ABSTRACT
The draft version of ISO 21434 demands, among others, the verification of the car architecture with respect to the enforcement of the security goals. We present a distinct definition of integrity as a system property as well as a formal modeling and analysis approach to verify integrity in a given architecture. Thereby, we discuss the idea of integrity levels as well as security measure levels as metrics to represent a functions worthiness of protection and the reduction of risk, respectively. We present how the beneficence of security measures may be ranked for gaining the global security measure levels. We assign those levels to the system parts and interpret integrity as a global information flow problem. Formal properties enforce the relation between the integrity levels of a function and the assigned security measure level as well as between the communication links and the receiver functions. The relation between communication functions and functions in the same unit of isolation are enforced to follow the policy of no command-up.
- Jason Andress. 2014. The basics of information security: understanding the fundamentals of lnfoSec in theory and practice. Syngress.Google Scholar
- A. Avižienis, J. C. Laprie, B. Randell, and C. Landwehr. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transactions on Dependable and Secure Computing 1, 1 (2004), 11--33. https://doi.org/10.1109/TDSC.2004.2Google ScholarDigital Library
- D. Elliott Bell and Leonard J. LaPadula. 1976. Secure Computer System: Unified Exposition and Multics Interpretation:. Mitre Corporation. https://doi.org/10.21236/ADA023588Google Scholar
- K. J. Biba. 1977. MTR-3153: Integrity Considerations for Secure Computer Systems.Google Scholar
- David FC Brewer and Michael J Nash. 1989. The chinese wall security policy. In Proceedings. 1989 IEEE Symposium on Security and Privacy. IEEE, 206-214.Google ScholarCross Ref
- David D Clark and David R Wilson. 1987. A comparison of commercial and military computer security policies. In 1987 IEEE Symposium on Security and Privacy. IEEE, 184-184.Google ScholarCross Ref
- ISO. 2018. ISO 26262:2018 Road vehicles - Functional safety.Google Scholar
- ISO. 2019. ISO 21434:2019 (draft) Road vehicles - Cybersecurity engineering.Google Scholar
- ISO/IEC. 2018. ISO/IEC 27000:2018 Information technology - Security techniques - Information security management systems - Overview and vocabulary.Google Scholar
- Tobias Jordan. 2018. How hardware security modules enable AUTOSAR. Website. https://www.embedded.com/design/safety-and-security/4460819/How-hardware-security-modules-enable-AUTOSAR; accessed 2019-05-25.Google Scholar
- Leslie Lamport, Robert Shostak, and Marshall Pease. 1982. The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems (TOPLAS) 4, 3 (1982), 382--401.Google ScholarDigital Library
- M. Müter and F. C. Freiling. 2010. Model-Based Security Evaluation of Vehicular Networking Architectures. In 2010 Ninth International Conference on Networks. 185--193. https://doi.org/10.1109/ICN.2010.38Google ScholarDigital Library
- SAE International. 2016. J3061 - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems.Google Scholar
- E. Totel, J. Blanquart, Y. Deswarte, and D. Powell. 1998. Supporting multiple levels of criticality. In Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224). 70--79. https://doi.org/10.1109/FTCS.1998.689456Google ScholarCross Ref
Recommendations
A practical alternative to domain and type enforcement integrity formal models
Inscrypt'06: Proceedings of the Second SKLOIS conference on Information Security and CryptologyMuch secure system policy development uses the DTE (Domain and Type Enforcement) model, but the DTE model cannot explicitly provide the security goals of the policy. The invariants of the only based-DTE integrity protection formal model are too complex ...
Permanent protection of information systems with method of automated security and integrity control
SIN '10: Proceedings of the 3rd international conference on Security of information and networksInformation security is very important nowadays. Every IT system needs protection mechanisms for stability and safety of work. To solve this task, there are proposed a variety of security-providing solutions, but most of them are very expensive and non-...
Securing the Integrity of Workflows in IoT
EWSN ’18: Proceedings of the 2018 International Conference on Embedded Wireless Systems and NetworksIn a multi-tenant, self-configuring IoT system, entities -- devices, services or "things" -- might know each other or might be complete strangers. The different owners will probably have different security goals and will want to impose their own ...
Comments