kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Validating vehicleLang, a domain-specific threat modelling language, from an attacker and industry perspective
KTH, School of Electrical Engineering and Computer Science (EECS).
2020 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Today’s vehicles are incredibly complex devices with vast networks of integratedelectronics and connectivity. This has led to improved safety, fuel efficiencyand comfort. However, with more electronics and connectivity comesan ever-increasing attack surface for adversaries to exploit. To help vehicle designersbetter understand the security risks and therefore reduce them, threatmodelling can be utilised. vehicleLang is a threat modelling language explicitlycreated for vehicles to model and simulate attacks to produce probabilisticattack graphs. An accompanying tool to vehicleLang called securiCADprovides a GUI to design and analyse vehicleLang models. This thesis analysesvehicleLang and securiCAD by modelling Scania vehicles and severalwell-known attacks, while also using insights gained from penetration testing.vehicleLang and securiCAD are found to be good proofs-of-concept but donot support the level of detail and features required to fully model the attacksurfaces in vehicles and be of use in a vehicle designers workflow. Thus thisthesis goes on to analyse and suggest features for vehicleLang and securiCADto achieve this.

Abstract [sv]

Dagens fordon är otroligt komplexa maskiner med omfattande nätverk av integreradeelektroniska komponenter och anslutningar. Detta har lett till förbättradsäkerhet, bränsleeffektivitet och komfort. Men med mer elektronik ochfler anslutningar följer en ständigt ökande attackyta för angripare att utnyttja.För att hjälpa fordonsdesigner att bättre förstå säkerhetsriskerna och därmedminska dem, kan man använda sig av hotmodellering. vehicleLang ärett hotmodelleringsspråk uttryckligen skapat för fordon för att modellera ochsimulera attacker så att probabilistiska attackgrafer kan framställas. Ett medföljandeverktyg till vehicleLang vid namn securiCAD erbjuder ett GUI föratt designa och analysera vehicleLangmodeller. Denna avhandling analyserarvehicleLang och securiCAD genom att modellera Scaniafordon och ett flertalvälkända attacker, samt genom insikter från penetrationstester. vehicleLangoch securiCAD visar sig vara bra konceptvalideringar, men stödjer inte dendetaljnivå och de funktioner som krävs för att fullt ut modellera attackytornai fordon och därmed vara användbara i en fordonsdesigners arbetsflöde. Därmedgår denna avhandling vidare med att analysera och föreslå funktioner föratt få vehicleLang och securiCAD att uppnå detta.

Place, publisher, year, edition, pages
2020. , p. 84
Series
TRITA-EECS-EX ; 2020:203
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-284244OAI: oai:DiVA.org:kth-284244DiVA, id: diva2:1477464
External cooperation
Scania
Supervisors
Examiners
Available from: 2020-10-19 Created: 2020-10-19 Last updated: 2022-06-25

Open Access in DiVA

fulltext(17254 kB)638 downloads
File information
File name FULLTEXT01.pdfFile size 17254 kBChecksum SHA-512
6ccb7a25787bf23398609d4c6d824b14c3aa1f77f259e616079e208c676afcb71e9742fc2f95a6ed0b639feede1e9bac34347fea4d21d187550fc95eab842dc7
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 638 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 469 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf