Formally Verified Software Update Management System in Automotive

Jaewan Seo, Jiwon Kwak, Seungjoo Kim (Korea University)

Through wireless networks, the number of cyberattacks on automotive systems is increasing. To respond to cyberattacks on automotive systems, the United Nations Economic Commission for Europe (UNECE) has enacted the UN Regulation series. Among them, UN R156 specifies the requirements that are necessary for the design and implementation of a software update management system (SUMS). However, the requirements of UN R156 are too abstract to develop the overall systems of SUMS. Therefore, we conducted threat modeling to obtain more specific security requirements than those specified in the UN R156. Based on the threat modeling, we proposed a secure SUMS architecture that meets specific security requirements. Finally, we formally verified whether our SUMS architecture logically meets the security requirements by Event-B.

Paper

Slides

Video

View More Papers

RCABench: Open Benchmarking Platform for Root Cause Analysis

Keisuke Nishimura, Yuichi Sugiyama, Yuki Koike, Masaya Motoda, Tomoya Kitagawa, Toshiki Takatera, Yuma Kurogome (Ricerca Security, Inc.)

VASP: V2X Application Spoofing Platform

Mohammad Raashid Ansari, Jonathan Petit, Jean-Philippe Monteuuis, Cong Chen (Qualcomm Technologies, Inc.)

Cryptographic Oracle-based Conditional Payments

Varun Madathil (North Carolina State University), Sri Aravinda Krishnan Thyagarajan (NTT Research), Dimitrios Vasilopoulos (IMDEA Software Institute), Lloyd Fournier (None), Giulio Malavolta (Max Planck Institute for Security and Privacy), Pedro Moreno-Sanchez (IMDEA Software Institute)

Non-Interactive Privacy-Preserving Sybil-Free Authentication Scheme in VANETs

Mahdi Akil (Karlstad University), Leonardo Martucci (Karlstad University), Jaap-Henk Hoepman (Radboud University)