Ilaria Matteucci

Marco De Vincenzi, Mert D. Pesé, Chiara Bodei et al.

The growing reliance on software in road vehicles has led to the emergence of Software-Defined Vehicles (SDV). This work analyzes SDV security and privacy through a systematic literature review complemented by an industry questionnaire across the automotive supply chain. The analysis is structured as four research questions and results in a security framework serving as a roadmap for SDV protection. The findings emphasize addressing mixed-criticality architectural challenges, deploying layered security mechanisms, and integrating privacy-preserving techniques. The results highlight the need to harmonize in-vehicle and cloud-based defenses to strengthen cybersecurity and V2X resilience in Intelligent Transportation Systems (ITS).

Davide Micale, Gianpiero Costantino, Ilaria Matteucci et al.

The introduction of Information and Communication Technology (ICT) in transportation systems leads to several advantages (efficiency of transport, mobility, traffic management). However, it may bring some drawbacks in terms of increasing security challenges, also related to human behaviour. As an example , in the last decades attempts to characterize drivers' behaviour have been mostly targeted. This paper presents Secure Routine, a paradigm that uses driver's habits to driver identification and, in particular, to distinguish the vehicle's owner from other drivers. We evaluate Secure Routine in combination with other three existing research works based on machine learning techniques. Results are measured using well-known metrics and show that Secure Routine outperforms the compared works.

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino et al.

This paper introduces CINNAMON, a software module that extends and seamlessly integrates with the AUTOSAR "Secure Onboard Communication" (SecOC) module to also account for confidentiality of data in transit. It stands for Confidential, INtegral aNd Authentic on board coMunicatiON (CINNAMON). It takes a resource-efficient and practical approach to ensure, at the same time, confidentiality, integrity and authenticity of frames. The main new requirement that CINNAMON puts forward is the use of encryption and thus, as a result, CINNAMON exceeds SecOC against information gathering attacks. This paper sets forth the essential requirements and specification of the new module by detailing where and how to position it within AUTOSAR and by emphasizing the relevant upgrades with respect to SecOC. The presentation continues with the definition of a Security Profile and a summary of a prototype implementation of ours. While CINNAMON is easily extensible, for example through the definition of additional profiles, the current performances obtained on inexpensive boards support the claim that the approach is feasible.

Giampaolo Bella, Pietro Biondi, Gianpiero Costantino et al.

Modern cars are no longer purely mechanical devices but shelter so much digital technology that they resemble a network of computers. Electronic Control Units (ECUs) need to exchange a large amount of data for the various functions of the car to work, and such data must be made secure if we want those functions to work as intended despite malicious activity by attackers. TOUCAN is a new security protocol designed to be secure and at the same time both CAN and AUTOSAR compliant. It achieves security in terms of authenticity, integrity and confidentiality, yet without the need to upgrade (the hardware of) existing ECUs or enrich the network with novel components. The overhead is tiny, namely a reduction of the size of the Data field of a frame. A prototype implementation exhibits promising performance on a STM32F407Discovery board.

Fabio Martinelli, Ilaria Matteucci, Francesco Santini

Our goal is to provide different semiring-based formal tools for the specification of security requirements: we quantitatively enhance the open-system approach, according to which a system is partially specified. Therefore, we suppose the existence of an unknown and possibly malicious agent that interacts in parallel with the system. Two specification frameworks are designed along two different (but still related) lines. First, by comparing the behaviour of a system with the expected one, or by checking if such system satisfies some security requirements: we investigate a novel approximate behavioural-equivalence for comparing processes behaviour, thus extending the Generalised Non Deducibility on Composition (GNDC) approach with scores. As a second result, we equip a modal logic with semiring values with the purpose to have a weight related to the satisfaction of a formula that specifies some requested property. Finally, we generalise the classical partial model-checking function, and we name it as quantitative partial model-checking in such a way to point out the necessary and sufficient conditions that a system has to satisfy in order to be considered as secure, with respect to a fixed security/functionality threshold-value.

Alessia Garofalo, Cesario Di Sarno, Ilaria Matteucci et al.

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.