Share Catalogue

Storico ricerche

Pubblicazioni (Istanze)

Vai a Persone/Opere

Home / (Tutto) >> ???629.272???

Info

Utilizzare la checkbox di selezione a fianco di ciascun documento per attivare le funzionalità di stampa, invio email, download nei formati disponibili del (i) record.

Info

Utilizzare questo link per rimuovere la selezione effettuata.

Export / Download (0)

Esporta in PDF
Esporta in Excel
Esporta in HTML
Esporta in MARC (binario)
Esporta in MARC XML
Esporta in MARC (testo)
Invia tramite E-Mail

Biblioteca

Univ. Federico II (12)
Univ. del Salento (1)

Tutto
+

MARC Lista (tabellare)

Seleziona tutti

Advanced Microsystems for Automotive Applications 2013 [[electronic resource] ] : Smart Systems for Safe and Green Vehicles / / edited by Jan Fischer-Wolfarth, Gereon Meyer

Cham : , : Springer International Publishing : , : Imprint : Springer, , 2013

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Automotive E/E reliability : strategies for keeping pace in a feature-rich world / / by John Day

Day John <1944->

Warrendale, Pa. (400 Commonwealth Dr., Wallendale PA USA) : , : Society of Automotive Engineers, , c2012

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

AutoSec'20 : proceedings of the Second ACM Workshop on Automotive and Aerial Vehicle Security : March 18, 2020, New Orleans, LA, USA / / program chairs, Qi Alfred Chen, Ziming Zhao and Gail-Joon Ahn

New York : , : Association for Computing Machinery, , 2020

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Building secure cars : assuring the automotive software development lifecycle / / Dennis Kengo Oka

Oka Dennis Kengo

Hoboken, New Jersey : , : Wiley, , [2021]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Building secure cars : assuring the automotive software development lifecycle / / Dennis Kengo Oka

Oka Dennis Kengo

Hoboken, New Jersey : , : Wiley, , [2021]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Cybersecurity for commercial vehicles / / Gloria D'Anna

D'Anna Gloria D.

Warrendale, Pennsylvania : , : SAE International, , [2018]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Cybersecurity for commercial vehicles / / Gloria D'Anna

D'Anna Gloria D.

Warrendale, Pennsylvania : , : SAE International, , [2018]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

DIVANet '16 : proceedings of the 6th ACM Symposium on Development and Analysis of Intelligent Vehicular Networks and Applications : November 13-17, 2016, Malta / / Association for Computing Machinery

New York, New York : , : Association for Computing Machinery, , 2016

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Efficient and provably secure schemes for vehicular ad-hoc networks / / Ikram Ali [and three others]

ʻAlī Ikrām

Singapore : , : Springer, , [2022]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

Intelligent system solutions for auto mobility and beyond : advanced microsystems for automotive applications 2020 ; online from Berlin, Germany, May 26-27, 2020 / / editors, Carolin Zachäus, Gereon Meyer

Cham, Switzerland : , : Springer, , [2021]

Materiale a stampa

Lo trovi qui: Univ. Federico II

Opac:

Controlla la disponibilità qui

1 2

Autore (Ente)

Autore (Convegno)

Opere

Altro...

Pubbl/distr/stampa

Altro...

Lingua di pubblicazione

Inglese (13)

Data

Data di pubblicazione

2021 (4)
2012 (2)
2018 (2)
2011 (1)
2013 (1)
2014 (1)
2016 (1)
2020 (1)
2022 (1)

Soggetto (Persona)

Soggetto (Ente)

Soggetto (Convegno)

Soggetto geografico

Soggetto topico

Automotive computers (3)
Computer security (3)
Automotive telematics - Security measures (2)
Data protection (2)
Motor vehicles - Electronic equipment (2)

Altro...

Edizione	[1st ed. 2013.]
Pubbl/distr/stampa	Cham : , : Springer International Publishing : , : Imprint : Springer, , 2013
Descrizione fisica	1 online resource (397 p.)
Disciplina	629.2 629.2/72 629.272
Collana	Lecture Notes in Mobility
Soggetto topico	Automotive engineering Mechatronics Transportation Electronic circuits Nanotechnology Automotive Engineering Circuits and Systems Nanotechnology and Microengineering
ISBN	3-319-00476-X
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Driver Assistance and Road Safety -- Networked Vehicles -- Electrified Vehicles -- Energy Efficiency -- Components & Systems.
Record Nr.	UNINA-9910437763603321

Autore	Day John <1944->
Pubbl/distr/stampa	Warrendale, Pa. (400 Commonwealth Dr., Wallendale PA USA) : , : Society of Automotive Engineers, , c2012
Descrizione fisica	1 online resource (xii, 69 pages) : illustrations
Disciplina	629.272
Collana	Society of Automotive Engineers. Electronic publications.
Soggetto topico	Automobiles - Electric equipment - Reliability
ISBN	0-7680-8882-8
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Automotive E/E drivers -- Growing market demand for automotive E/E components and systems -- Improving vehicle reliability -- Changing "metal benders" mindset -- Components and connectors -- The automotive E/E design chain -- Defining and managing application requirements -- Simulation and verification tools and techniques -- Collaborative efforts -- Automotive E/E industry standards -- Looking ahead.
Record Nr.	UNINA-9910438322803321

