As the HoliSec project is coming close to its end, we will provide an overview of the research conducted in the project.


At the last FFI Automotive Security and Privacy conference Thomas Rosenstatter presented some of the work that he and his colleagues have done in the past four years (document link). The focus of the work was on secure communication and engineering, in particular, the following deliveries were made:

  1. Evaluation of promising CAN message authentication solutions based on five industrial criteria (see paper 1 below for more details).
  2. An analysis on how the hardware architecture of resource-constrained systems impacts memory exploitation techniques (see papers 3 and 4 below for more details).
  3. Classification of security in the automotive domain and mapping to appropriate security mechanisms based on the results of a Threat Analysis and Risk Assessment (TARA, see papers 3 and 4 below for more details).
  4. A survey on which issues in automotive security are problematic in real industry use-cases (see paper 5 below for more details).
  5. A preliminary assessment of the security impact of using the new 5G communication standard for V2X applications (see paper 6 below for more details).
  6. An extension of AUTOSAR SecOC Profile 3 to provider faster resynchronisation of the counter-based freshness value in authenticated messages (see paper 7 below for more details).


This work was conducted by the following researchers:

Tomas Olovsson, Chalmers
Magnus Almgren, Chalmers
Aljosha Lautenbach, Chalmers
Thomas Rosenstatter, Chalmers
Nasser Nowdehi. Volvo Cars
Christian Sandberg, AB Volvo


[1] N. Nowdehi, A. Lautenbach, and T. Olovsson, “In-vehicle CAN message authentication: An evaluation based on industrial criteria”, in 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall), Sep. 2017, pp. 1–7.


[2] A. Lautenbach, M. Almgren, and T. Olovsson, “What the stack? On memory exploitation and protection in resource constrained automotive systems”, in Critical Information Infrastructures Security, G. D’Agostino and A. Scala, Eds., Cham: Springer International Publishing, 2018, pp. 185–193


[3] T. Rosenstatter and T. Olovsson, “Open problems when mapping automotive security levels to system requirements”, in Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems – Volume 1: VEHITS, INSTICC, SciTePress, 2018, pp. 251–260.

[4] T. Rosenstatter and T. Olovsson, “Towards a standardized mapping from automotive security levels to security mechanisms”, in 2018 21st International Conference on Intelligent Transportation Systems (ITSC), Nov. 2018, pp. 1501–1507.

[5] A. Lautenbach, M. Almgren and T. Olovsson, “Understanding Common Automotive Security Issues and Their Implications” presented at International Workshop on Interplay of Security, Safety and System/Software Architecture 2018


[6] A. Lautenbach, N. Nowdehi, T. Olovsson and R. Zaragatzky, ”A Preliminary Security Assessment of 5G V2X”, 2019 IEEE 89th Vehicular Technology Conference (VTC2019-Spring), Kuala Lumpur, Malaysia, 2019, pp. 1-7.


[7] T. Rosenstatter, C. Sandberg and T. Olovsson, “Extending AUTOSAR’s Counter-based Solution for Freshness of Authenticated Messages in Vehicles” accepted at 24th IEEE Pacific Rim International Symposion on Dependable Computing (PRDC 2019).


For any questions regarding this work, please contact Thomas Rosenstatter