Security-Minded Verification of Cooperative Awareness Messages

IF 7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Dependable and Secure Computing Pub Date : 2024-07-01 DOI:10.1109/tdsc.2023.3345543

M. Farrell, Matthew Bradbury, Rafael C. Cardoso, Michael Fisher, Louise A. Dennis, Clare Dixon, A. Sheik, Hu Yuan, Carsten Maple

{"title":"Security-Minded Verification of Cooperative Awareness Messages","authors":"M. Farrell, Matthew Bradbury, Rafael C. Cardoso, Michael Fisher, Louise A. Dennis, Clare Dixon, A. Sheik, Hu Yuan, Carsten Maple","doi":"10.1109/tdsc.2023.3345543","DOIUrl":null,"url":null,"abstract":"Autonomous robotic systems systems are both safety- and security-critical, since a breach in system security may impact safety. In such critical systems, formal verification is used to model the system and verify that it obeys specific functional and safety properties. Independently, threat modeling is used to analyse and manage the cyber security threats that such systems may encounter. Both verification and threat analysis serve the purpose of ensuring that the system will be reliable, albeit from differing perspectives. In prior work, we argued that these analyses should be used to inform one another and, in this paper, we extend our previously defined methodology for security-minded verification by incorporating runtime verification. To illustrate our approach, we analyse an algorithm for sending Cooperative Awareness Messages between autonomous vehicles. Our analysis centres on identifying STRIDE security threats. We show how these can be formalised, and subsequently verified, using a combination of formal tools for static aspects, namely Promela/SPIN and Dafny, and generate runtime monitors for dynamic verification. Our approach allows us to focus our verification effort on those security properties that are particularly important and to consider safety and security in tandem, both statically and at runtime.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":null,"pages":null},"PeriodicalIF":7.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/tdsc.2023.3345543","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Autonomous robotic systems systems are both safety- and security-critical, since a breach in system security may impact safety. In such critical systems, formal verification is used to model the system and verify that it obeys specific functional and safety properties. Independently, threat modeling is used to analyse and manage the cyber security threats that such systems may encounter. Both verification and threat analysis serve the purpose of ensuring that the system will be reliable, albeit from differing perspectives. In prior work, we argued that these analyses should be used to inform one another and, in this paper, we extend our previously defined methodology for security-minded verification by incorporating runtime verification. To illustrate our approach, we analyse an algorithm for sending Cooperative Awareness Messages between autonomous vehicles. Our analysis centres on identifying STRIDE security threats. We show how these can be formalised, and subsequently verified, using a combination of formal tools for static aspects, namely Promela/SPIN and Dafny, and generate runtime monitors for dynamic verification. Our approach allows us to focus our verification effort on those security properties that are particularly important and to consider safety and security in tandem, both statically and at runtime.

查看原文本刊更多论文

合作意识信息的安全验证

自主机器人系统既是安全关键型系统，也是安保关键型系统，因为系统安保漏洞可能会影响安全性。在这类关键系统中，形式化验证用于对系统进行建模，并验证其是否符合特定的功能和安全属性。威胁建模则用于分析和管理此类系统可能遇到的网络安全威胁。验证和威胁分析的目的都是确保系统的可靠性，尽管两者的角度不同。在之前的工作中，我们认为这些分析应相互借鉴，而在本文中，我们将运行时验证纳入其中，从而扩展了之前定义的安全验证方法。为了说明我们的方法，我们分析了自动驾驶车辆之间发送合作认知信息的算法。我们的分析以识别 STRIDE 安全威胁为中心。我们展示了如何将这些威胁形式化，并在随后使用形式化工具（即 Promela/SPIN 和 Dafny）进行静态验证，以及如何生成运行时监控器进行动态验证。我们的方法使我们能够将验证工作集中在那些特别重要的安全属性上，并在静态和运行时同步考虑安全性和保安性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Dependable and Secure Computing 工程技术-计算机：软件工程

CiteScore

11.20

自引率

5.50%

发文量

354

审稿时长

9 months

期刊介绍： The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance. The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability. By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.