Change search
Link to record
Permanent link

Direct link
Sangchoolie, BehroozORCID iD iconorcid.org/0000-0001-9536-4269
Publications (10 of 39) Show all publications
Maleki, M., Farooqui, A. & Sangchoolie, B. (2023). CarFASE: A Carla-based Tool for Evaluating the Effects of Faults and Attacks on Autonomous Driving Stacks. In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W): . Paper presented at 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) (pp. 92-99). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>CarFASE: A Carla-based Tool for Evaluating the Effects of Faults and Attacks on Autonomous Driving Stacks
2023 (English)In: 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Institute of Electrical and Electronics Engineers (IEEE), 2023, p. 92-99Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents CarFASE, an open-source carla-based fault and attack simulation engine that is used to test and evaluate the behavior of autonomous driving stacks in the presence of faults and attacks. Carla is a highly customizable and adaptable simulator for autonomous driving research. In this paper, we demonstrate the application of CarFASE by running fault injection experiments on OpenPilot, an open-source advanced driver assistance system designed to provide a suite of features such as lane keeping, adaptive cruise control, and forward collision warning to enhance the driving experience. A braking scenario is used to study the behavior of OpenPilot in the presence of brightness and salt&pepper faults. The results demonstrate the usefulness of the tool in evaluating the safety attributes of autonomous driving systems in a safe and controlled environment.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-66359 (URN)10.1109/dsn-w58399.2023.00036 (DOI)
Conference
53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)
Note

This work was supported by VALU3S project, which has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 876852. The JU receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Czech Republic, Germany, Ireland, Italy, Portugal, Spain, Sweden, Turkey

Available from: 2023-09-05 Created: 2023-09-05 Last updated: 2023-09-05Bibliographically approved
Malik, M., Aramrattana, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2023). Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks. In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC: . Paper presented at 28th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2023. Singapore. 24 October 2023 through 27 October 2023 (pp. 23-29). IEEE Computer Society
Open this publication in new window or tab >>Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks
Show others...
2023 (English)In: Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC, IEEE Computer Society , 2023, p. 23-29Conference paper, Published paper (Refereed)
Abstract [en]

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification. 

Place, publisher, year, edition, pages
IEEE Computer Society, 2023
Keywords
Control system synthesis; Denial-of-service attack; Failure (mechanical); Remote control; Safety engineering; Software testing; Vehicle to vehicle communications; Vehicle transmissions; Communication failure; Control software; Denialof- service attacks; Remote location; Remotely operated road vehicle; Road vehicles; Safety mechanisms; Software in the loops; Software-in-the-loop testing; Transmission delays; Specifications
National Category
Mechanical Engineering
Identifiers
urn:nbn:se:ri:diva-70583 (URN)10.1109/PRDC59308.2023.00012 (DOI)2-s2.0-85182390657 (Scopus ID)
Conference
28th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2023. Singapore. 24 October 2023 through 27 October 2023
Note

This work was supported by VALU3S project, which hasreceived funding from the ECSEL Joint Undertaking (JU)under grant agreement No 876852. We also would like toexpress our sincere gratitude to Stepan Kar ´ asek and Beata Davidova from Roboauto, who provided us with invaluable ´support to test their system in the simulation environment.

Available from: 2024-01-22 Created: 2024-01-22 Last updated: 2024-01-22Bibliographically approved
Malik, M., Aramrattana, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2023). Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks. In: 28th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2023): . Paper presented at Pacific Rim International Symposium on Dependable Computing. IEEE conference proceedings
Open this publication in new window or tab >>Simulation-based Evaluation of a Remotely Operated Road Vehicle under Transmission Delays and Denial-of-Service Attacks
Show others...
2023 (English)In: 28th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2023), IEEE conference proceedings, 2023Conference paper, Published paper (Other academic)
Abstract [en]

