Change search
Link to record
Permanent link

Direct link
Publications (10 of 16) Show all publications
Malik, M., Aramrattana, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2023). Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks. In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC: . Paper presented at 28th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2023. Singapore. 24 October 2023 through 27 October 2023 (pp. 23-29). IEEE Computer Society
Open this publication in new window or tab >>Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks
Show others...
2023 (English)In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, IEEE Computer Society , 2023, p. 23-29Conference paper, Published paper (Refereed)
Abstract [en]

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification. 

Place, publisher, year, edition, pages
IEEE Computer Society, 2023
Keywords
Control system synthesis; Denial-of-service attack; Failure (mechanical); Remote control; Safety engineering; Software testing; Vehicle to vehicle communications; Vehicle transmissions; Communication failure; Control software; Denialof- service attacks; Remote location; Remotely operated road vehicle; Road vehicles; Safety mechanisms; Software in the loops; Software-in-the-loop testing; Transmission delays; Specifications
National Category
Mechanical Engineering
Identifiers
urn:nbn:se:ri:diva-70583 (URN)10.1109/PRDC59308.2023.00012 (DOI)2-s2.0-85182390657 (Scopus ID)
Conference
28th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2023. Singapore. 24 October 2023 through 27 October 2023
Note

This work was supported by VALU3S project, which hasreceived funding from the ECSEL Joint Undertaking (JU)under grant agreement No 876852. We also would like toexpress our sincere gratitude to Stepan Kar ´ asek and Beata Davidova from Roboauto, who provided us with invaluable ´support to test their system in the simulation environment.

Available from: 2024-01-22 Created: 2024-01-22 Last updated: 2024-01-22Bibliographically approved
Malik, M., Aramrattana, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2023). Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks. In: 28th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2023): . Paper presented at Pacific Rim International Symposium on Dependable Computing. IEEE conference proceedings
Open this publication in new window or tab >>Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks
Show others...
2023 (English)In: 28th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2023), IEEE conference proceedings, 2023Conference paper, Published paper (Other academic)
Abstract [en]

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2023
Keywords
remotely operated road vehicle (RORV), communication failures, denial-of-service (DoS) attacks, safety mechanisms, software-in-the-loop (SIL) testing
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-67577 (URN)
Conference
Pacific Rim International Symposium on Dependable Computing
Available from: 2023-10-31 Created: 2023-10-31 Last updated: 2024-02-06Bibliographically approved
Kleberger, P., Folkesson, P. & Sangchoolie, B. (2022). An Integrated Safety and Cybersecurity Resilience Framework for the Automotive Domain. In: : . Paper presented at 7th International Workshop on Critical Automotive Applications: Robustness & Safety. HAL
Open this publication in new window or tab >>An Integrated Safety and Cybersecurity Resilience Framework for the Automotive Domain
2022 (English)Conference paper, Published paper (Other academic)
Abstract [en]

As vehicles become more and more connected with their surroundings and utilize an increasing number of services, they also become more exposed to threats as the attack surface increases. With increasing attack surfaces and continuing challenges of eliminating vulnerabilities, vehicles need to be designed to work even under malicious activities, i.e., under attacks. In this paper, we present a resilience framework that integrates analysis of safety and cybersecurity mechanisms. We also integrate resilience for safety and cybersecurity into the fault – error – failure chain. The framework is useful for analyzing the propagation of faults and attacks between different system layers. This facilitates identification of adequate resilience mechanisms at different system layers as well as deriving suitable test cases for verification and validation of system resilience using fault and attack injection.

Place, publisher, year, edition, pages
HAL, 2022
Keywords
utomotive, cybersecurity, safety, resilience, framework
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-59793 (URN)
Conference
7th International Workshop on Critical Automotive Applications: Robustness & Safety
Available from: 2022-07-11 Created: 2022-07-11 Last updated: 2023-06-07Bibliographically approved
Thorsén, A., Sangchoolie, B., Folkesson, P. & Strandberg, T. (2022). Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids. In: : . Paper presented at CSG 2022: 16. International Conference on Smart Grids January 28-29, 2022 in Dubai, United Arab Emirates.
Open this publication in new window or tab >>Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids
2022 (English)Conference paper, Published paper (Refereed)
Abstract [en]

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment in order to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified in order to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords
Intelligent Distribution Grids, threat analysis, risk assessment, safety, cybersecurity
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-57520 (URN)
Conference
CSG 2022: 16. International Conference on Smart Grids January 28-29, 2022 in Dubai, United Arab Emirates
Available from: 2022-01-03 Created: 2022-01-03 Last updated: 2024-04-11Bibliographically approved
Thorsén, A., Sangchoolie, B., Folkesson, P. & Strandberg, T. (2022). Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids. World Academy of Science, Engineering and Technology International Journal of Energy and Power Engineering, 16(5), 69-76
Open this publication in new window or tab >>Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids
2022 (English)In: World Academy of Science, Engineering and Technology International Journal of Energy and Power Engineering, Vol. 16, no 5, p. 69-76Article in journal (Other academic) Published
Abstract [en]

