The concordant vision of the future automotive landscape foresees vehicles that are always connected to infrastructure and Cloud services, and that are equipped with autonomous driving or advanced driver assistance systems. It is clear that in a similar scenario cybersecurity of modern and future vehicles is paramount. With connected autonomous vehicles the protection from external attack will be an essential requirement, motivated by the outstanding safety implications of an autonomous vehicles remotely controlled by an attacker or a malware. However, the automotive industry still lacks reliable and repeatable methods to assess the cybersecurity level of modern cars. This paper has a twofold contribution. First, it describes the ongoing effort of regulatory bodies within the European Union toward the definition of cybersecurity certification schemes. Second, it outlines the main requirements of a cybersecurity ranking approach that is suitable for certifying the security level of connected vehicles. Since improved cybersecurity guarantees will come at the expense of increased complexity and costs, the proposed ranking approach allows to assess whether the cybersecurity level is appropriate by considering the potential safety risks of a successful attack to the ranked system or subsystem.
Burzio G., Cordella G. F., Colajanni M., Marchetti M., Stabili D. (2018). Cybersecurity of Connected Autonomous Vehicles : A ranking based approach. Institute of Electrical and Electronics Engineers Inc. [10.23919/EETA.2018.8493180].
Cybersecurity of Connected Autonomous Vehicles : A ranking based approach
Colajanni M.;Marchetti M.;
2018
Abstract
The concordant vision of the future automotive landscape foresees vehicles that are always connected to infrastructure and Cloud services, and that are equipped with autonomous driving or advanced driver assistance systems. It is clear that in a similar scenario cybersecurity of modern and future vehicles is paramount. With connected autonomous vehicles the protection from external attack will be an essential requirement, motivated by the outstanding safety implications of an autonomous vehicles remotely controlled by an attacker or a malware. However, the automotive industry still lacks reliable and repeatable methods to assess the cybersecurity level of modern cars. This paper has a twofold contribution. First, it describes the ongoing effort of regulatory bodies within the European Union toward the definition of cybersecurity certification schemes. Second, it outlines the main requirements of a cybersecurity ranking approach that is suitable for certifying the security level of connected vehicles. Since improved cybersecurity guarantees will come at the expense of increased complexity and costs, the proposed ranking approach allows to assess whether the cybersecurity level is appropriate by considering the potential safety risks of a successful attack to the ranked system or subsystem.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