A remotely operated road vehicle (RORV) refers to a vehicle operated wirelessly from a remote location. In this paper, we report results from an evaluation of two safety mechanisms: safe braking and disconnection. These safety mechanisms are included in the control software for RORV developed by Roboauto, an intelligent mobility solutions provider. The safety mechanisms monitor the communication system to detect packet transmission delays, lost messages, and outages caused by naturally occurring interference as well as denial-of-service (DoS) attacks. When the delay in the communication channel exceeds certain threshold values, the safety mechanisms are to initiate control actions to reduce the vehicle speed or stop the affected vehicle safely as soon as possible. To evaluate the effectiveness of the safety mechanisms, we exposed the vehicle control software to various communication failures using a software-in-the-loop (SIL) testing environment developed specifically for this study. Our results show that the safety mechanisms behaved correctly for a vast majority of the simulated communication failures. However, in a few cases, we noted that the safety mechanisms were triggered incorrectly, either too early or too late, according to the system specification.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2023
Keywords
remotely operated road vehicle (RORV), communication failures, denial-of-service (DoS) attacks, safety mechanisms, software-in-the-loop (SIL) testing
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-67577 (URN)
Conference
Pacific Rim International Symposium on Dependable Computing
Available from: 2023-10-31 Created: 2023-10-31 Last updated: 2024-02-06Bibliographically approved
Smrčka, A., Sangchoolie, B., Mingozzi, E., de la Vara, J. L., Farrell, M., Barbosa, R., . . . Kanak, A. (2023). Towards an extensive set of criteria for safety and cyber-security evaluation of cyber-physical systems. Open Research Europe, 3
Open this publication in new window or tab >>Towards an extensive set of criteria for safety and cyber-security evaluation of cyber-physical systems
Show others...
2023 (English)In: Open Research Europe, E-ISSN 2732-5121, Vol. 3Article in journal (Refereed) Published
Abstract [en]

Verification and validation (V&V) are complex processes combining different approaches and incorporating many different methods including many activities. System engineers regularly face the question if their V&V activities lead to better products, and having appropriate criteria at hand for evaluation of safety and cybersecurity of the systems would help to answer such a question. Additionally, when there is a demand to improve the quality of an already managed V&V process, there is a struggle over what criteria to use in order to measure the improvement. This paper presents an extensive set of criteria suitable for safety and cybersecurity evaluation of cyberphysical systems. The evaluation criteria are agreed upon by 60 researchers from 32 academic and industrial organizations jointly working in a large-scale European research project on 13 real-world use cases from the domains of automotive, railway, aerospace, agriculture, healthcare, and industrial robotics.

Keywords
criteria, evaluation, verification, validation, safety, cybersecurity, cyber-physical system (CPS)
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-61310 (URN)10.12688/openreseurope.16234.1 (DOI)978-1-6654-8555-5 (ISBN)
Funder
EU, Horizon Europe, 876852
Available from: 2022-12-02 Created: 2024-05-13 Last updated: 2024-05-14Bibliographically approved
Farooqui, A. & Sangchoolie, B. (2023). Towards Formal Fault Injection for Safety Assessment of Automated Systems. In: Fifth International Workshop on Formal Methods for Autonomous Systems: . Paper presented at International Workshop on Formal Methods for Autonomous Systems.
Open this publication in new window or tab >>Towards Formal Fault Injection for Safety Assessment of Automated Systems
2023 (English)In: Fifth International Workshop on Formal Methods for Autonomous Systems, 2023Conference paper, Published paper (Refereed)
Abstract [en]

Reasoning about safety, security, and other dependability attributes of autonomous systems is a challenge that needs to be addressed before the adoption of such systems in day-to-day life. Formal methods is a class of methods that mathematically reason about a system’s behavior. Thus, a correctness proof is sufficient to conclude the system’s dependability. However, these methods are usually applied to abstract models of the system, which might not fully represent the actual system. Fault injection, on the other hand, is a testing method to evaluate the dependability of systems. However, the amount of testing required to evaluate the system is rather large and often a problem. This vision paper introduces formal fault injection, a fusion of these two techniques throughout the development lifecycle to enhance the dependability of autonomous systems. We advocate for a more cohesive approach by identifying five areas of mutual support between formal methods and fault injection. By forging stronger ties between the two fields, we pave the way for developing safe and dependable autonomous systems. This paper delves into the integration’s potential and outlines future research avenues, addressing open challenges along the way.