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords
Intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity.
National Category
Mechanical Engineering
Identifiers
urn:nbn:se:ri:diva-59289 (URN)
Available from: 2022-05-25 Created: 2022-05-25 Last updated: 2024-04-11Bibliographically approved
Malik, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2022). ComFASE: A Tool for Evaluating the Effects of V2V Communication Faults and Attacks on Automated Vehicles. In: 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022): . Paper presented at 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022). Jun 27, 2022 - Jun 30, 2022. Baltimore, Maryland, USA.
Open this publication in new window or tab >>ComFASE: A Tool for Evaluating the Effects of V2V Communication Faults and Attacks on Automated Vehicles
Show others...
2022 (English)In: 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022), 2022Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents ComFASE, a communication fault and attack simulation engine. ComFASE is used to identify and evaluate potentially dangerous behaviours of interconnected automated vehicles in the presence of faults and attacks in wireless vehicular networks. ComFASE is built on top of OMNET++ (a network simulator) and integrates SUMO (a traffic simulator) and Veins (a vehicular network simulator). The tool is flexible in modelling different types of faults and attacks and can be effectively used to study the interplay between safety and cybersecurity attributes by injecting cybersecurity attacks and evaluating their safety implications. To demonstrate the tool, we present results from a series of simulation experiments, where we injected delay and denial-of-service attacks on wireless messages exchanged between vehicles in a platooning application. The results show how different variants of attacks influence the platooning system in terms of collision incidents.

Keywords
attack injection, fault injection, simulation-based system, V2V communication, platooning, cybersecurity attack
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-59789 (URN)
Conference
52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022). Jun 27, 2022 - Jun 30, 2022. Baltimore, Maryland, USA
Projects
VALU3S
Available from: 2022-07-11 Created: 2022-07-11 Last updated: 2023-06-05Bibliographically approved
Ferrari, E., Schlick, R., De la Vara, J. L., Folkesson, P. & Sangchoolie, B. (2022). Criteria for the Analysis of Gaps and Limitations of V&V Methods for Safety- and Security-Critical Systems. In: : . Paper presented at 17th International Workshop on Dependable Embedded Cyber-Physical Systems and Systems-of-Systems. Munich, Germany. 6-9 September 2022. Springer Berlin/Heidelberg
Open this publication in new window or tab >>Criteria for the Analysis of Gaps and Limitations of V&V Methods for Safety- and Security-Critical Systems
Show others...
2022 (English)Conference paper, Published paper (Refereed)
Abstract [en]

As society increasingly relies on safety- and security- critical systems, the need for confirming their dependability becomes essential. Adequate V&V (verification and validation) methods must be employed, e.g., for system testing. When selecting and using the methods, it is important to analyze their possible gaps and limitations, such as scalability issues. However, and as we have experienced, common, explicitly defined criteria are seldom used for such analyses. This results in analyses that consider different aspects and to a different extent, hindering their comparison and thus the comparison of the V&V methods. As a solution, we present a set of criteria for the analysis of gaps and limitations of V&V methods for safety- and security-critical systems. The criteria have been identified in the scope of the VALU3S project. Sixty-two people from 33 organizations agreed upon the use of nine criteria: functionality, accuracy, scalability, deployment, learning curve, automation, reference environment, cost, and standards. Their use led to more homogeneous and more detailed analyses when compared to similar previous efforts. We argue that the proposed criteria can be helpful to others when having to deal with similar activities.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2022
Keywords
Verification & Validation, V&V method, Gaps, Limitations, Analysis criteria, Safety-critical systems, Security-critical systems
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-59792 (URN)
Conference
17th International Workshop on Dependable Embedded Cyber-Physical Systems and Systems-of-Systems. Munich, Germany. 6-9 September 2022
Projects
VALU3S
Available from: 2022-07-11 Created: 2022-07-11 Last updated: 2023-06-05Bibliographically approved
Maleki, M., Malik, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2022). Modeling and Evaluating the Effects of Jamming Attacks on Connected Automated Road Vehicles. In: : . Paper presented at 27th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2022) November 28-December 1, 2022, Beijing, China (pp. 12).
Open this publication in new window or tab >>Modeling and Evaluating the Effects of Jamming Attacks on Connected Automated Road Vehicles
Show others...
2022 (English)Conference paper, Published paper (Refereed)
Abstract [en]

In this work, we evaluate the safety of a platoon offour vehicles under jamming attacks. The platooning applicationis provided by Plexe-veins, which is a cooperative drivingframework, and the vehicles in the platoon are equipped withcooperative adaptive cruise control controllers to represent thevehicles’ behavior. The jamming attacks investigated are modeledby extending ComFASE (a Communication Fault and AttackSimulation Engine) and represent three real-world attacks,namely, destructive interference, barrage jamming, and deceptivejamming. The attacks are injected in the physical layer of theIEEE 802.11p communication protocol simulated in Veins (avehicular network simulator). To evaluate the safety implicationsof the injected attacks, the experimental results are classifiedby using the deceleration profiles and collision incidents of thevehicles. The results of our experiments show that jammingattacks on the communication can jeopardize vehicle safety,causing emergency braking and collision incidents. Moreover,we describe the impact of different attack injection parameters(such as, attack start time, attack duration and attack value) onthe behavior of the vehicles subjected to the attacks.