Autore	D'Anna Gloria D.
Edizione	[1st ed.]
Pubbl/distr/stampa	Warrendale, Pennsylvania : , : SAE International, , [2018]
Descrizione fisica	1 PDF (xix, 293 pages) : color illustrations
Disciplina	629.272
Collana	Cybersecurity series
Soggetto topico	Computer security Data protection
ISBN	1-5231-4044-5 0-7680-9258-2 0-7680-9540-9
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Foreword to the Reader xix -- CHAPTER 1 What Do You Mean by Commercial Vehicles and How Did We Happen on This Path of Cybersecurity? / by Gloria D'Anna 1 -- 1.1 I'm an Engineer and a Strategist 1 -- 1.2 Panel Discussion: Cybersecurity Risks and Policies for Transportation 3 -- 1.3 How Do We Define Commercial Vehicles for This Book? 4 -- 1.4 What I Love about the Cybersecurity World 5 -- 1.5 So, Who Should Read This Book? 6 -- 1.6 And Why You? Why Gloria? 6 -- 1.7 The Contributing Writers 7 -- 1.7.1 Chapter 2: Should We Be Paranoid? / by Doug Britton 7 -- 1.7.2 Chapter 3: What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? / by Lisa Boran and Xin Ye 8 -- 1.7.3 Chapter 4: Commercial Vehicles vs. Automotive Cybersecurity: Commonalities and Differences / by Andrâe Weimerskirch, Steffen Becker, and Bill Haas 9 -- 1.7.4 Chapter 5: Engineering for Vehicle Cybersecurity / by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters 9 -- 1.7.5 Chapter 6: “When Trucks Stop, America Stops” 11 -- 1.7.6 Chapter 7: On the Digital Forensics of Heavy Truck Electronic Control Modules / by James Johnson, Jeremy Daily, and Andrew Kongs 12 -- 1.7.6.1 Comments on How We Are All Connected 12 -- 1.7.6.2 IoT: The Internet of Things 13 -- 1.7.7 Chapter 8: Telematics Cybersecurity and Governance / by Glenn Atkinson 14 -- 1.7.8 Chapter 9: The Promise of Michigan: Secure Mobility / by Karl Heimer 14 -- 1.7.9 Chapter 10: How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles / by Lee Slezak and Christopher Michelbacher 14 -- 1.7.10 Chapter 11: CALSTART's Cyber Mission: HTUF REDUX / by Michael Ippoliti 14 -- 1.7.11 Chapter 12: Characterizing Cyber Systems / by Jennifer Guild 15 -- 1.7.12 Chapter 13: “...No, We Should Be Prepared” / by Joe Saunders and Lisa Silverman 15 -- 1.7.13 Chapter 14: Heavy Vehicle Cyber Security Bulletin 15 -- 1.7.14 Chapter 15: Law, Policy, Cybersecurity, and Data Privacy Issues / by Simon Hartley 15 -- 1.7.15 Chapter 16: Do You Care What Time It Really Is? A Cybersecurity Look Into Our Dependency on GPS / by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott 16 -- 1.7.16 Chapter 17: Looking Towards the Future / by Gloria D'Anna 16 References 18 About the Author 19 CHAPTER 2 Should We Be Paranoid? by Doug Britton 21 -- 2.1 Why Is Cyber So Hard to De-risk? 21 -- 2.2 A Primer on Hacker Economics and Tactics 22 -- 2.2.1 Income Statement 22 -- 2.2.2 Balance Sheet 23 -- 2.2.3 Economic Analysis 24 -- 2.2.4 What about Nation-States? 25 -- 2.2.5 Steps in a Successful Cyber Attack 26 -- 2.2.6 Industrialization of the Attack 26 -- 2.3 Hacker Enterprises and Assets Associated with Commercial Trucking 28 -- 2.3.1 Exploitation Research 28 -- 2.3.2 Asset Development 29 -- 2.3.3 Distribution Development 30 -- 2.4 Potential Cyber Effects in Transportation 30 About the Author 32 CHAPTER 3 What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? by Lisa Boran and Xin Ye 35 -- 3.1 Background 35 -- 3.2 Standards and Information 36 -- 3.3 SAE/ISO Cybersecurity Standard Development 37 -- 3.3.1 Secure Design 38 -- 3.3.2 Organizational Structure 41 -- 3.4 Conclusions 43 About the Authors 44 CHAPTER 4 Commercial Vehicle vs. Automotive Cybersecurity: Commonalities and Differences by Andrâe Weimerskirch, Steffen Becker, and Bill Hass 47 -- 4.1 Introduction 47 -- 4.2 Background 48 -- 4.3 The Automotive and Commercial Vehicle Environment 50 -- 4.3.1 Supply Chain 50 -- 4.3.2 In-Vehicle Network Architecture and Communication 51 -- 4.3.3 Telematics 51 -- 4.3.4 Maintenance and Diagnostics 52 -- 4.3.5 Emerging Technologies 52 -- 4.4 Vehicle Threats and the Cyber Attacker 53 -- 4.4.1 An Evolving Threat Model 53 -- 4.4.2 The Adversary 55 -- 4.4.3 Offensive Techniques 55 -- 4.5 Cybersecurity Approaches and Solutions 58 -- 4.5.1 Legacy Vehicles 58 -- 4.5.2 Network Architectures and Separation 58 -- 4.5.3 Secure On-Board Communication 58 -- 4.5.4 Secure Computing Platform 59 -- 4.5.5 Anomaly Monitoring 60 -- 4.5.6 Security Operations Center 60 -- 4.5.7 Secure Firmware Over the Air 61 -- 4.6 Gaps and Conclusions 61 References 62 About the Authors 64 CHAPTER 5 Engineering for Vehicle Cybersecurity by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters 67 -- 5.1 Introduction 67 -- 5.2 Introduction to Cyber-Physical Systems Security 71 -- 5.3 Systems Engineering Perspective to Cyber-Physical Security 72 -- 5.3.1 Areas of Concern 72 -- 5.3.1.1 Electronic and Physical Security 72 -- 5.3.1.2 Information Assurance and Data Security 72 -- 5.3.1.3 Asset Management and Access Control 74 -- 5.3.1.4 Life Cycle and Diminishing Manufacturing Sources and Material Shortages (DMSMS) 75 -- 5.3.1.5 Anti-Counterfeit and Supply Chain Risk Management 75 -- 5.3.1.6 Software Assurance and Application Security 76 -- 5.3.1.7 Forensics, Prognostics, and Recovery Plans 76 -- 5.3.1.8 Track and Trace 77 -- 5.3.1.9 Anti-Malicious and Anti-Tamper 77 -- 5.3.1.10 Information Sharing and Reporting 78 -- 5.3.2 Systems Engineering Modeling 80 -- 5.3.3 Verification and Validation 87 -- 5.4 Conclusions and Recommended Next Steps 88 References 91 About the Authors 95 CHAPTER 6 “When Trucks Stop, America Stops” 99 The Food Industry 100 Healthcare 100 Transportation 101 Waste Removal 102 The Retail Sector 103 Manufacturing 103 Banking & Finance 104 Other Effects 104 Conclusion 105 Case Study: The Effect of Border Delays on Auto Manufacturers Following September 11th 105 A Timeline Showing the Deterioration of Major Industries Following a Truck Stoppage 106 CHAPTER 7 On the Digital Forensics of Heavy Truck Electronic Control Modules by James Johnson, Jeremy Daily, and Andrew Kongs 109 -- 7.1 Introduction 110 -- 7.1.1 Motivation 111 -- 7.1.2 Paper Organization 111 -- 7.2 Digital Forensic Concepts 111 -- 7.2.1 Data Integrity 112 -- 7.2.2 Meaning of the Digital Data from ECMs 113 -- 7.2.2.1 Standards-Based Meaning 113 -- 7.2.2.2 Proprietary Meaning 115 -- 7.2.2.3 Daily Engine Usage from DDEC Reports 116 -- 7.2.3 Error Detection and Mitigation 118 -- 7.2.4 Establishing Transparency and Trust 119 -- 7.2.4.1 Baseline of Trust 119 -- 7.2.4.2 ECM Time Stamps 124 -- 7.2.4.3 Current Strategies to Establish Transparency and Trust 127 -- 7.3 Recommendations for Digital Evidence Extraction from Heavy Vehicles 127 -- 7.3.1 Sensor Simulators 128 -- 7.3.2 Write Blockers 129 -- 7.3.3 Authentication Algorithms 129 -- 7.3.4 Forensic Replay Mechanism 132 -- 7.3.5 Journal Preservation 133 -- 7.3.6 Chip Level Forensics 133 -- 7.3.7 Beyond Crash Reconstruction 134 -- 7.4 Summary/Conclusions 135 Definitions/Abbreviations 136 References 136 Contact Information 138 Acknowledgments 138 A. Appendix 139 About the Author 140 CHAPTER 8 Telematics