Automotive Security Analyzer for Exploitability Risks

Our lives depend on automotive cybersecurity, protecting us inside and near vehicles. If vehicles go rogue, they can operate against the driver's will and potentially drive off a cliff or into a crowd. The Automotive Security Analyzer for Exploitability Risks (AutoSAlfER) evaluates the exploitability risks of automotive on-board networks by attack graphs. AutoSAlfER's Multi-Path Attack Graph algorithm is 40 to 200 times smaller in RAM and 200 to 5 000 times faster than a comparable implementation using Bayesian networks, and the Single-Path Attack Graph algorithm constructs the most reasonable attack path per asset with a computational, asymptotic complexity of only O(n * log(n)), instead of O(n²). AutoSAlfER runs on a self-written graph database, heuristics, pruning, and homogenized Gaussian distributions and boosts people's productivity for a more sustainable and secure automotive on-board network. Ultimately, we enjoy more safety and security in and around autonomous, connected, electrified, and shared vehicles.

Autorentext

Dr. Martin Salfer is an IT security researcher at TUM and a tech lead at an automaker. He earned his Ph.D. in IT Security from TUM, completed his M.Sc. with honours in Software Engineering at UniA/LMU/TUM, and obtained his B.Sc. in Computer Science from HM, with a study abroad at KPU in Vancouver, Canada, and ESIEA in Paris, France, and a research visit at NII in Tokyo, Japan. He is the lead author of 28 publications, including five IT security patents.

Inhalt
Introduction.- Basics and Related Work.- Models.- Single-Path Attack Graph Algorithm.- Multi-Path Attack Graph Algorithm.- Conclusion.- References