Keywords
attack injection, jamming, V2V communication, platooning, simulation-based system
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-61312 (URN)
Conference
27th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2022) November 28-December 1, 2022, Beijing, China
Projects
VALU3S
Note

This work was supported by VALU3S project, which has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 876852. The JU receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Czech Republic, Germany, Ireland, Italy, Portugal, Spain, Sweden, Turkey

Available from: 2022-12-02 Created: 2022-12-02 Last updated: 2023-06-05Bibliographically approved
Folkesson, P., Sangchoolie, B., Kleberger, P. & Nowdehi, N. (2022). On the Evaluation of Three Pre-Injection Analysis Techniques for Model-Implemented Fault- and Attack Injection. In: IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC 2022): . Paper presented at PRDC 2022 (pp. 130-140).
Open this publication in new window or tab >>On the Evaluation of Three Pre-Injection Analysis Techniques for Model-Implemented Fault- and Attack Injection
2022 (English)In: IEEE 27th Pacific Rim International Symposium on Dependable Computing (PRDC 2022), 2022, p. 130-140Conference paper, Published paper (Refereed)
Abstract [en]

Fault- and attack injection are techniques used to measure dependability attributes of computer systems. An important property of such injectors is their efficiency that deals with the time and effort needed to explore the target system’s fault- or attack space. As this space is generally very large, techniques such as pre-injection analyses are used to effectively explore the space. In this paper, we study two such techniques that have been proposed in the past, namely inject-on-read and inject-on-write. Moreover, we propose a new technique called error space pruning of signals and evaluate its efficiency in reducing the space needed to be explored by fault and attack injection experiments. We implemented and integrated these techniques into MODIFI, a model-implemented fault and attack injector, which has been effectively used in the past to evaluate Simulink models in the presence of faults and attacks. To the best of our knowledge, we are the first to integrate these pre-injection analysis techniques into an injector that injects faults and attacks into Simulink models.The results of our evaluation on 11 vehicular Simulink models show that the error space pruning of signals reduce the attack space by about 30–43%, hence allowing the attack space to be exploited by fewer number of attack injection experiments. Using MODIFI, we then performed attack injection experiments on two of these vehicular Simulink models, a comfort control model and a brake-by-wire model, while elaborating on the results obtained

Keywords
fault injection, attack injection, cybersecurity testing, pre-injection analysis
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-61310 (URN)10.1109/PRDC55274.2022.00027 (DOI)978-1-6654-8555-5 (ISBN)
Conference
PRDC 2022
Available from: 2022-12-02 Created: 2022-12-02 Last updated: 2023-06-07Bibliographically approved
Sangchoolie, B., Folkesson, P., Kleberger, P. & Vinter, J. (2020). Analysis of Cybersecurity Mechanisms with respectto Dependability and Security Attributes. In: 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W): . Paper presented at Workshop on Safety and Security of Intelligent Vehicles.
Open this publication in new window or tab >>Analysis of Cybersecurity Mechanisms with respectto Dependability and Security Attributes
2020 (English)In: 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), 2020Conference paper, Published paper (Refereed)
Abstract [en]

Embedded electronic systems need to be equipped with different types of security mechanisms to protect themselves and to mitigate the effects of cybersecurity attacks. These mechanisms should be evaluated with respect to their impacts on dependability and security attributes such as availability, reliability, safety, etc. The evaluation is of great importance as, e.g., a security mechanism should never violate the system safety. Therefore, in this paper, we evaluate a comprehensive set of security mechanisms consisting of 17 different types of mechanisms with respect to their impact on dependability and security attributes. The results show that, in general, the use of these mechanisms have positive effect on system dependability and security. However, there are at least three mechanisms that could have negative impacts on system dependability by violating safety and availability requirements. The results support our claim that the analyses such as the ones conducted in this paper are necessary when selecting and implementing an optimal set of safety and security mechanisms.

Keywords
safety, cybersecurity mechanism, privacy
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-47668 (URN)10.1109/DSN-W50199.2020.00027 (DOI)978-1-7281-7263-7 (ISBN)978-1-7281-7264-4 (ISBN)
Conference
Workshop on Safety and Security of Intelligent Vehicles
Projects
This research was partially supported by the Swedish VINNOVA FFI project “HoliSec: Holistic Approach to Improve Data Security” with diary number: 2015-06894; and the Swedish VINNOVA FFI project “CyReV I: Cyber Resilience for Vehicles” with diary number: 2018-05013.
Available from: 2020-08-31 Created: 2020-08-31 Last updated: 2023-06-07Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-5224-9412

Search in DiVA

Show all publications