Jürgen Dürrwang, Johannes Braun, Marcel Rumez, R. Kriesten, A. Pretschner
{"title":"利用威胁分析结果增强汽车渗透测试","authors":"Jürgen Dürrwang, Johannes Braun, Marcel Rumez, R. Kriesten, A. Pretschner","doi":"10.4271/11-01-02-0005","DOIUrl":null,"url":null,"abstract":"In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive Electronic Control Unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.","PeriodicalId":253463,"journal":{"name":"SAE International Journal of Transportation Cybersecurity and Privacy","volume":"175 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"31","resultStr":"{\"title\":\"Enhancement of Automotive Penetration Testing with Threat Analyses Results\",\"authors\":\"Jürgen Dürrwang, Johannes Braun, Marcel Rumez, R. Kriesten, A. Pretschner\",\"doi\":\"10.4271/11-01-02-0005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive Electronic Control Unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.\",\"PeriodicalId\":253463,\"journal\":{\"name\":\"SAE International Journal of Transportation Cybersecurity and Privacy\",\"volume\":\"175 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"31\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SAE International Journal of Transportation Cybersecurity and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4271/11-01-02-0005\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SAE International Journal of Transportation Cybersecurity and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4271/11-01-02-0005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhancement of Automotive Penetration Testing with Threat Analyses Results
In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive Electronic Control Unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
