Showing papers by "Vassilis Prevelakis published in 2020"

SAVTA: a hybrid vehicular threat model: overview and case study

Abstract: In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems which depend on a set of sensors to interact with each other and with the surrounding environment. While these improvements have increased the safety and incontestability of the automotive system, they have opened the door for new potential security threats which need to be defined, assessed, and mitigated. The SAE J3061 standard has defined threat modeling as a critical step toward the secure development process for vehicle systems, but it did not determine which method could be used to achieve this process. Therefore, many threat modeling approaches were adopted. However, using one individual approach will not identify all the threats which could target the system, and may lead to insufficient mitigation mechanisms. Thus, having complete security requires the usage of a comprehensive threat model which identifies all the potential threats and vulnerabilities. In this work, we tried to revise the existing threat modeling efforts in the vehicular domain. Also, we proposed using a hybrid method called the Software, Asset, Vulnerability, Threat, and Attacker (SAVTA)-centric method to support security analysis for vehicular systems. SAVTA combines different existing threat modeling approaches to create a comprehensive and hybridized threat model. The model is used as an aid to construct general attack trees which illustrate attack vectors that threaten a particular vehicle asset and classify these attacks under different sub-trees.

Temporal-based intrusion detection for IoV

Abstract: Abstract The Internet of Vehicle (IoV) is an extension of Vehicle-to-Vehicle (V2V) communication that can improve vehicles’ fully autonomous driving capabilities. However, these communications are vulnerable to many attacks. Therefore, it is critical to provide run-time mechanisms to detect malware and stop the attackers before they manage to gain a foothold in the system. Anomaly-based detection techniques are convenient and capable of detecting off-nominal behavior by the component caused by zero-day attacks. One significant critical aspect when using anomaly-based techniques is ensuring the correct definition of the observed component’s normal behavior. In this paper, we propose using the task’s temporal specification as a baseline to define its normal behavior and identify temporal thresholds that give the system the ability to predict malicious tasks. By applying our solution on one use-case, we got temporal thresholds 20–40 % less than the one usually used to alarm the system about security violations. Using our boundaries ensures the early detection of off-nominal temporal behavior and provides the system with a sufficient amount of time to initiate recovery actions.

Software System Exploration Using Library Call Analysis

Abstract: The ability to analyze software systems without access to the source code, offers many advantages including the detection of vulnerabilities so that they may be fixed before an adversary can exploit them in a zero day attack. This type of analysis also has an important role in education as it allows students to use their imagination and creativity in the exploration process. In this paper, we use two techniques for black-box testing based on our previous work, where we demonstrated how library calls may be intercepted using wrappers as well as using the kernel to separate the memory of a process into regions, based on the (statically/dynamically) linked libraries that a program uses. By monitoring function calls to libraries or the main executable, we can determine if a high-level execution signature (which depends not only on the occurrence, but also the sequence and number of calls) fits a pattern of a possible attack against a system under test. We can, then, (a) determine whether a call should go ahead, (b) determine whether the arguments are acceptable and (c) ensure that we will be informed when there is suspicion of foul play. We then demonstrate how these techniques may be used in student training sessions to explore the structure of software systems and determine how such systems respond to specific input sequences designed to trigger bugs or demonstrate unexpected behavior.