Cybersecurity and Governance by Glenn Atkinson 143 -- 8.1 Background: Author 143 -- 8.2 Collaboration 144 -- 8.2.1 And So My Journey Begins 146 -- 8.2.2 Classic Electro-Hydraulic-Mechanical Vehicle 147 -- 8.3 Connected Vehicles 147 -- 8.4 Everything Was Coming and Going Along So Well.... 148 -- 8.4.1 Anonymity on the Internet 149 -- 8.5 The Geotab Story: Building a Telematics Platform Resilient to Cyber Threats 151 -- 8.6 Telematics Security: Vehicle to Server via Cellular Communication 152 -- 8.6.1 Cybersecurity Best Practices 152 -- 8.6.2 Secrets 152 -- 8.6.3 Authentication 152 -- 8.7 Cloning of Devices 153 -- 8.8 Eavesdropping 153 -- 8.9 Keep Embedded Code Secure 153 -- 8.10 Enable Hardware Code Protection 153 -- 8.11 Segregation 154 -- 8.12 Disable Debug Features 154 -- 8.12.1 Security Validation 154 About the Author 157 CHAPTER 9 The Promise of Michigan: Secure Mobility by Karl Heimer 159 -- 9.1 Governor's Foreword for “The Promise of Michigan” 159 -- 9.2 Introduction 160 -- 9.3 The Cyber Strategy 162 -- 9.4 Laws and Policies 163 -- 9.5 Capability Development 163 -- 9.5.1 TARDEC-MDOT I-69 Platooning Exercise 164 -- 9.5.2 American Center for Mobility 167 -- 9.5.3 Michigan Civilian Cyber Corps 170 -- 9.6 Michigan-Based Education and Training 171 -- 9.7 Conclusion 173 About the Author 175 CHAPTER 10 How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles by Lee Slezak and Christopher Michelbacher 177 About the Authors 184 CHAPTER 11 CALSTART's Cyber Mission: HTUF REDUX by Michael Ippoliti 187 References 190 About the Authors 191 CHAPTER 12 Characterizing Cyber Systems by Jennifer Guild 193 -- 12.1 Introduction 193 -- 12.2 Assessment Models 194 -- 12.2.1 Flaw Models 194 -- 12.2.2 Countermeasure Models 196 -- 12.2.3 Vulnerability Models 197 -- 12.2.4 Threat Models 198 -- 12.2.5 Probability Models 200 -- 12.2.6 Attack Vector Models 201 -- 12.2.7 Impact Models 202 -- 12.2.8 Risk Models 203 -- 12.3 Assessment Methodology 205 -- 12.3.1 Stages 205 -- 12.3.1.1 Initial Exposure to a Cyber System 205 -- 12.3.1.2 System Familiarization 207 -- 12.3.1.3 Assessment 208 -- 12.3.1.4 Data Correlation 208 -- 12.4 Conclusions 208 References 209 About the Author 210 CHAPTER 13 “...No, We Should Be Prepared” by Joe Saunders and Lisa Silverman 213 -- 13.1 Introduction 213 -- 13.2 What Makes the Rolling Computers You Call a Fleet Vulnerable? 214 -- 13.3 The State of the Threat 216 -- 13.4 Recommendations to Prepare Fleet Managers 218 -- 13.4.1 Protecting Telematics Platform 218 -- 13.4.2 Monitor for Malicious “J1939” Messages 219 -- 13.4.3 Install Intrusion Detection System Across the Fleet 219 -- 13.4.4 Protect Software on ECUs 219 -- 13.4.5 Share Exploits with the Industry 220 -- 13.4.6 Periodically Conduct Penetration Tests 220 -- 13.5 Future Considerations to Advance Preparation Levels 220 References 221 -- 13A.1 Appendix A: Runtime Application Self-Protection Examples 222 -- 13B.1 Appendix B: J1939 Overview 223 -- 13C.1 Appendix C: Preventing Malicious Messages on the CAN Bus 224 -- 13C.1.1 The Problem 224 -- 13C.1.2 The Entry Point 224 -- 13C.1.3 The Solution 225 About the Authors 227 CHAPTER 14 Heavy Vehicle Cyber Security Bulletin 229 Develop a CyberSecurity Program 230 Protect Your Networks 230 Protect Your Vehicles 231 Incident Response Plan 231 Educate 232 Credits and Acknowledgements 233 Disclaimers 233 Trademarks 233 CHAPTER 15 Law, Policy, Cybersecurity, and Data Privacy Issues by Simon Hartley 235 Executive Summary 235 Publication Note 236 -- 15.1 Introduction 236 -- 15.1.1 Physical Safety 236 -- 15.1.2 Accident Statistics and Human Error 236 -- 15.1.3 Vehicle Hardware Improvements 236 -- 15.1.4 Vehicles Become Data Centers on Wheels 237 -- 15.1.5 Rise of Connectivity, Automation, and Public Concerns 237 -- 15.1.6 Commercial Vehicle Fleets and Telematics 238 -- 15.1.7 Gating Issue of Cyber Safety and Industry Tipping Point 239 -- 15.2 The Promise of Software, Connectivity, and Automation 239 -- 15.2.1 Fuel Efficiency and Clean Air 240 -- 15.2.2 Routing and Parking Efficiency 240 -- 15.2.3 Usage-Based Insurance (UBI) 240 -- 15.2.4 Accident Investigation 241 -- 15.2.5 Towards an Automated, Sharing, and Smart City Future 241 -- 15.3 Risk of Vehicle Cyberattack 241 -- 15.3.1 Vehicle Attack Surfaces 241 -- 15.3.2 A Brief History of Vehicle Hacks 242 -- 15.3.3 Internet-of-Things (IoT) Hacks 243 -- 15.3.4 The Issue of Legacy Vehicles, Updating and Recalls 243 -- 15.3.5 The Issue of End-to-End Hardening and Long Supply Chains 244 -- 15.4 Potential Harms Due to Vehicle Cyberattack 245 -- 15.4.1 Distracted Driving 245 -- 15.4.2 Distributed Denial of Service (DDoS) and Ransomware 245 -- 15.4.3 Property Damage, Bodily Injury, and Death 246 -- 15.4.4 Debilitation of Critical Transport Infrastructure 246 -- 15.4.5 Data Privacy 247 -- 15.5 Law and Policy 248 -- 15.5.1 Brief Review of Government and Industry Reactions to Car Hacking 248 -- 15.5.1.1 Pre-2015 - Proactive Research and Development (R&D) 248 -- 15.5.1.2 -- 2015 - Senate Warnings, Auto Information Sharing and Analysis Center (ISAC) 248 -- 15.5.1.3 -- 2016 - FBI, DoT, NHTSA, FTC Warnings, and Multiple Standards 249 -- 15.5.1.4 Post 2017 - New SPY Car Act and More Inclusive Auto-ISAC 250 -- 15.5.1.5 Innovation and Regulation 251 -- 15.5.2 Existing Cybersecurity and Data Privacy Standards 251 -- 15.5.3 A European Point of View 252 -- 15.6 Mitigating Risks and Balancing Interests 252 -- 15.6.1 Proposed Engineering Emphases 253 -- 15.6.1.1 (1) Systematically Running Pen Tests with Independent Testers 253 -- 15.6.1.2 (2) Over-the-Air (OTA) Updating for “Forgotten” Quarter Billion Vehicles 254 -- 15.6.1.3 (3) Reduce Attack Surface Across Supply Chain, Mitigating Weak Links 254 -- 15.6.2 Legal and Cyberinsurance 255 -- 15.7 Conclusions 255 References 255 About the Author 267 CHAPTER 16 Do You Care What Time It Really Is? A Cybersecurity Look into Our Dependency on GPS by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott 269 -- 16.1 Background 269 -- 16.2 How Do Commercial Fleets Use GPS Today? 270 -- 16.3 How Could GPS Vulnerabilities Affect Fleet Vehicles? 271 -- 16.3.1 GPS Jamming Scenario 271 -- 16.3.2 GPS Spoofing Scenario 272 -- 16.4 Solutions, Recommendations, and Best Practices 273 -- 16.5 Key Takeaways 273 References 274 About the Authors 275 CHAPTER 17 Looking Towards the Future by Gloria D'Anna 279 -- 17.1 I'm a Blade Runner Fan 279 -- 17.2 Setting Standards 280 -- 17.3 Automotive ISAC 280 -- 17.4 The Systems of a Commercial Vehicle Continue to Get More Complicated 283 -- 17.5 The Good News 283 -- 17.6 Telematics 284 -- 17.7 Cybersecurity as an Enabler for New Technologies 284 -- 17.8 Department of Energy Work on Cybersecurity for Vehicles 285 -- 17.9 Commercial Truck Platooning 285 -- 17.10So, Why Is Platooning Such a Big Deal? 286 -- 17.11 So What Have We Learned from This Book? 288 -- 17.12 And Then, Something Happened 288 -- 17.13 SAE World Congress 2017 289 -- 17.14's We Go To Press 290 -- References 291 -- About the Author 293
Record Nr.	UNINA-9910793254603321

