Talks & Presentations

Designing safe and secure autopilots for the urban environment

Speaker: Dr. Hasan I. Akram
Event: System Safety and Cyber Security 2016
SSCS is the largest conference for system safety specialists held in the UK; and the only conference where both safety and security engineers from around the world can meet and share ideas, new research and network.

Mehr erfahren

The Interdependency of Functional Safety and Security

Speaker: Dr. Hasan I. Akram
Event: Functional Safety meets ADAS, 2017

Mehr erfahren

Exhibitions

Safety meets Security 2017

Stuttgart-Nürtingen

Organizer: Hanser

Mehr erfahren

Forum Safety & Security 2017

Organizer: WEKA Fachmedien

Mehr erfahren

Publications

Security Testing over Encrypted Channels on the ARM Platform. In Proceedings of the 12th International Conference on Internet Monitoring and Protection (ICIMP 2017), 2017 Kilic, Fatih, Benedikt Geßele, and Hasan Ibne Akram

Abstract: Security Testing has been applied for many years to detect vulnerabilities in applications. With the increasing demand for encryption to protect the confidentiality of network data, the requirements have changed. When proprietary, closed source software uses end-to-end encryption, security testing tools which are fuzzing the application layer over network with plaintext data will eventually fail. The Intrusion Detection Framework for Encrypted Network Data (iDeFEND) framework circumvents this problem without violating the security of the end-to-end encryption. Unfortunately, the framework cannot be used on the Advanced RISC Machines (ARM) platform, since it uses architecture depended features of x86. In this paper, we transfer iDeFEND to the ARM architecture and thereby, make it suitable for testing applications on embedded devices. In addition, we discuss the limitations of the current framework and improve it with novel methods to provide a more generic approach for security testing. We present a generic method for inspecting data on encrypted channels. Our approach does not require any knowledge of the structure of the wrapper function for receiving and decrypting like iDeFEND. Furthermore, we present a solution to test and inspect applications that are using packet queues. Finally, we evaluate our approach on popular mobile applications.

Mehr erfahren

Security-Architektur zum Schutz vor Cyber-Attacken, Hanser Automotive, October 2016 Norton, Stephen, Hasan Ibne Akram and Wolfgang Mickisch

Abstract: Selbst bei einem streng nach ISO 26262 entwickelten Autopiloten können Cyber-Attacken die Sicherheitsmechanismen wieder aushebeln. Ein hinreichend schneller Aufbau von Schutzmaßnahmen erfordert dringend eine möglichst rasche industrieweite Standardisierung von Security-Anforderungen und Schnittstellen. Dazu wird von den Autoren ein pragmatisches, aber dennoch effektives Konzept mit einer 2-Schichten-Architektur vorgeschlagen.

Mehr erfahren

Designing safe and secure autopilots for the urban environment, 11th International Conference on System Safety and Cyber-Security (SSCS 2016), London, 2016, pp. 1-6. Norton, Stephen and Hasan Ibne Akram

Abstract: This paper analyses safety and security risks posed by the introduction of autopilot functions for road vehicles. Drawing on lessons learned from the aviation industry, the authors make the case for standardising the behaviour and interfaces of advanced driver assistance systems. This paper proposes a modular functional architecture to support both iterative development and an iterative increase in security sophistication. The authors define security goals for their modular architecture based on their analysis of the threat and propose a pragmatic approach to achieve these security goals.

Mehr erfahren