Keywords
Fault injection, formal methods
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-67578 (URN)
Conference
International Workshop on Formal Methods for Autonomous Systems
Note

This work was partly supported by the VALU3S project, which has received funding from the ECSEL Joint Undertaking(JU) under grant agreement No 876852. The JU receives support from the European Union’s Horizon 2020 research andinnovation programme and Austria, Czech Republic, Germany, Ireland, Italy, Portugal, Spain, Sweden, Turkey. This work hasalso been partly financed by the CyReV project, which is funded by the VINNOVA FFI program – the Swedish GovernmentalAgency for Innovation Systems (Diary number: 2019-03071).

Available from: 2023-10-31 Created: 2023-10-31 Last updated: 2023-11-01Bibliographically approved
Kleberger, P., Folkesson, P. & Sangchoolie, B. (2022). An Integrated Safety and Cybersecurity Resilience Framework for the Automotive Domain. In: : . Paper presented at 7th International Workshop on Critical Automotive Applications: Robustness & Safety. HAL
Open this publication in new window or tab >>An Integrated Safety and Cybersecurity Resilience Framework for the Automotive Domain
2022 (English)Conference paper, Published paper (Other academic)
Abstract [en]

As vehicles become more and more connected with their surroundings and utilize an increasing number of services, they also become more exposed to threats as the attack surface increases. With increasing attack surfaces and continuing challenges of eliminating vulnerabilities, vehicles need to be designed to work even under malicious activities, i.e., under attacks. In this paper, we present a resilience framework that integrates analysis of safety and cybersecurity mechanisms. We also integrate resilience for safety and cybersecurity into the fault – error – failure chain. The framework is useful for analyzing the propagation of faults and attacks between different system layers. This facilitates identification of adequate resilience mechanisms at different system layers as well as deriving suitable test cases for verification and validation of system resilience using fault and attack injection.

Place, publisher, year, edition, pages
HAL, 2022
Keywords
utomotive, cybersecurity, safety, resilience, framework
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-59793 (URN)
Conference
7th International Workshop on Critical Automotive Applications: Robustness & Safety
Available from: 2022-07-11 Created: 2022-07-11 Last updated: 2023-06-07Bibliographically approved
Thorsén, A., Sangchoolie, B., Folkesson, P. & Strandberg, T. (2022). Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids. In: : . Paper presented at CSG 2022: 16. International Conference on Smart Grids January 28-29, 2022 in Dubai, United Arab Emirates.
Open this publication in new window or tab >>Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids
2022 (English)Conference paper, Published paper (Refereed)
Abstract [en]

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment in order to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified in order to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords
Intelligent Distribution Grids, threat analysis, risk assessment, safety, cybersecurity
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-57520 (URN)
Conference
CSG 2022: 16. International Conference on Smart Grids January 28-29, 2022 in Dubai, United Arab Emirates
Available from: 2022-01-03 Created: 2022-01-03 Last updated: 2024-05-21Bibliographically approved
Thorsén, A., Sangchoolie, B., Folkesson, P. & Strandberg, T. (2022). Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids. World Academy of Science, Engineering and Technology International Journal of Energy and Power Engineering, 16(5), 69-76
Open this publication in new window or tab >>Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids
2022 (English)In: World Academy of Science, Engineering and Technology International Journal of Energy and Power Engineering, Vol. 16, no 5, p. 69-76Article in journal (Other academic) Published
Abstract [en]

