Vehicle Control Unit Security using Open Source AUTOSAR

Abstract

Security threats against software in cars could a ect the safety of the vehicle as the numbers of computers and advanced functionality in cars increase. This thesis report presents a case study where two variants of Microsoft's threat modeling technique STRIDE are applied to a limited part of the AUTOSAR platform. The two variants are performed separately and the outcomes are compared to evaluate which STRIDE variant performs better in an automotive environment by analyzing the false positives and true positives found. It was found that STRIDE-per-element was a better STRIDE variant for the purpose of the automotive domain. Moreover, the case study found that the SecOC module mitigates most of the spoo ng and tampering threats, and that the biggest group of remaining threats is denial of service or ooding of the CAN network.