Skip to main content
SpringerLink
Log in

HAZOP-Based Security Analysis for Embedded Systems: Case Study of Open Source Immobilizer Protocol Stack

  • Chapter
  • First Online:
Recent Advances in Systems Safety and Security

Part of the book series: Studies in Systems, Decision and Control ((SSDC,volume 62))

Abstract

Nowadays, with the introduction of network connectivity both inside and outside modern vehicles, researchers have identified that the system is actually fragile if an attacker could locate any security vulnerabilities of the system. Although security analysis techniques prospered in the industry, still a general, compatible, and effective one remains uncertain. This chapter aims to transplant the safety analysis technique HAZard and OPerability studies (HAZOP) into an appropriate security analysis technique. By conducting a case study of security analysis for Open Source Immobilizer Protocol Stack, we demonstrate the usability of the proposed technique and discusses results of the analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Charette, R.N.: This car runs on code. IEEE Spectr. http://spectrum.ieee.org/transportation/systems/this-car-runs-on-code (2009). Cited 8 Dec 2015

  2. IEC 61508 Edition 2.0.: Functional safety of electrical/electronic/programmable electronic safety-related systems, part 1–8. Int. Electrotechnical Comm. (2010). http://www.iec.ch/functionalsafety/standards/page2.htm. Cited 8 Dec 2015

  3. ISO.: 26262 Road vehicles-Functional safety–part 1–9. ISO (2011). http://www.iso.org/iso/catalogue_detail?csnumber=43464. Cited 8 Dec 2015

  4. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S: Experimental security analysis of a modern automobile. CAESS (2010). http://www.autosec.org/pubs/cars-oakland2010.pdf. Cited 8 Dec 2015

  5. Brooks, R.R., Sander, S., Deng, Juan, Taiber, Joachim: Automobile security concerns, challenges and state of the art of automotive system security. Veh. Technol. Mag. IEEE. 4(2), 52–64 (2009)

    Article  Google Scholar 

  6. Atmel.: Open source immobilizer protocol stack. Atmel (2015). http://www.atmel.com/tools/OPENSOURCEIMMOBILIZERPROTOCOLSTACK.aspx. Cited 8 Dec 2015

  7. Tillich, S,, Wjcik, M.: Security analysis of an open car immobilizer protocol stack. Cryptology ePrint Arch. (2012). https://eprint.iacr.org/2012/617.pdf. Cited 8 Dec 2015

  8. Pumfrey, D.J.: The principled design of computer system safety analyses. University of York, Department of Compurter Science (1999). https://www.cs.york.ac.uk/ftpdir/reports/2000/YCST/05/YCST-2000-05.pdf. Cited 8 Dec 2015

  9. Leveson, G.L.: Safeware: system safety and computers. Addison Wesley Prof. (1995)

    Google Scholar 

  10. Dobbing, B., Lautieri, S.: SafSec: integration of safety & security certification, safsec methodology: guidance material. Intell. Syst. ALTRAN Syst. (2006). http://intelligent-systems.altran.com/fileadmin/medias/0.commons/documents/Technology_documents/SafSec_Methodology_Guidance_Material_pdf.pdf. Cited 8 Dec 2015

  11. Dobbing, B., Lautieri, S.: SafSec: integration of safety & security certification, safsec methodology: standard. Intell. Syst/ALTRAN Syst. (2006). http://intelligent-systems.altran.com/fileadmin/medias/0.commons/documents/Technology_documents/SafSec_Methodology_Standard_Material_pdf.pdf. Cited 8 Dec 2015

  12. Intelligent Systems/ALTRAN Systems.: SafSec: integration of safety & security certification. Intell. Syst/ALTRAN Syst. (2006). http://intelligent-systems.altran.com/en/technologies/security/safsec.html. Cited 8 Dec 2015

  13. Young, W.E., Jr.: STPA-SEC for cyber security mission assurance. Eng Syst. Div. Syst. Eng. Res. Lab. (2014). http://psas.scripts.mit.edu/home/wp-content/uploads/2014/03/Young_STAMP_2014_As-delivered.pdf. Cited 8 Dec 2015

  14. Raspotnig, C.: Requirements for safe and secure information systems. Department of Information Science and Media Studies, University of Bergen (2014). http://www.uib.no/sites/w3.uib.no/files/attachments/phd_thesis_christian_raspotnig_0.pdf. Cited 8 Dec 2015

  15. Howard, J.D., Longstaff, T.A.: A common language for computer security incidents. Sandia Natl. Laboratories (1998). http://cyberunited.com/wp-content/uploads/2013/03/A-Common-Language-for-Computer-Security-Incidents.pdf. Cited 8 Dec 2015

Download references

Author information

Authors and Affiliations

  1. Nagoya University, Furo-Cho, Chikusa-Ku, Nagoya, Aichi, Japan

    Jingxuan Wei, Yutaka Matsubara & Hiroaki Takada

Authors
  1. Jingxuan Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yutaka Matsubara
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hiroaki Takada
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jingxuan Wei .

Editor information

Editors and Affiliations

  1. Dept Automatic Ctrl, Comp & Electronics, Petroleum-Gas University of PloieÅŸti, Ploiesti, Romania

    Emil Pricop

  2. University Politehnica of Bucharest, Bucharest, Romania

    Grigore Stamatescu

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Wei, J., Matsubara, Y., Takada, H. (2016). HAZOP-Based Security Analysis for Embedded Systems: Case Study of Open Source Immobilizer Protocol Stack. In: Pricop, E., Stamatescu, G. (eds) Recent Advances in Systems Safety and Security. Studies in Systems, Decision and Control, vol 62. Springer, Cham. https://doi.org/10.1007/978-3-319-32525-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-32525-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-32523-1

  • Online ISBN: 978-3-319-32525-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation