M105CEM Automotive Cybersecurity

Module Learning Outcomes Assessed:

1.Explain and evaluate key theoretical concepts underpinning cybersecurity threats in the automotive context.

2.Situate these threats with respect to wider system risks, security and safety impact, and propose cost-effective countermeasures.

3.Have a good understanding of economic, legal and regulatory issues surrounding security testing, compliance and certification.

Have a systematic appreciation of privacy and policy issues surrounding the use of personal and sensitive data generated on modern automotive platforms in the context of sensing, communication, and storage.

Question 1

LIN (local interconnect network) is one of the main automotive networks. Considering LIN as an asset, do the composite threat modelling.   

Creating interconnecting drawing (05 Marks);

flow diagram (05 Marks);

creating and populating threat matrix with following fields i.e., 1) List of vulnerabilities that could be exploited, 2) difficulty level to protect against vulnerabilities, 3) resource required to do the attack, 4) consequences of attacks(20 Marks);

Aattack scenario  

Question 2

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any malicious activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.

Propose an intrusion detection system (IDS) for any security layer. List down IDS rules with proper syntax.  Write general description of proposed IDS (05 Marks), create a rule table , and give high level implementation details e.g., sudo code, algorithm, state diagram (05 Marks).

Question 3:

Attack trees are conceptual diagrams showing how an asset, or target, might be attacked. Use the J3061 attack tree notation to construct an attack tree to physical access e.g., exploiting telematics unit vulnerabilities, where the attack goal is to access antilock braking system. Feel free to have assumptions e.g., open access of port, availability of scanning tools.

Create an attack tree using J3061 attack tree notation (05 Marks). Your attack tree should consider all possible ways (10 Marks).  Once constructed, rate the different paths to achieving your attack goal with relative levels of difficulty, labelling 1 to 10 (where 10 is the most difficult and 1 is the least difficult) (05 Marks).

Question 4:

Give suggestions of appropriate certification, standard of automotive security.

·The report will be marked out of 100.

·You are expected to make use of data from other sources.  

·Please ensure you have appropriate citations and referencing throughout.  If you are unsure on referencing techniques refer to the CU Harvard guide.

1.You are expected to use the CUHarvard referencing format. For support and advice on how this students can contact Centre for Academic Writing (CAW).

2.Please notify your registry course support team and module leader for disability support.

3.Any student requiring an extension or deferral should follow the university process as outlined here.

4.The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.

5.If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via email and as a CUMoodle announcement.

6.Assignments that are more than 10% over the word limit will result in a deduction of 10% of the mark i.e. a mark of 60% will lead to a reduction of 6% to 54%. The word limit includes quotations, but excludes the bibliography, reference list and tables.