Towards a Security Assurance Framework for Connected Vehicles

Security assurance is defined as the degree of confidence that the security requirements of an IT system are satisfied. In view of the emerging paradigm of connected vehicles i.e., dynamic Cyber-Physical systems of highly-equipped infrastructure-connected vehicles, specifying the involved assurance becomes highly-critical yet challenging; vehicles increasingly exploit various communication means to exchange rich data of relevance with the infrastructure resulting in a large attack surface. Both the complexity and uncertainty are increased rendering the so-far generic methods for security assurance costly-to-apply. In this position paper we introduce a security assurance framework tailored for connected vehicles, as explored by the EU-funded H2020 SAFERtec project. We put under the microscope two instances of vehicle-to-infrastructure communications and relying on an innovative modeling methodology we identify the involved security and privacy requirements. We then present the way to enhance the processes of the credible yet generic Common Criteria approach to gain evidence that the above requirements are met. The experimental evaluation of the framework is carried-out over a reference implementation of a prototype vehicle connected to road-side units and cloud-based services. The expectations are that our work assists to effectively construct assurance arguments increasing trust in connected vehicles.