Autore	D'Anna Gloria D.
Edizione	[1st ed.]
Pubbl/distr/stampa	Warrendale, Pennsylvania : , : SAE International, , [2018]
Descrizione fisica	1 PDF (xix, 293 pages) : color illustrations
Disciplina	629.272
Collana	Cybersecurity series
Soggetto topico	Computer security Data protection
ISBN	1-5231-4044-5 0-7680-9258-2 0-7680-9540-9
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Foreword to the Reader xix -- CHAPTER 1 What Do You Mean by Commercial Vehicles and How Did We Happen on This Path of Cybersecurity? / by Gloria D'Anna 1 -- 1.1 I'm an Engineer and a Strategist 1 -- 1.2 Panel Discussion: Cybersecurity Risks and Policies for Transportation 3 -- 1.3 How Do We Define Commercial Vehicles for This Book? 4 -- 1.4 What I Love about the Cybersecurity World 5 -- 1.5 So, Who Should Read This Book? 6 -- 1.6 And Why You? Why Gloria? 6 -- 1.7 The Contributing Writers 7 -- 1.7.1 Chapter 2: Should We Be Paranoid? / by Doug Britton 7 -- 1.7.2 Chapter 3: What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? / by Lisa Boran and Xin Ye 8 -- 1.7.3 Chapter 4: Commercial Vehicles vs. Automotive Cybersecurity: Commonalities and Differences / by Andrâe Weimerskirch, Steffen Becker, and Bill Haas 9 -- 1.7.4 Chapter 5: Engineering for Vehicle Cybersecurity / by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters 9 -- 1.7.5 Chapter 6: “When Trucks Stop, America Stops” 11 -- 1.7.6 Chapter 7: On the Digital Forensics of Heavy Truck Electronic Control Modules / by James Johnson, Jeremy Daily, and Andrew Kongs 12 -- 1.7.6.1 Comments on How We Are All Connected 12 -- 1.7.6.2 IoT: The Internet of Things 13 -- 1.7.7 Chapter 8: Telematics Cybersecurity and Governance / by Glenn Atkinson 14 -- 1.7.8 Chapter 9: The Promise of Michigan: Secure Mobility / by Karl Heimer 14 -- 1.7.9 Chapter 10: How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles / by Lee Slezak and Christopher Michelbacher 14 -- 1.7.10 Chapter 11: CALSTART's Cyber Mission: HTUF REDUX / by Michael Ippoliti 14 -- 1.7.11 Chapter 12: Characterizing Cyber Systems / by Jennifer Guild 15 -- 1.7.12 Chapter 13: “...No, We Should Be Prepared” / by Joe Saunders and Lisa Silverman 15 -- 1.7.13 Chapter 14: Heavy Vehicle Cyber Security Bulletin 15 -- 1.7.14 Chapter 15: Law, Policy, Cybersecurity, and Data Privacy Issues / by Simon Hartley 15 -- 1.7.15 Chapter 16: Do You Care What Time It Really Is? A Cybersecurity Look Into Our Dependency on GPS / by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott 16 -- 1.7.16 Chapter 17: Looking Towards the Future / by Gloria D'Anna 16 References 18 About the Author 19 CHAPTER 2 Should We Be Paranoid? by Doug Britton 21 -- 2.1 Why Is Cyber So Hard to De-risk? 21 -- 2.2 A Primer on Hacker Economics and Tactics 22 -- 2.2.1 Income Statement 22 -- 2.2.2 Balance Sheet 23 -- 2.2.3 Economic Analysis 24 -- 2.2.4 What about Nation-States? 25 -- 2.2.5 Steps in a Successful Cyber Attack 26 -- 2.2.6 Industrialization of the Attack 26 -- 2.3 Hacker Enterprises and Assets Associated with Commercial Trucking 28 -- 2.3.1 Exploitation Research 28 -- 2.3.2 Asset Development 29 -- 2.3.3 Distribution Development 30 -- 2.4 Potential Cyber Effects in Transportation 30 About the Author 32 CHAPTER 3 What Cybersecurity Standard Work Is Applicable to Commercial Vehicles? by Lisa Boran and Xin Ye 35 -- 3.1 Background 35 -- 3.2 Standards and Information 36 -- 3.3 SAE/ISO Cybersecurity Standard Development 37 -- 3.3.1 Secure Design 38 -- 3.3.2 Organizational Structure 41 -- 3.4 Conclusions 43 About the Authors 44 CHAPTER 4 Commercial Vehicle vs. Automotive Cybersecurity: Commonalities and Differences by Andrâe Weimerskirch, Steffen Becker, and Bill Hass 47 -- 4.1 Introduction 47 -- 4.2 Background 48 -- 4.3 The Automotive and Commercial Vehicle Environment 50 -- 4.3.1 Supply Chain 50 -- 4.3.2 In-Vehicle Network Architecture and Communication 51 -- 4.3.3 Telematics 51 -- 4.3.4 Maintenance and Diagnostics 52 -- 4.3.5 Emerging Technologies 52 -- 4.4 Vehicle Threats and the Cyber Attacker 53 -- 4.4.1 An Evolving Threat Model 53 -- 4.4.2 The Adversary 55 -- 4.4.3 Offensive Techniques 55 -- 4.5 Cybersecurity Approaches and Solutions 58 -- 4.5.1 Legacy Vehicles 58 -- 4.5.2 Network Architectures and Separation 58 -- 4.5.3 Secure On-Board Communication 58 -- 4.5.4 Secure Computing Platform 59 -- 4.5.5 Anomaly Monitoring 60 -- 4.5.6 Security Operations Center 60 -- 4.5.7 Secure Firmware Over the Air 61 -- 4.6 Gaps and Conclusions 61 References 62 About the Authors 64 CHAPTER 5 Engineering for Vehicle Cybersecurity by Daniel DiMase, Zachary A. Collier, John A. Chandy, Bronn Pav, Kenneth Heffner, and Steve Walters 67 -- 5.1 Introduction 67 -- 5.2 Introduction to Cyber-Physical Systems Security 71 -- 5.3 Systems Engineering Perspective to Cyber-Physical Security 72 -- 5.3.1 Areas of Concern 72 -- 5.3.1.1 Electronic and Physical Security 72 -- 5.3.1.2 Information Assurance and Data Security 72 -- 5.3.1.3 Asset Management and Access Control 74 -- 5.3.1.4 Life Cycle and Diminishing Manufacturing Sources and Material Shortages (DMSMS) 75 -- 5.3.1.5 Anti-Counterfeit and Supply Chain Risk Management 75 -- 5.3.1.6 Software Assurance and Application Security 76 -- 5.3.1.7 Forensics, Prognostics, and Recovery Plans 76 -- 5.3.1.8 Track and Trace 77 -- 5.3.1.9 Anti-Malicious and Anti-Tamper 77 -- 5.3.1.10 Information Sharing and Reporting 78 -- 5.3.2 Systems Engineering Modeling 80 -- 5.3.3 Verification and Validation 87 -- 5.4 Conclusions and Recommended Next Steps 88 References 91 About the Authors 95 CHAPTER 6 “When Trucks Stop, America Stops” 99 The Food Industry 100 Healthcare 100 Transportation 101 Waste Removal 102 The Retail Sector 103 Manufacturing 103 Banking & Finance 104 Other Effects 104 Conclusion 105 Case Study: The Effect of Border Delays on Auto Manufacturers Following September 11th 105 A Timeline Showing the Deterioration of Major Industries Following a Truck Stoppage 106 CHAPTER 7 On the Digital Forensics of Heavy Truck Electronic Control Modules by James Johnson, Jeremy Daily, and Andrew Kongs 109 -- 7.1 Introduction 110 -- 7.1.1 Motivation 111 -- 7.1.2 Paper Organization 111 -- 7.2 Digital Forensic Concepts 111 -- 7.2.1 Data Integrity 112 -- 7.2.2 Meaning of the Digital Data from ECMs 113 -- 7.2.2.1 Standards-Based Meaning 113 -- 7.2.2.2 Proprietary Meaning 115 -- 7.2.2.3 Daily Engine Usage from DDEC Reports 116 -- 7.2.3 Error Detection and Mitigation 118 -- 7.2.4 Establishing Transparency and Trust 119 -- 7.2.4.1 Baseline of Trust 119 -- 7.2.4.2 ECM Time Stamps 124 -- 7.2.4.3 Current Strategies to Establish Transparency and Trust 127 -- 7.3 Recommendations for Digital Evidence Extraction from Heavy Vehicles 127 -- 7.3.1 Sensor Simulators 128 -- 7.3.2 Write Blockers 129 -- 7.3.3 Authentication Algorithms 129 -- 7.3.4 Forensic Replay Mechanism 132 -- 7.3.5 Journal Preservation 133 -- 7.3.6 Chip Level Forensics 133 -- 7.3.7 Beyond Crash Reconstruction 134 -- 7.4 Summary/Conclusions 135 Definitions/Abbreviations 136 References 136 Contact Information 138 Acknowledgments 138 A. Appendix 139 About the Author 140 CHAPTER 8 Telematics