Avoiding Vulnerabilities in Connected Cars a methodology for finding vulnerabilities

Examensarbete för masterexamen

Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.12380/238172
Download file(s):
File Description SizeFormat 
238172.pdfFulltext2.96 MBAdobe PDFView/Open
Type: Examensarbete för masterexamen
Master Thesis
Title: Avoiding Vulnerabilities in Connected Cars a methodology for finding vulnerabilities
Authors: Strandberg, Kim
Abstract: We have entered a new era where connectivity through Internet, everywhere and at all times is taken for granted. The development of cars has turned to a very advanced object with about 100 million lines of code and more than 100 electronic control units (ECUs) interconnected to control everything from steering, acceleration, brakes and other safety critical systems. One problem is that cars were never created with Internet connectivity in mind and adding this connectivity as an afterthought, raises a lot of security concerns. To the best of our knowledge, there exists no model or method suited for the vehicle industry which considers security analysis for the whole range from the start of the development to aftermarket release. Neither, have we been able to find any model or method which we consider suitable to use within the vehicle industry in a plain practical manner considering security evaluation and testing. Therefore, there is a need for a methodology which meets these requirements. This thesis assesses security considerations relating to potential vulnerabilities in vehicles and aims to introduce a method to find these vulnerabilities during development. This method is named PPDM (Predict-Prevent-Detect-Method) and is comprised of six phases, defined using state diagrams and pseudo code, with accompanied explanations. It covers the whole development cycle from idea to aftermarket security evaluation. By integrating PPDM into an industrial context, security can be considered in all development phases and also enabling method adaption to meet different situations. PPDM has been achieved by conducting research on various security models, security aspects and attacks. Attacks have been studied both theoretically and empirically. The empirical part is documented and suggested as usage to find vulnerabilities as part of PPDM. A validation of PPDM with a Target of Evaluation (TOE) is provided as Proof of Concept (POC), intended to demonstrate how PPDM can be used to find potential vulnerabilities. Keywords: automotive cyber security, vulnerability assessment, threat risk modelling, threat assessment, vehicle cyber attacks, exploratory testing, method integration, industrial integration, security models
Keywords: Data- och informationsvetenskap;Computer and Information Science
Issue Date: 2016
Publisher: Chalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)
Chalmers University of Technology / Department of Computer Science and Engineering (Chalmers)
URI: https://hdl.handle.net/20.500.12380/238172
Collection:Examensarbeten för masterexamen // Master Theses

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.