Abstract
This paper offers a stochastic model and a combined analysis of safety and security of the e-Motor, an ASIL D (ISO 26262) compliant device designed for use with AUTOSAR CAN bus.
The paper argues that in the absence of credible data on the likelihood and payload of cyber attacks on newly developed devices a sensible approach would be to separate the concerns: (i) the payloads that may affect the device’s safety can be identified using standard hazard analysis techniques; (ii) the difficulty with the parameterization of a stochastic model can be alleviated by applying sensitivity analysis for a plausible range of model parameter values.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ASIL-D is the highest safety integrity level defined in ISO 26262 and requires the highest degree of rigor in development.
- 2.
This attack type was missed in the initial safety analysis.
- 3.
For all probabilities lower that 10−4 the relative confidence in the particular number was lower than 10 %. Thus, for small probabilities (including values of 0) the numbers should be treated as statistically insignificant.
References
Zetter, K.: Countdown to Zero Day: Stuxnet and the Lunch of the World’s First Digital Weapon. Crown Publishers, New York (2014)
Kriaa, S., Bouissou, M., Pietre-Cambacedes, L.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 7th International Conference on Risk and Security of Internet and Systems (CRiSIS). IEEE, Ireland (2012)
Ford, M.D., et al.: Implementing the ADVISE security modeling formalism in Möbius. In: The 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Budapest (2013)
Wang, L., et al.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)
Ten, C.-W., Liu, C.-C., Manimaran, G.: Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Syst. 23(4), 1836–1846 (2008)
Netkachov, O., Popov, P.T., Salako, K.: Model-based evaluation of the resilience of critical infrastructures under cyber attacks. In: The 9th International Conference on Critical Information Infrastructures Security (CRITIS). Springer, Limassol (2014)
Taleb, N.N.: The Black Swan: The Impact of the Highly Improbable, p. 394. Penguin, UK (2008)
SESAMO: Use Case Specification (Deliverable D1.2), SESAMO Consortium, p. 105 (2013)
SESAMO: E-motor (2014). http://sesamo-project.eu/content/e-motor
Marshall, A.W., Olkin, I.: A generalised bivariate exponential distribution. J. Appl. Probab. 4, 291–302 (1967)
SESAMO: Integration of Safety and Security Analysis and Assessment Techniques (Deliverable D3.3), SESAMO Consortium, p. 250 (2013)
Ammann, P.E., Knight, J.C.: Data diversity: an approach to software fault tolerance. IEEE Trans. Comput. C-37(4), 418–425 (1988)
Bondavalli, A., et al.: Modelling the effects of input correlation in iterative software. Reliab. Eng. Syst. Saf. 57(3), 189–202 (1997)
Popov, P., Manno, G.: The effect of correlated failure rates on reliability of continuous time 1-out-of-2 software. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 1–14. Springer, Heidelberg (2011)
Acknowledgement
The work was supported by the Artemis JU SESAMO project (grant agreement number 295354). The author would like to thank the anonymous reviewers and Dr Kizito Salako for their thorough reviews of earlier drafts of the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Popov, P.T. (2015). Stochastic Modeling of Safety and Security of the e-Motor, an ASIL-D Device. In: Koornneef, F., van Gulijk, C. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2014. Lecture Notes in Computer Science(), vol 9337. Springer, Cham. https://doi.org/10.1007/978-3-319-24255-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-24255-2_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24254-5
Online ISBN: 978-3-319-24255-2
eBook Packages: Computer ScienceComputer Science (R0)