Cybersecurity and Governance by Glenn Atkinson 143 -- 8.1 Background: Author 143 -- 8.2 Collaboration 144 -- 8.2.1 And So My Journey Begins 146 -- 8.2.2 Classic Electro-Hydraulic-Mechanical Vehicle 147 -- 8.3 Connected Vehicles 147 -- 8.4 Everything Was Coming and Going Along So Well.... 148 -- 8.4.1 Anonymity on the Internet 149 -- 8.5 The Geotab Story: Building a Telematics Platform Resilient to Cyber Threats 151 -- 8.6 Telematics Security: Vehicle to Server via Cellular Communication 152 -- 8.6.1 Cybersecurity Best Practices 152 -- 8.6.2 Secrets 152 -- 8.6.3 Authentication 152 -- 8.7 Cloning of Devices 153 -- 8.8 Eavesdropping 153 -- 8.9 Keep Embedded Code Secure 153 -- 8.10 Enable Hardware Code Protection 153 -- 8.11 Segregation 154 -- 8.12 Disable Debug Features 154 -- 8.12.1 Security Validation 154 About the Author 157 CHAPTER 9 The Promise of Michigan: Secure Mobility by Karl Heimer 159 -- 9.1 Governor's Foreword for “The Promise of Michigan” 159 -- 9.2 Introduction 160 -- 9.3 The Cyber Strategy 162 -- 9.4 Laws and Policies 163 -- 9.5 Capability Development 163 -- 9.5.1 TARDEC-MDOT I-69 Platooning Exercise 164 -- 9.5.2 American Center for Mobility 167 -- 9.5.3 Michigan Civilian Cyber Corps 170 -- 9.6 Michigan-Based Education and Training 171 -- 9.7 Conclusion 173 About the Author 175 CHAPTER 10 How the Truck Turned Your Television Off and Stole Your Money: Cybersecurity Threats from Grid-Connected Commercial Vehicles by Lee Slezak and Christopher Michelbacher 177 About the Authors 184 CHAPTER 11 CALSTART's Cyber Mission: HTUF REDUX by Michael Ippoliti 187 References 190 About the Authors 191 CHAPTER 12 Characterizing Cyber Systems by Jennifer Guild 193 -- 12.1 Introduction 193 -- 12.2 Assessment Models 194 -- 12.2.1 Flaw Models 194 -- 12.2.2 Countermeasure Models 196 -- 12.2.3 Vulnerability Models 197 -- 12.2.4 Threat Models 198 -- 12.2.5 Probability Models 200 -- 12.2.6 Attack Vector Models 201 -- 12.2.7 Impact Models 202 -- 12.2.8 Risk Models 203 -- 12.3 Assessment Methodology 205 -- 12.3.1 Stages 205 -- 12.3.1.1 Initial Exposure to a Cyber System 205 -- 12.3.1.2 System Familiarization 207 -- 12.3.1.3 Assessment 208 -- 12.3.1.4 Data Correlation 208 -- 12.4 Conclusions 208 References 209 About the Author 210 CHAPTER 13 “...No, We Should Be Prepared” by Joe Saunders and Lisa Silverman 213 -- 13.1 Introduction 213 -- 13.2 What Makes the Rolling Computers You Call a Fleet Vulnerable? 214 -- 13.3 The State of the Threat 216 -- 13.4 Recommendations to Prepare Fleet Managers 218 -- 13.4.1 Protecting Telematics Platform 218 -- 13.4.2 Monitor for Malicious “J1939” Messages 219 -- 13.4.3 Install Intrusion Detection System Across the Fleet 219 -- 13.4.4 Protect Software on ECUs 219 -- 13.4.5 Share Exploits with the Industry 220 -- 13.4.6 Periodically Conduct Penetration Tests 220 -- 13.5 Future Considerations to Advance Preparation Levels 220 References 221 -- 13A.1 Appendix A: Runtime Application Self-Protection Examples 222 -- 13B.1 Appendix B: J1939 Overview 223 -- 13C.1 Appendix C: Preventing Malicious Messages on the CAN Bus 224 -- 13C.1.1 The Problem 224 -- 13C.1.2 The Entry Point 224 -- 13C.1.3 The Solution 225 About the Authors 227 CHAPTER 14 Heavy Vehicle Cyber Security Bulletin 229 Develop a CyberSecurity Program 230 Protect Your Networks 230 Protect Your Vehicles 231 Incident Response Plan 231 Educate 232 Credits and Acknowledgements 233 Disclaimers 233 Trademarks 233 CHAPTER 15 Law, Policy, Cybersecurity, and Data Privacy Issues by Simon Hartley 235 Executive Summary 235 Publication Note 236 -- 15.1 Introduction 236 -- 15.1.1 Physical Safety 236 -- 15.1.2 Accident Statistics and Human Error 236 -- 15.1.3 Vehicle Hardware Improvements 236 -- 15.1.4 Vehicles Become Data Centers on Wheels 237 -- 15.1.5 Rise of Connectivity, Automation, and Public Concerns 237 -- 15.1.6 Commercial Vehicle Fleets and Telematics 238 -- 15.1.7 Gating Issue of Cyber Safety and Industry Tipping Point 239 -- 15.2 The Promise of Software, Connectivity, and Automation 239 -- 15.2.1 Fuel Efficiency and Clean Air 240 -- 15.2.2 Routing and Parking Efficiency 240 -- 15.2.3 Usage-Based Insurance (UBI) 240 -- 15.2.4 Accident Investigation 241 -- 15.2.5 Towards an Automated, Sharing, and Smart City Future 241 -- 15.3 Risk of Vehicle Cyberattack 241 -- 15.3.1 Vehicle Attack Surfaces 241 -- 15.3.2 A Brief History of Vehicle Hacks 242 -- 15.3.3 Internet-of-Things (IoT) Hacks 243 -- 15.3.4 The Issue of Legacy Vehicles, Updating and Recalls 243 -- 15.3.5 The Issue of End-to-End Hardening and Long Supply Chains 244 -- 15.4 Potential Harms Due to Vehicle Cyberattack 245 -- 15.4.1 Distracted Driving 245 -- 15.4.2 Distributed Denial of Service (DDoS) and Ransomware 245 -- 15.4.3 Property Damage, Bodily Injury, and Death 246 -- 15.4.4 Debilitation of Critical Transport Infrastructure 246 -- 15.4.5 Data Privacy 247 -- 15.5 Law and Policy 248 -- 15.5.1 Brief Review of Government and Industry Reactions to Car Hacking 248 -- 15.5.1.1 Pre-2015 - Proactive Research and Development (R&D) 248 -- 15.5.1.2 -- 2015 - Senate Warnings, Auto Information Sharing and Analysis Center (ISAC) 248 -- 15.5.1.3 -- 2016 - FBI, DoT, NHTSA, FTC Warnings, and Multiple Standards 249 -- 15.5.1.4 Post 2017 - New SPY Car Act and More Inclusive Auto-ISAC 250 -- 15.5.1.5 Innovation and Regulation 251 -- 15.5.2 Existing Cybersecurity and Data Privacy Standards 251 -- 15.5.3 A European Point of View 252 -- 15.6 Mitigating Risks and Balancing Interests 252 -- 15.6.1 Proposed Engineering Emphases 253 -- 15.6.1.1 (1) Systematically Running Pen Tests with Independent Testers 253 -- 15.6.1.2 (2) Over-the-Air (OTA) Updating for “Forgotten” Quarter Billion Vehicles 254 -- 15.6.1.3 (3) Reduce Attack Surface Across Supply Chain, Mitigating Weak Links 254 -- 15.6.2 Legal and Cyberinsurance 255 -- 15.7 Conclusions 255 References 255 About the Author 267 CHAPTER 16 Do You Care What Time It Really Is? A Cybersecurity Look into Our Dependency on GPS by Gerardo Trevino, Marisa Ramon, Daniel Zajac, and Cameron Mott 269 -- 16.1 Background 269 -- 16.2 How Do Commercial Fleets Use GPS Today? 270 -- 16.3 How Could GPS Vulnerabilities Affect Fleet Vehicles? 271 -- 16.3.1 GPS Jamming Scenario 271 -- 16.3.2 GPS Spoofing Scenario 272 -- 16.4 Solutions, Recommendations, and Best Practices 273 -- 16.5 Key Takeaways 273 References 274 About the Authors 275 CHAPTER 17 Looking Towards the Future by Gloria D'Anna 279 -- 17.1 I'm a Blade Runner Fan 279 -- 17.2 Setting Standards 280 -- 17.3 Automotive ISAC 280 -- 17.4 The Systems of a Commercial Vehicle Continue to Get More Complicated 283 -- 17.5 The Good News 283 -- 17.6 Telematics 284 -- 17.7 Cybersecurity as an Enabler for New Technologies 284 -- 17.8 Department of Energy Work on Cybersecurity for Vehicles 285 -- 17.9 Commercial Truck Platooning 285 -- 17.10So, Why Is Platooning Such a Big Deal? 286 -- 17.11 So What Have We Learned from This Book? 288 -- 17.12 And Then, Something Happened 288 -- 17.13 SAE World Congress 2017 289 -- 17.14's We Go To Press 290 -- References 291 -- About the Author 293
Record Nr.	UNINA-9910810051903321

