我们以系统结构为模型,并界定其组成部分的安全属性。我们对系统模型进行威胁分析,以确定结构安全问题。从分析中,我们从攻击树中确定描述成功攻击系统资产的步骤的配方,并提出威胁预防措施。攻击树使我们得以得出核查和验证(V&V)计划,确定测试工作的优先顺序。特别是,我们提倡使用学习方法测试黑盒组件。它包括从执行轨迹中推断黑盒组件的有限状态模型。然后,该模型可用于产生新的相关测试,模型对照要求进行检查,并比较同一协议的两种不同的执行方法。我们用汽车信息系统举例来说明这一方法。我们使用所倡导的方法,还可以在我们的示例系统中记录出乎预料的和潜在的关键行为。</s>
相关内容
微信扫码咨询专知VIP会员