Avoiding Vulnerabilities in Connected Cars a methodology for finding vulnerabilities

Visa enkel post
dc.contributor.authorStrandberg, Kim
dc.contributor.departmentChalmers tekniska högskola / Institutionen för data- och informationsteknik (Chalmers)sv
dc.contributor.departmentChalmers University of Technology / Department of Computer Science and Engineering (Chalmers)en
dc.date.accessioned2019-07-03T13:55:16Z
dc.date.available2019-07-03T13:55:16Z
dc.date.issued2016
dc.description.abstractWe have entered a new era where connectivity through Internet, everywhere and at all times is taken for granted. The development of cars has turned to a very advanced object with about 100 million lines of code and more than 100 electronic control units (ECUs) interconnected to control everything from steering, acceleration, brakes and other safety critical systems. One problem is that cars were never created with Internet connectivity in mind and adding this connectivity as an afterthought, raises a lot of security concerns. To the best of our knowledge, there exists no model or method suited for the vehicle industry which considers security analysis for the whole range from the start of the development to aftermarket release. Neither, have we been able to find any model or method which we consider suitable to use within the vehicle industry in a plain practical manner considering security evaluation and testing. Therefore, there is a need for a methodology which meets these requirements. This thesis assesses security considerations relating to potential vulnerabilities in vehicles and aims to introduce a method to find these vulnerabilities during development. This method is named PPDM (Predict-Prevent-Detect-Method) and is comprised of six phases, defined using state diagrams and pseudo code, with accompanied explanations. It covers the whole development cycle from idea to aftermarket security evaluation. By integrating PPDM into an industrial context, security can be considered in all development phases and also enabling method adaption to meet different situations. PPDM has been achieved by conducting research on various security models, security aspects and attacks. Attacks have been studied both theoretically and empirically. The empirical part is documented and suggested as usage to find vulnerabilities as part of PPDM. A validation of PPDM with a Target of Evaluation (TOE) is provided as Proof of Concept (POC), intended to demonstrate how PPDM can be used to find potential vulnerabilities. Keywords: automotive cyber security, vulnerability assessment, threat risk modelling, threat assessment, vehicle cyber attacks, exploratory testing, method integration, industrial integration, security models
dc.identifier.urihttps://hdl.handle.net/20.500.12380/238172
dc.language.isoeng
dc.setspec.uppsokTechnology
dc.subjectData- och informationsvetenskap
dc.subjectComputer and Information Science
dc.titleAvoiding Vulnerabilities in Connected Cars a methodology for finding vulnerabilities
dc.type.degreeExamensarbete för masterexamensv
dc.type.degreeMaster Thesisen
dc.type.uppsokH
local.programmeComputer systems and networks (MPCSN), MSc
Ladda ner
Original bundle
Visar 1 - 1 av 1
Bild (thumbnail)
Namn:
238172.pdf
Storlek:
2.89 MB
Format:
Adobe Portable Document Format
Beskrivning:
Fulltext
Ladda ner
Samling
Examensarbeten för masterexamen