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., Intelligent Distributed Grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords
Intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity.
National Category
Mechanical Engineering
Identifiers
urn:nbn:se:ri:diva-59289 (URN)
Available from: 2022-05-25 Created: 2022-05-25 Last updated: 2024-05-21Bibliographically approved
Malik, M., Maleki, M., Folkesson, P., Sangchoolie, B. & Karlsson, J. (2022). ComFASE: A Tool for Evaluating the Effects of V2V Communication Faults and Attacks on Automated Vehicles. In: 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022): . Paper presented at 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022). Jun 27, 2022 - Jun 30, 2022. Baltimore, Maryland, USA.
Open this publication in new window or tab >>ComFASE: A Tool for Evaluating the Effects of V2V Communication Faults and Attacks on Automated Vehicles
Show others...
2022 (English)In: 52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022), 2022Conference paper, Published paper (Refereed)
Abstract [en]

This paper presents ComFASE, a communication fault and attack simulation engine. ComFASE is used to identify and evaluate potentially dangerous behaviours of interconnected automated vehicles in the presence of faults and attacks in wireless vehicular networks. ComFASE is built on top of OMNET++ (a network simulator) and integrates SUMO (a traffic simulator) and Veins (a vehicular network simulator). The tool is flexible in modelling different types of faults and attacks and can be effectively used to study the interplay between safety and cybersecurity attributes by injecting cybersecurity attacks and evaluating their safety implications. To demonstrate the tool, we present results from a series of simulation experiments, where we injected delay and denial-of-service attacks on wireless messages exchanged between vehicles in a platooning application. The results show how different variants of attacks influence the platooning system in terms of collision incidents.

Keywords
attack injection, fault injection, simulation-based system, V2V communication, platooning, cybersecurity attack
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-59789 (URN)
Conference
52nd annual IEEE/IFIP international conference on dependable systems and networks (DSN2022). Jun 27, 2022 - Jun 30, 2022. Baltimore, Maryland, USA
Projects
VALU3S
Available from: 2022-07-11 Created: 2022-07-11 Last updated: 2023-06-05Bibliographically approved
Jolak, R., Rosenstatter, T., Mohamad, M., Strandberg, K., Sangchoolie, B., Nowdehi, N. & Scandariato, R. (2022). CONSERVE: A framework for the selection of techniques for monitoring containers security. Journal of Systems and Software, 186, Article ID 111158.
Open this publication in new window or tab >>CONSERVE: A framework for the selection of techniques for monitoring containers security
Show others...
2022 (English)In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 186, article id 111158Article in journal (Refereed) Published
Abstract [en]

Context: Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments. Problem: Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand. Objective: We aim to support the selection and design of techniques for monitoring container-based virtualization environments. Approach:: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques. Result: As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains. Evaluation: A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits. © 2021 The Authors

Place, publisher, year, edition, pages
Elsevier Inc., 2022
Keywords
Attack analysis, Container monitoring, Intrusion detection, Security, Software and systems engineering, Virtualization, Containers, Decision support systems, Efficiency, Monitoring, Virtual reality, Continuous development, Different domains, Efficiency and reliability, Intrusion-Detection, It supports, Software and systems engineerings, Virtualizations
National Category
Computer Systems
Identifiers
urn:nbn:se:ri:diva-57895 (URN)10.1016/j.jss.2021.111158 (DOI)2-s2.0-85121691498 (Scopus ID)
Note

Funding details: 2019-03071; Funding text 1: We would like to thank the participants who took a part in the evaluation of CONSERVE. This research was partially supported by the Swedish VINNOVA FFI project CyReV: Cyber Resilience for Vehicles with diary numbers: 2018-05013 (1st phase) and 2019-03071 (2nd phase).

Available from: 2022-01-10 Created: 2022-01-10 Last updated: 2024-03-21Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-9536-4269

Search in DiVA

Show all publications