Edizione	[1st edition 2021.]
Pubbl/distr/stampa	Cham, Switzerland : , : Springer, , [2021]
Descrizione fisica	1 online resource (XI, 270 p.) : 144 illus., 122 illus. in color
Disciplina	629.272
Collana	Lecture Notes in Mobility
Soggetto topico	Automated vehicles Smart automobile Automotive computers
ISBN	3-030-65871-6
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Part I- Smart Sensors, Connectivity & Intelligence -- Vehicle Localization using Infrastructure Sensing -- Alternative Technologies for V2I Communication -- Application of Artificial Intelligence Techniques for the Creation of Novel Services based on Connected Vehicles -- Part II - Safety, Security & Validation -- Validation and Verification Procedure for Automated Driving Functions using the Example of the TrustVehicle Project -- Advancing the Design of Fail-Operational Architectures, Communication Modules, Electronic Components, and Systems for Future Autonomous/Automated Vehicles -- Ongoing Cybersecurity and Safety Standardization Activities related to Highly Auto-mated/Autonomous Vehicles -- Enabling Trust for Advanced Semiconductor Solutions based on Physical Layout Verification -- Part III- Intelligent Mobility Systems -- CPS Road Network Scenarios analysed for Dependability and Standardization -- Design and Evaluation of Cooperative Automated Bus Lines -- Sustainable Shared Mobility interconnected with Public Transport in European Rural Areas -- Autonomous Vehicle Shuttle in Smart City Testbed -- Part IV- Human Factors -- How are Eye Tracking Patterns in Takeover Situations related to Complexity, Takeover Quality and Cognitive Model Predictions? -- Automatic Detection and Prediction of the Transition between the Behavioural States of a Subject through a Wearable CPS.
Record Nr.	UNINA-9910484263103321

