Automotive Security Analyzer for Exploitability Risks - An Automated and Attack Graph-Based Evaluation of On-Board Networks

Our lives depend on automotive cybersecurity, protecting us inside and near vehicles. If vehicles go rogue, they can operate against the driver's will and potentially drive off a cliff or into a crowd. The 'Automotive Security Analyzer for Exploitability Risks' (AutoSAlfER) evaluates the exploitability risks of automotive on-board networks by attack graphs. AutoSAlfER's Multi-Path Attack Graph algorithm is 40 to 200 times smaller in RAM and 200 to 5 000 times faster than a comparable implementation using Bayesian networks, and the Single-Path Attack Graph algorithm constructs the most reasonable attack path per asset with a computational, asymptotic complexity of only O(n * log(n)), instead of O(n²). AutoSAlfER runs on a self-written graph database, heuristics, pruning, and homogenized Gaussian distributions and boosts people's productivity for a more sustainable and secure automotive on-board network. Ultimately, we enjoy more safety and security in and around autonomous, connected, electrified, and shared vehicles.

Dr. Martin Salfer is an IT security researcher at TUM and a tech lead at an automaker. He earned his Ph.D. in IT Security from TUM, completed his M.Sc. with honours in Software Engineering at UniA/LMU/TUM, and obtained his B.Sc. in Computer Science from HM, with a study abroad at KPU in Vancouver, Canada, and ESIEA in Paris, France, and a research visit at NII in Tokyo, Japan. He is the lead author of 28 publications, including five IT security patents.