FFI Conference: DEx and HoliSec

Program

09:00 Welcome – Anders Johnson, RISE
Why cyber security and privacy?

09:30 What is DEx and what is AutoSec? – Dissemination and Exploitation of the program results for Automotive Security and Privacy – Lars Moberger, RISE  PDF
This project focuses on exploitation and to optimise the effects of the efforts within Automotive Security and Privacy program. The purpose is mainly to support projects within the FFI program by lifting up issues of common interest that has a great impact on the business. DEx is sponsored by the FFI program  to coordinate activities of common interest and to disseminate results and create impacts. 

09:40 Perspectives on Privacy – Jakob Dexe, RISE  PDF
In the information economy, the use and enrichment of data regarding individuals gets more important by the day, and privacy is seen as a major obstacle. But what is privacy really? And how can industry actors work more proactively with personal data? 

10:00-14:45 HoliSec in focus

10:00 Introducing HoliSec: Holistic Approach to Improve Data Security – Atul Yadav, AB Volvo  PDF
The objective is to holistically address security concerns in the complete automotive chain from concept, design, development, integration, testing, verification & validation and operational phases. The primary focus is on secure software design along with selected security mechanisms.

10:10 Security and privacy requirements in vehicle connectivity – Henrik Broberg, Volvo Cars  PDF
The presentation show how to organise and create a work split that promotes a systematic approach to addressing security and privacy in vehicles.

10:30 Break

10.50 Security requirements and classification of security mechanisms – Thomas Rosenstatter, Chalmers  PDF
In this session we describe open problems that need to be addressed in a prospective security framework for the automotive domain. Based on safety and security standards from other areas as well as suggested automotive security models, we propose an appropriate representation of security levels and a method to perform the mapping to a set of predefined system requirements, design rules and security mechanisms. 

11:10 Interplay between safety and security (Live MODIFI demo) – Peter Folkesson, RISE  PDF
The model implemented fault/attack injection tool MODIFI is demonstrated. MODIFI is useful for early dependability evaluation of software developed as Simulink models. The latest version supports security evaluation by attack injection and FIND, a generic (tool independent) SQL database for storing and analysing results from fault/attack injection experiments.

11:30 Secure software and system design – Katja Tuma, Chalmers  PDF
Our experience with industrial partners shows frustration with the uncertainty and length of architectural threat analysis methods. This is in line with the results obtained by our recent empirical study. In this talk we show the research directions towards speeding up the discovery of threats with large impact, by enriching the model enabling model abstractions and effort reduction.

12:00 Lunch

13:00 Cryptographic support and key management (SecOC requirements, challenges) – Christian Sandberg, AB Volvo  PDF 
Many security mechanisms depend on cryptographic algorithms and protocols. HoliSec WP2 takes a deeper look at the cryptographic needs of the automotive industry. This presentation gives an insight into the activities in WP2, focusing on areas related to AUTOSAR Secure Onboard Communication freshness handling, key derivation and key lifecycle management.

13:20 Bug bounty – Ana Magazinius, RISE Viktoria  PDF
Instead of waiting to get hacked we will be asking for it – in 2018 the best security researchers, practitioners and hackers will be invited to hack a Volvo bus.

13:40 Security Modeling – Shahanas Cholayil Mayankutty, Volvo Cars  PDF
The presentation demonstrates a comparative analysis of two security modeling notations based on evaluation criteria provided by Volvo Cars.

14:00 Model based security testing – Martin Kastebo, Volvo Cars  PDF
The presentation presents the state-of-the-art in the Model-based Security Testing field and an evaluation of applying a Model-based security testing approach at Volvo Cars.

14:20 In-vehicle IDS – Noräs Salman, Volvo Cars  PDF
The presentation aims to give a walk through the process of designing and implementing an Intrusion Detection System (IDS) for in-vehicle networks, with focus on the Controller Area Network (CAN) standard. It also investigates the challenges and constrains for building such system during this process.

14:45 Break

15:00 Other ongoing initiatives, projects and applications – Lars Moberger, RISE  PDF
In the Automotive Security and Privacy program within FFI, a number of areas has been formulated that needs to be covered in terms of future research efforts. Similarly, a position paper within EARPA has been formulated which defines a number of main areas that they  want to be in focus.
This review will attempt to highlight how the initiatives taken nationally and internationally cover the actual needs from the Industry and what has  to be done in the near future.

15:30 Automotive challenges – panel discussion
Moderator: Anders Johnson, RISE 

Alireza Majdabadi, Attribute Leader Security & Privacy, Volvo Cars
Mathias Widman, Enterprise Architect, AB Volvo
Lars Göran Rosengren, Senior Advisor,  Lindholmen Science Park
Jacob Dexe, Researcher, RISE SICS
Tomas Olovsson, Professor, Chalmers

16:30 End