Pubbl/distr/stampa	New York : , : Association for Computing Machinery, , 2020
Descrizione fisica	1 online resource (84 pages) : illustrations
Disciplina	629.272
Collana	ACM conferences
Soggetto topico	Automotive computers - Security measures Computer security Drone aircraft - Security measures Vehicular ad hoc networks (Computer networks) - Security measures
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Record Nr.	UNINA-9910412320503321

Pubbl/distr/stampa	New York, New York : , : Association for Computing Machinery, , 2016
Descrizione fisica	1 online resource (140 pages)
Disciplina	629.272
Soggetto topico	Automotive computers
ISBN	1-4503-4506-9
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Altri titoli varianti	International Workshop on Smart Cities 2016 Proceedings of the 2nd International Workshop on Smart
Record Nr.	UNINA-9910376442203321

Autore	Oka Dennis Kengo
Pubbl/distr/stampa	Hoboken, New Jersey : , : Wiley, , [2021]
Descrizione fisica	1 online resource (xiii, 304 pages) : illustrations
Disciplina	629.272
Soggetto topico	Automotive telematics - Security measures
ISBN	1-119-71077-4 1-119-71078-2 1-119-71076-6
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Cover -- Title Page -- Copyright -- Contents -- Preface -- About the Author -- Chapter 1 Overview of the Current State of Cybersecurity in the Automotive Industry -- 1.1 Cybersecurity Standards, Guidelines, and Activities -- 1.2 Process Changes, Organizational Changes, and New Solutions -- 1.3 Results from a Survey on Cybersecurity Practices in the Automotive Industry -- 1.3.1 Survey Methods -- 1.3.2 Report Results -- 1.3.2.1 Organizational Challenges -- 1.3.2.2 Technical Challenges -- 1.3.2.3 Product Development and Security Testing Challenges -- 1.3.2.4 Supply Chain and Third‐Party Components Challenges -- 1.3.3 How to Address the Challenges -- 1.3.3.1 Organizational Takeaways -- 1.3.3.2 Technical Takeaways -- 1.3.3.3 Product Development and Security Testing Takeaways -- 1.3.3.4 Supply Chain and Third‐Party Components Takeaways -- 1.3.3.5 Getting Started -- 1.3.3.6 Practical Examples of Organizations Who Have Started -- 1.3.3.7 -- 1.4 Examples of Vulnerabilities in the Automotive Industry -- 1.5 Chapter Summary -- References -- Chapter 2 Introduction to Security in the Automotive Software Development Lifecycle -- 2.1 V‐Model Software Development Process -- 2.2 Challenges in Automotive Software Development -- 2.3 Security Solutions at each Step in the V‐Model -- 2.3.1 Cybersecurity Requirements Review -- 2.3.2 Security Design Review -- 2.3.3 Threat Analysis and Risk Assessment -- 2.3.4 Source Code Review -- 2.3.5 Static Code Analysis -- 2.3.6 Software Composition Analysis -- 2.3.7 Security Functional Testing -- 2.3.8 Vulnerability Scanning -- 2.3.9 Fuzz Testing -- 2.3.10 Penetration Testing -- 2.3.11 Incident Response and Updates -- 2.3.12 Continuous Cybersecurity Activities -- 2.3.13 Overall Cybersecurity Management -- 2.4 New Technical Challenges -- 2.5 Chapter Summary -- References -- Chapter 3 Automotive‐Grade Secure Hardware. 3.1 Need for Automotive Secure Hardware -- 3.2 Different Types of HSMs -- 3.3 Root of Trust: Security Features Provided by Automotive HSM -- 3.3.1 Secure Boot -- 3.3.2 Secure In‐Vehicle Communication -- 3.3.3 Secure Host Flashing -- 3.3.4 Secure Debug Access -- 3.3.5 Secure Logging -- 3.4 Chapter Summary -- References -- Chapter 4 Need for Automated Security Solutions in the Automotive Software Development Lifecycle -- 4.1 Main Challenges in the Automotive Industry -- 4.2 Automated Security Solutions During the Product Development Phases -- 4.2.1 Static Code Analysis -- 4.2.2 Software Composition Analysis -- 4.2.3 Security Testing -- 4.2.4 Automation and Traceability During Software Development -- 4.3 Solutions During Operations and Maintenance Phases -- 4.3.1 Cybersecurity Monitoring, Vulnerability Management, Incident Response, and OTA Updates -- 4.4 Chapter Summary -- References -- Chapter 5 Static Code Analysis for Automotive Software -- 5.1 Introduction to MISRA and AUTOSAR Coding Guidelines -- 5.2 Problem Statement: MISRA and AUTOSAR Challenges -- 5.3 Solution: Workflow for Code Segmentation, Guideline Policies, and Deviation Management -- 5.3.1 Step 1: Segment the Codebase into Different Categories/Components Based on Risk -- 5.3.2 Step 2: Specify Guideline Policies (Set of Guidelines to Apply) Depending on Risk Categories -- 5.3.3 Step 3: Perform the Scan and Plan the Approach for Prioritization of Findings -- 5.3.4 Step 4: Prioritize Findings Based on the Risk Categories and Guideline Policies and Determine How to Handle Each Finding, e.g. Fix or Leave as Deviation -- 5.3.5 Step 5: Follow a Defined Deviation Management Process, Including Approval Steps -- 5.3.6 Step 6: Report on MISRA or AUTOSAR Coding Guidelines Compliance Including Deviations -- 5.4 Chapter Summary -- References. Chapter 6 Software Composition Analysis in the Automotive Industry -- 6.1 Software Composition Analysis: Benefits and Usage Scenarios -- 6.2 Problem Statement: Analysis of Automotive Software Open‐Source Software Risks -- 6.2.1 Analysis Results -- 6.2.1.1 zlib -- 6.2.1.2 libpng -- 6.2.1.3 OpenSSL -- 6.2.1.4 curl -- 6.2.1.5 Linux Kernel -- 6.2.2 Discussion -- 6.3 Solution: Countermeasures on Process and Technical Levels -- 6.3.1 Fully Inventory Open‐Source Software -- 6.3.2 Use Appropriate Software Composition Analysis Approaches -- 6.3.3 Map Open‐Source Software to Known Security Vulnerabilities -- 6.3.4 Identify License, Quality, and Security Risks -- 6.3.5 Create and Enforce Open‐Source Software Risk Policies -- 6.3.6 Continuously Monitor for New Security Threats and Vulnerabilities -- 6.3.7 Define and Follow Processes for Addressing Vulnerabilities in Open‐Source Software -- 6.3.8 How to Get Started -- 6.4 Chapter Summary -- References -- Chapter 7 Overview of Automotive Security Testing Approaches -- 7.1 Practical Security Testing -- 7.1.1 Security Functional Testing -- 7.1.2 Vulnerability Scanning -- 7.1.3 Fuzz Testing -- 7.1.4 Penetration Testing -- 7.2 Frameworks for Security Testing -- 7.3 Focus on Fuzz Testing -- 7.3.1 Fuzz Engine -- 7.3.2 Injector -- 7.3.3 Monitor -- 7.4 Chapter Summary -- References -- Chapter 8 Automating Fuzz Testing of In‐Vehicle Systems by Integrating with Automotive Test Tools -- 8.1 Overview of HIL Systems -- 8.2 Problem Statement: SUT Requires External Input and Monitoring -- 8.3 Solution: Integrating Fuzz Testing Tools with HIL Systems -- 8.3.1 White‐Box Approach for Fuzz Testing Using HIL System -- 8.3.1.1 Example Test Setup Using an Engine ECU -- 8.3.1.2 Fuzz Testing Setup for the Engine ECU -- 8.3.1.3 Fuzz Testing Setup Considerations -- 8.3.2 Black‐Box Approach for Fuzz Testing Using HIL System. 8.3.2.1 Example Target System Setup Using Engine and Body Control Modules -- 8.3.2.2 Fuzz Testing Setup Using Duplicate Engine and Body Control Modules -- 8.3.2.3 Fuzz Testing Setup Considerations -- 8.4 Chapter Summary -- References -- Chapter 9 Improving Fuzz Testing Coverage by Using Agent Instrumentation -- 9.1 Introduction to Agent Instrumentation -- 9.2 Problem Statement: Undetectable Vulnerabilities -- 9.2.1 Memory Leaks -- 9.2.2 Core Dumps and Zombie Processes -- 9.2.3 Considerations for Addressing Undetectable Vulnerabilities -- 9.3 Solution: Using Agents to Detect Undetectable Vulnerabilities -- 9.3.1 Overview of the Test Environment -- 9.3.2 Modes of Operation -- 9.3.2.1 Synchronous Mode -- 9.3.2.2 Asynchronous Mode -- 9.3.2.3 Hybrid Approach -- 9.3.3 Examples of Agents -- 9.3.3.1 AgentCoreDump -- 9.3.3.2 AgentLogTailer -- 9.3.3.3 AgentProcessMonitor -- 9.3.3.4 AgentPID -- 9.3.3.5 AgentAddressSanitizer -- 9.3.3.6 AgentValgrind -- 9.3.3.7 An Example config.json Configuration File -- 9.3.4 Example Results from Agent Instrumentation -- 9.3.4.1 Bluetooth Fuzz Testing -- 9.3.4.2 Wi‐Fi Fuzz Testing -- 9.3.4.3 MQTT Fuzz Testing -- 9.3.4.4 File Format Fuzz Testing -- 9.3.5 Applicability and Automation -- 9.4 Chapter Summary -- References -- Chapter 10 Automating File Fuzzing over USB for Automotive Systems -- 10.1 Need for File Format Fuzzing -- 10.2 Problem Statement: Manual Process for File Format Fuzzing -- 10.3 Solution: Emulated Filesystems to Automate File Format Fuzzing -- 10.3.1 System Architecture Overview -- 10.3.2 Phase One Implementation Example: Prepare Fuzzed Files -- 10.3.3 Phase Two Implementation Example: Automatically Emulate Filesystems -- 10.3.4 Automating User Input -- 10.3.5 Monitor for Exceptions -- 10.4 Chapter Summary -- References. Chapter 11 Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems -- 11.1 Introduction to ALM Systems -- 11.2 Problem Statement: Tracing Secure Software Development Activities and Results to Requirements and Automating Application Security Testing -- 11.3 Solution: Integrating Application Security Testing Tools with ALM Systems -- 11.3.1 Concept -- 11.3.1.1 Static Code Analysis - Example -- 11.3.1.2 Software Composition Analysis - Example -- 11.3.1.3 Vulnerability Scanning - Example -- 11.3.1.4 Fuzz Testing - Example -- 11.3.1.5 Concept Overview -- 11.3.2 Example Implementation -- 11.3.2.1 Defensics -- 11.3.2.2 codeBeamer ALM -- 11.3.2.3 Jenkins -- 11.3.2.4 SUT -- 11.3.2.5 Implementation Overview -- 11.3.3 Considerations -- 11.4 Chapter Summary -- References -- Chapter 12 Continuous Cybersecurity Monitoring, Vulnerability Management, Incident Response, and Secure OTA Updates -- 12.1 Need for Cybersecurity Monitoring and Secure OTA Updates -- 12.2 Problem Statement: Software Inventory, Monitoring Vulnerabilities, and Vulnerable Vehicles -- 12.3 Solution: Release Management, Monitoring and Tracking, and Secure OTA Updates -- 12.3.1 Release Management -- 12.3.2 Monitoring and Tracking -- 12.3.2.1 Solutions in Other Industries -- 12.3.2.2 Solutions in the Automotive Industry -- 12.3.2.3 Example Automotive SOC Overview -- 12.3.2.4 Example Automotive SOC Workflow -- 12.3.2.5 Newly Detected Vulnerabilities in Open‐Source Software - Example -- 12.3.3 Secure OTA Updates -- 12.3.3.1 Identify Vulnerable Vehicles Targeted for OTA Updates -- 12.3.3.2 Perform Secure OTA Updates -- 12.3.3.3 Target Systems for OTA Updates -- 12.3.3.4 Overview of Secure OTA Update Process for ECUs -- 12.3.3.5 Standardization and Frameworks for OTA Updates -- 12.4 Chapter Summary -- References -- Chapter 13 Summary and Next Steps -- Index. EULA.
Record Nr.	UNINA-9910555069303321

