1. Standardizing Security Evaluation Criteria for Connected Vehicles: A Modular Protection Profile
- Author
-
Konstantinos Maliatsos, Christos Lyvas, Panagiotis Pantazopoulos, Costas Lambrinoudakis, Athanasios Kanatas, Matthieu Gay, and Angelos Amditis
- Subjects
Point (typography) ,business.industry ,Computer science ,020206 networking & telecommunications ,02 engineering and technology ,Modular design ,Protection Profile ,Common Criteria ,Software security assurance ,SAFER ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Architecture ,Software engineering ,business ,Agile software development - Abstract
The so-far most credible approach to Security Evaluation, the Common Criteria standard, relies on a thorough methodology to provide confidence that the security requirements of an IT system are satisfied. Towards that end, a Protection Profile (PP) document gathers carefully all required data and identifies in an implementation-independent way the security requirements of the studied system, referred to as Target of Evaluation (ToE). When the connected vehicles paradigm that integrates a mosaic of third-party modules and interfaces constitutes the ToE, the PP development calls for agile solutions.In this work, we introduce a modular approach to the design of a PP for connected vehicles, as developed in the SAFERtec project. Our starting point is a generic architecture of the Vehicle (V-ITS-S) that helps us identify all involved assets and accordingly introduce a flexible discrimination of the base and associated PP modules as well as their interplay. We discuss the way our modular PP can cope with various V-ITS-S implementation approaches and provide insights on its applicability on a real-world V-ITS-S bench we have developed. The proposed solution can pave the way for devising standardized security assurance arguments towards safer connected driving.
- Published
- 2019
- Full Text
- View/download PDF