Using AUTOSAR High-Level Specifications for the Synthesis of Security Components in Automotive Systems

  • Cinzia BernardeschiEmail author
  • Gabriele Del Vigna
  • Marco Di Natale
  • Gianluca Dini
  • Dario Varano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9991)


The increasing complexity and autonomy of modern automotive systems, together with the safety-sensitive nature of many vehicle information flows require a careful analysis of the security requirements and adequate mechanisms for ensuring integrity and confidentiality of data. This is especially true for (semi-)autonomous vehicle systems, in which user intervention is limited or absent, and information must be trusted. This paper provides a proposal for the representation of high-level security properties in the specification of application components according to the AUTOSAR standard (AUTomotive Open System ARchitecture). An automatic generation of security components from security-annotated AUTOSAR specifications is also proposed. It provides for the automatic selection of the adequate security mechanisms based on a high-level specification, thus avoiding complex and error-prone manual encodings by the designer. These concepts and tools are applied to a paradigmatic example in order to show their simplicity and efficacy.


Security Modelling AUTOSAR 



This work has been developed under the framework of the European project SAFURE (Safety And Security By Design For Interconnected Mixed-Critical Cyber-Physical Systems) under grant agreement No. 644080.  Open image in new window


  1. 1.
    Martini, S., Di Baccio, D., Romero, F.A., Jiménez, A.V., Pallottino, L., Dini, G., Ollero, A.: Distributed motion misbehavior detection in teams of heterogeneous aerial robots. Robot. Auton. Syst. 74, 30–39 (2015)CrossRefGoogle Scholar
  2. 2.
    Caiti, A., Calabro, V., Dini, G., Duca, A.L., Munafo, A.: Secure cooperation of autonomous mobile sensors using an underwater acoustic network. Sensors 12(2), 1967–1989 (2012)CrossRefGoogle Scholar
  3. 3.
    Wyglinski, A.M., Huang, X., Padir, T., Lai, L., Eisenbarth, T.R., Venkatasubramanian, K.: Security of autonomous systems employing embedded computing, sensors. IEEE Micro 33(1), 80–86 (2013)CrossRefGoogle Scholar
  4. 4.
    Sangiovanni-Vincentelli, A., Di Natale, M.: Embedded system design for automotive applications. Computer 10, 42–51 (2007)CrossRefGoogle Scholar
  5. 5.
    Guizzo, E.: How Google’s self-driving car works. IEEE Spectr. Online 18 (2011)Google Scholar
  6. 6.
    Barari, A.: GM Promises Autonomus Vehicles by End of Decade, 17 October 2011.
  7. 7.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)Google Scholar
  8. 8.
    Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, San Francisco (2011)Google Scholar
  9. 9.
  10. 10.
    Di Natale, M., Sangiovanni-Vincentelli, A.: Moving from federated to integrated architectures in automotive: the role of standards, methods and tools. Proc. IEEE 98(4), 603–620 (2010)CrossRefGoogle Scholar
  11. 11.
    AUTOSAR. Specification of Safety Extensions: AUTOSAR Release 4.2.1Google Scholar
  12. 12.
    AUTOSAR. Specification of Security Extensions: AUTOSAR Release 4.2.1Google Scholar
  13. 13.
    Jürjens, J.: UMLsec: extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Jürjens, J.: Towards development of secure systems using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies, pp. 100–109. ACM (2003)Google Scholar
  16. 16.
    Saadatmand, M., Cicchetti, A., Sjödin, M.: On the need for extending marte with security concepts. In: International Workshop on Model Based Engineering for Embedded Systems Design (M-BED 2011) (2011)Google Scholar
  17. 17.
    UML MARTE – The UML Profile for MARTE: Modeling and Analysis of Real-Time and Embedded Systems.
  18. 18.
    AUTOSAR. AUTOSAR Specification of Module Secure Onboard Communication: AUTOSAR Release 4.2.2Google Scholar
  19. 19.
    AUTOSAR. AUTOSAR Specification of Crypto Abstraction Library: AUTOSAR Release 4.2.2Google Scholar
  20. 20.
    AUTOSAR. AUTOSAR Specification of Crypto Service Manager: AUTOSAR Release 4.2.2Google Scholar
  21. 21.
    EVITA. Deliverable D2.3: Security requirements for automotive on-board networks based on dark-side scenarios. EU FP7 Project No. 224275, E-safety vehicle intrusion protected applications (2009).

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Cinzia Bernardeschi
    • 1
    Email author
  • Gabriele Del Vigna
    • 1
  • Marco Di Natale
    • 2
  • Gianluca Dini
    • 1
  • Dario Varano
    • 1
  1. 1.Department of Information EngineeringUniversity of PisaPisaItaly
  2. 2.Scuola Superiore Sant’AnnaPisaItaly

Personalised recommendations