Autore	Oka Dennis Kengo
Pubbl/distr/stampa	Hoboken, New Jersey : , : Wiley, , [2021]
Descrizione fisica	1 online resource (xiii, 304 pages) : illustrations
Disciplina	629.272
Soggetto topico	Automotive telematics - Security measures Automotive computers - Programming
ISBN	1-119-71077-4 1-119-71078-2 1-119-71076-6
Formato	Materiale a stampa
Livello bibliografico	Monografia
Lingua di pubblicazione	eng
Nota di contenuto	Cover -- Title Page -- Copyright -- Contents -- Preface -- About the Author -- Chapter 1 Overview of the Current State of Cybersecurity in the Automotive Industry -- 1.1 Cybersecurity Standards, Guidelines, and Activities -- 1.2 Process Changes, Organizational Changes, and New Solutions -- 1.3 Results from a Survey on Cybersecurity Practices in the Automotive Industry -- 1.3.1 Survey Methods -- 1.3.2 Report Results -- 1.3.2.1 Organizational Challenges -- 1.3.2.2 Technical Challenges -- 1.3.2.3 Product Development and Security Testing Challenges -- 1.3.2.4 Supply Chain and Third‐Party Components Challenges -- 1.3.3 How to Address the Challenges -- 1.3.3.1 Organizational Takeaways -- 1.3.3.2 Technical Takeaways -- 1.3.3.3 Product Development and Security Testing Takeaways -- 1.3.3.4 Supply Chain and Third‐Party Components Takeaways -- 1.3.3.5 Getting Started -- 1.3.3.6 Practical Examples of Organizations Who Have Started -- 1.3.3.7 -- 1.4 Examples of Vulnerabilities in the Automotive Industry -- 1.5 Chapter Summary -- References -- Chapter 2 Introduction to Security in the Automotive Software Development Lifecycle -- 2.1 V‐Model Software Development Process -- 2.2 Challenges in Automotive Software Development -- 2.3 Security Solutions at each Step in the V‐Model -- 2.3.1 Cybersecurity Requirements Review -- 2.3.2 Security Design Review -- 2.3.3 Threat Analysis and Risk Assessment -- 2.3.4 Source Code Review -- 2.3.5 Static Code Analysis -- 2.3.6 Software Composition Analysis -- 2.3.7 Security Functional Testing -- 2.3.8 Vulnerability Scanning -- 2.3.9 Fuzz Testing -- 2.3.10 Penetration Testing -- 2.3.11 Incident Response and Updates -- 2.3.12 Continuous Cybersecurity Activities -- 2.3.13 Overall Cybersecurity Management -- 2.4 New Technical Challenges -- 2.5 Chapter Summary -- References -- Chapter 3 Automotive‐Grade Secure Hardware. 3.1 Need for Automotive Secure Hardware -- 3.2 Different Types of HSMs -- 3.3 Root of Trust: Security Features Provided by Automotive HSM -- 3.3.1 Secure Boot -- 3.3.2 Secure In‐Vehicle Communication -- 3.3.3 Secure Host Flashing -- 3.3.4 Secure Debug Access -- 3.3.5 Secure Logging -- 3.4 Chapter Summary -- References -- Chapter 4 Need for Automated Security Solutions in the Automotive Software Development Lifecycle -- 4.1 Main Challenges in the Automotive Industry -- 4.2 Automated Security Solutions During the Product Development Phases -- 4.2.1 Static Code Analysis -- 4.2.2 Software Composition Analysis -- 4.2.3 Security Testing -- 4.2.4 Automation and Traceability During Software Development -- 4.3 Solutions During Operations and Maintenance Phases -- 4.3.1 Cybersecurity Monitoring, Vulnerability Management, Incident Response, and OTA Updates -- 4.4 Chapter Summary -- References -- Chapter 5 Static Code Analysis for Automotive Software -- 5.1 Introduction to MISRA and AUTOSAR Coding Guidelines -- 5.2 Problem Statement: MISRA and AUTOSAR Challenges -- 5.3 Solution: Workflow for Code Segmentation, Guideline Policies, and Deviation Management -- 5.3.1 Step 1: Segment the Codebase into Different Categories/Components Based on Risk -- 5.3.2 Step 2: Specify Guideline Policies (Set of Guidelines to Apply) Depending on Risk Categories -- 5.3.3 Step 3: Perform the Scan and Plan the Approach for Prioritization of Findings -- 5.3.4 Step 4: Prioritize Findings Based on the Risk Categories and Guideline Policies and Determine How to Handle Each Finding, e.g. Fix or Leave as Deviation -- 5.3.5 Step 5: Follow a Defined Deviation Management Process, Including Approval Steps -- 5.3.6 Step 6: Report on MISRA or AUTOSAR Coding Guidelines Compliance Including Deviations -- 5.4 Chapter Summary -- References. Chapter 6 Software Composition Analysis in the Automotive Industry -- 6.1 Software Composition Analysis: Benefits and Usage Scenarios -- 6.2 Problem Statement: Analysis of Automotive Software Open‐Source Software Risks -- 6.2.1 Analysis Results -- 6.2.1.1 zlib -- 6.2.1.2 libpng -- 6.2.1.3 OpenSSL -- 6.2.1.4 curl -- 6.2.1.5 Linux Kernel -- 6.2.2 Discussion -- 6.3 Solution: Countermeasures on Process and Technical Levels -- 6.3.1 Fully Inventory Open‐Source Software -- 6.3.2 Use Appropriate Software Composition Analysis Approaches -- 6.3.3 Map Open‐Source Software to Known Security Vulnerabilities -- 6.3.4 Identify License, Quality, and Security Risks -- 6.3.5 Create and Enforce Open‐Source Software Risk Policies -- 6.3.6 Continuously Monitor for New Security Threats and Vulnerabilities -- 6.3.7 Define and Follow Processes for Addressing Vulnerabilities in Open‐Source Software -- 6.3.8 How to Get Started -- 6.4 Chapter Summary -- References -- Chapter 7 Overview of Automotive Security Testing Approaches -- 7.1 Practical Security Testing -- 7.1.1 Security Functional Testing -- 7.1.2 Vulnerability Scanning -- 7.1.3 Fuzz Testing -- 7.1.4 Penetration Testing -- 7.2 Frameworks for Security Testing -- 7.3 Focus on Fuzz Testing -- 7.3.1 Fuzz Engine -- 7.3.2 Injector -- 7.3.3 Monitor -- 7.4 Chapter Summary -- References -- Chapter 8 Automating Fuzz Testing of In‐Vehicle Systems by Integrating with Automotive Test Tools -- 8.1 Overview of HIL Systems -- 8.2 Problem Statement: SUT Requires External Input and Monitoring -- 8.3 Solution: Integrating Fuzz Testing Tools with HIL Systems -- 8.3.1 White‐Box Approach for Fuzz Testing Using HIL System -- 8.3.1.1 Example Test Setup Using an Engine ECU -- 8.3.1.2 Fuzz Testing Setup for the Engine ECU -- 8.3.1.3 Fuzz Testing Setup Considerations -- 8.3.2 Black‐Box Approach for Fuzz Testing Using HIL System. 8.3.2.1 Example Target System Setup Using Engine and Body Control Modules -- 8.3.2.2 Fuzz Testing Setup Using Duplicate Engine and Body Control Modules -- 8.3.2.3 Fuzz Testing Setup Considerations -- 8.4 Chapter Summary -- References -- Chapter 9 Improving Fuzz Testing Coverage by Using Agent Instrumentation -- 9.1 Introduction to Agent Instrumentation -- 9.2 Problem Statement: Undetectable Vulnerabilities -- 9.2.1 Memory Leaks -- 9.2.2 Core Dumps and Zombie Processes -- 9.2.3 Considerations for Addressing Undetectable Vulnerabilities -- 9.3 Solution: Using Agents to Detect Undetectable Vulnerabilities -- 9.3.1 Overview of the Test Environment -- 9.3.2 Modes of Operation -- 9.3.2.1 Synchronous Mode -- 9.3.2.2 Asynchronous Mode -- 9.3.2.3 Hybrid Approach -- 9.3.3 Examples of Agents -- 9.3.3.1 AgentCoreDump -- 9.3.3.2 AgentLogTailer -- 9.3.3.3 AgentProcessMonitor -- 9.3.3.4 AgentPID -- 9.3.3.5 AgentAddressSanitizer -- 9.3.3.6 AgentValgrind -- 9.3.3.7 An Example config.json Configuration File -- 9.3.4 Example Results from Agent Instrumentation -- 9.3.4.1 Bluetooth Fuzz Testing -- 9.3.4.2 Wi‐Fi Fuzz Testing -- 9.3.4.3 MQTT Fuzz Testing -- 9.3.4.4 File Format Fuzz Testing -- 9.3.5 Applicability and Automation -- 9.4 Chapter Summary -- References -- Chapter 10 Automating File Fuzzing over USB for Automotive Systems -- 10.1 Need for File Format Fuzzing -- 10.2 Problem Statement: Manual Process for File Format Fuzzing -- 10.3 Solution: Emulated Filesystems to Automate File Format Fuzzing -- 10.3.1 System Architecture Overview -- 10.3.2 Phase One Implementation Example: Prepare Fuzzed Files -- 10.3.3 Phase Two Implementation Example: Automatically Emulate Filesystems -- 10.3.4 Automating User Input -- 10.3.5 Monitor for Exceptions -- 10.4 Chapter Summary -- References. Chapter 11 Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems -- 11.1 Introduction to ALM Systems -- 11.2 Problem Statement: Tracing Secure Software Development Activities and Results to Requirements and Automating Application Security Testing -- 11.3 Solution: Integrating Application Security Testing Tools with ALM Systems -- 11.3.1 Concept -- 11.3.1.1 Static Code Analysis - Example -- 11.3.1.2 Software Composition Analysis - Example -- 11.3.1.3 Vulnerability Scanning - Example -- 11.3.1.4 Fuzz Testing - Example -- 11.3.1.5 Concept Overview -- 11.3.2 Example Implementation -- 11.3.2.1 Defensics -- 11.3.2.2 codeBeamer ALM -- 11.3.2.3 Jenkins -- 11.3.2.4 SUT -- 11.3.2.5 Implementation Overview -- 11.3.3 Considerations -- 11.4 Chapter Summary -- References -- Chapter 12 Continuous Cybersecurity Monitoring, Vulnerability Management, Incident Response, and Secure OTA Updates -- 12.1 Need for Cybersecurity Monitoring and Secure OTA Updates -- 12.2 Problem Statement: Software Inventory, Monitoring Vulnerabilities, and Vulnerable Vehicles -- 12.3 Solution: Release Management, Monitoring and Tracking, and Secure OTA Updates -- 12.3.1 Release Management -- 12.3.2 Monitoring and Tracking -- 12.3.2.1 Solutions in Other Industries -- 12.3.2.2 Solutions in the Automotive Industry -- 12.3.2.3 Example Automotive SOC Overview -- 12.3.2.4 Example Automotive SOC Workflow -- 12.3.2.5 Newly Detected Vulnerabilities in Open‐Source Software - Example -- 12.3.3 Secure OTA Updates -- 12.3.3.1 Identify Vulnerable Vehicles Targeted for OTA Updates -- 12.3.3.2 Perform Secure OTA Updates -- 12.3.3.3 Target Systems for OTA Updates -- 12.3.3.4 Overview of Secure OTA Update Process for ECUs -- 12.3.3.5 Standardization and Frameworks for OTA Updates -- 12.4 Chapter Summary -- References -- Chapter 13 Summary and Next Steps -- Index. EULA.
Record Nr.	UNINA-9910829853503321