Home Publications Research Grants Inventions & Patents Awards Additional Research Activities Faculties & Institutions Research Areas

Social Engineering Exploits in Automotive Software Security: Modeling Humantargeted Attacks with SAM

Bergler M, Tolvanen JP, Zoppelt M, Kolagari RT (2021)

---

Publication Type: Conference contribution

Publication year: 2021

Publisher: Research Publishing, Singapore

Pages Range: 2502-2509

Conference Proceedings Title: Proceedings of the 31st European Safety and Reliability Conference, ESREL 2021

Event location: Angers, FRA

ISBN: 9789811820168

DOI: 10.3850/978-981-18-2016-8_720-cd

Abstract

Security cannot be implemented into a system retrospectively without considerable effort, so security must be taken into consideration already at the beginning of the system development. The engineering of automotive software is by no means an exception to this rule. For addressing automotive security, the AUTOSAR and EAST-ADL standards for domain-specific system and component modeling provide the central foundation as a start. The EASTADL extension SAM enables fully integrated security modeling for traditional feature-targeted attacks. Due to the COVID-19 pandemic, the number of cyber-attacks has increased tremendously and of these, about 98 percent are based on social engineering attacks. These social engineering attacks exploit vulnerabilities in human behaviors, rather than vulnerabilities in a system, to inflict damage. And these social engineering attacks also play a relevant but nonetheless regularly neglected role for automotive software. The contribution of this paper is a novel modeling concept for social engineering attacks and their criticality assessment integrated into a general automotive software security modeling approach. This makes it possible to relate social engineering exploits with feature-related attacks. To elevate the practical usage, we implemented an integration of this concept into the established, domain-specific modeling tool MetaEdit+. The tool support enables collaboration between stakeholders, calculates vulnerability scores, and enables the specification of security objectives and measures to eliminate vulnerabilities.

Authors with CRIS profile

Involved external institutions

How to cite

APA:

Bergler, M., Tolvanen, J.P., Zoppelt, M., & Kolagari, R.T. (2021). Social Engineering Exploits in Automotive Software Security: Modeling Humantargeted Attacks with SAM. In Bruno Castanier, Marko Cepin, David Bigaud, Christophe Berenguer (Eds.), Proceedings of the 31st European Safety and Reliability Conference, ESREL 2021 (pp. 2502-2509). Angers, FRA: Research Publishing, Singapore.

MLA:

Bergler, Matthias, et al. "Social Engineering Exploits in Automotive Software Security: Modeling Humantargeted Attacks with SAM." Proceedings of the 31st European Safety and Reliability Conference, ESREL 2021, Angers, FRA Ed. Bruno Castanier, Marko Cepin, David Bigaud, Christophe Berenguer, Research Publishing, Singapore, 2021. 2502-2509.

BibTeX: Download