Optimizing the Automotive Security Development Process in Early Process Design Phases

Security is a relatively new topic in the automotive industry. In the former days, the only security defense methods were the engine immobilizer and the anti-theft alarm system. The rising connection of vehicles to external networks made it necessary to extend the security effort by introducing security development processes. These processes include, amongothers, risk analysis and treatment steps. In parallel, the development of ISO/SAE 21434 and UN-ECE No. R155 started. The long development cycles in the automotive industry made it necessary to align the development processes' early designs with the standards' draft releases. This work aims to design a new consistent, complete and efficient security development process, aligned with the normative references. The resulting development process design aligns with the overall development methodology of the underlying, evaluated development process. Use cases serve as a basis for evaluating improvements and the method designs. This work concentrates on the left leg of the V-Model. Nevertheless, future work targets extensions for a holistic development approach for safety and security.:I. Foundation 1. Introduction 2. Automotive Development 3. Methodology II. Meta-Functional Aspects 4. Dependability as an Umbrella-Term 5. Security Taxonomy 6. Terms and Definitions III. Security Development Process Design 7. Security Relevance Evaluation 8. Function-oriented Security Risk Analysis 9. Security Risk Analysis on System Level 10. Risk Treatment IV. Use Cases and Evaluation 11. Evaluation Criteria 12. Use Case: Security Relevance Evaluation 13. Use Case: Function-oriented Security Risk Analysis 14. Use Case: System Security Risk Analysis 15. Use Case: Risk Treatment V. Closing 16. Discussion 17. Conclusion 18. Future Work Appendix A. Attacker Model Categories and Rating Appendix B. Basic Threat Classes for System SRA Appendix C. Categories of Defense Method Propertie

Incorporating Data Dependencies and Properties in Difference Verification with Conditions (Technical Report)

Software changes frequently. To efficiently deal with such frequent changes, software verification tools must be incremental. Most of today's approaches for incremental verification consider one specific verification approach. One exception is difference verification with conditions recently proposed by Beyer et al. Its underlying idea is to determine an overapproximation of those modified execution paths that may cause a new property violation, which does not exist in the unchanged program, encode the determined paths into a condition, and use the condition to restrict the verification to the analysis of those determined paths. To determine the overapproximation, Beyer et al. propose a syntax-based difference detector that adds any syntactical path of the modified program that does not exist in the original program into the overapproximation. This paper provides a second difference detector diffDP, which computes a more precise overapproximation by taking data dependencies and program properties into account when determining the overapproximation of those modified execution paths that may cause a new property violation. Our evaluation indeed shows that our more precise difference detector improves the effectiveness and efficiency of difference verification with condition on several tasks

Dynamic Composition of Cyber-Physical Systems

Future cyber-physical systems must fulfill strong demands on timeliness and reliability, so that the safety of their operational environment is never violated. At the same time, such systems are networked computers with the typical demand for reconfigurability and software modification. The combination of both expectations makes established modeling and analysis techniques difficult to apply, since they cannot scale with the number of possible operational constellations resulting from the dynamics. The problem increases when components with different non-functional demands are combined to one cyber-physical system and updated independent from each other. We propose a new approach for the design and development of composable, dynamic and dependable software architectures, with a focus on the area of networked embedded systems. Our key concept is the specification of software components and their non-functional composition constraints in the formal language TLA+. We discuss how this technique can be embedded in an overall software design workflow, and show the practical applicability with a detailed resource scheduling example

Aus den Augen, aus dem Sinn?! Akteurspezifische Bewertung und Akzeptanz von HGÜ-Erdkabeltrassen

Eine gelingende Energiewende und sichere Stromversorgung erfordern die Verstärkung und den Ausbau der Netzinfrastruktur. Ende 2015 wurde der Vorrang von Erdkabeln vor Freileitungen in siedlungsnahen Bereichen beschlossen, um den Netzausbau schneller zu realisieren und lokale Widerstände zu minimieren. Der Beitrag betrachtet die Wahrnehmung und Akzeptanz eines geplanten Erdkabelprojekts zum Stromnetzausbau im ländlichen Raum (Rheinisches Braunkohlerevier) aus der Sicht lokal betroffener Gruppen. Mittels qualitativer Interviews werden die Perspektiven betroffener Anwohner und Landwirte bezogen auf die Energiewende, den Netzausbau, Akzeptanz und Bewertung von Erdkabeln und Freileitungen im Allgemeinen sowie der geplanten Erdkabeltrasse und zugehöriger Nebenanlagen im Speziellen erhoben und miteinander verglichen. Die Ergebnisse zeigen gruppenbezogene Gemeinsamkeiten und Unterschiede. Generell ist eine positive Einstellung beider Gruppen gegenüber der Energiewende und eine Präferenz für Erdkabel im Vergleich mit Freileitungen zu konstatieren. In Bezug auf beide Themen gibt es aber auch kritische Äußerungen. Trotz der generellen Präferenz für Erdkabel wird die konkrete geplante Erdkabeltrasse in der Untersuchungsregion von den betroffenen Anwohnern eher neutral, teils gleichgültig und in verschiedenen Punkten kritisch bewertet. Die Haltung der Landwirte ist aufgrund der Vielzahl wahrgenommener Nachteile eher ablehnend und führt partiell zu (aktiven) Widerstandshandlungen, die das Vorhaben verzögern könnten. Es wird deutlich, dass regionale Standortmerkmale und raum-zeitliche Prozesse, Gewöhnungseffekte sowie Erfahrungswissen eine wesentliche Rolle bei der Bewertung der geplanten Erdkabeltrasse spielen, die bei der Planung von Netzinfrastrukturprojekten berücksichtigt werden sollten.A successful energy turnaround - the so-called Energiewende - requires the reinforcement and expansion of the electricity grid. In late 2015, the German government approved a law prioritizing the use of underground cables over overhead lines near residential areas in order to speed up the grid expansion and to minimize local resistances. This paper deals with the perception and acceptance of concerned parties regarding an underground cable project planned in a rural area (Rheinisches Braunkohlerevier). By means of qualitative interviews the perspectives of local farmers and residents on the Energiewende, acceptance and evaluation of the grid expansion in general as well as the planned underground cable project and its ancillary facilities which are to be implemented in the living environment of the two affected parties were investigated and compared. The results show group-related similarities and differences. Overall, both groups were found to have a positive attitude towards the Energiewende and a preference for underground cables compared to overhead lines. However, criticism towards both issues was also voiced. Despite the general preference for underground cables, local residents evaluate the particular underground cable project in the investigated region rather neutral, partly indifferent, and in some aspects critical. In contrast, the attitude of local farmers is rather critical due to a multitude of perceived disadvantages, which partially lead to (active) acts of resistance that could slow down the project. It becomes obvious that regional site characteristics, spatio-temporal processes, habit-forming effects as well as experience and knowledge play a substantial role when evaluating the planned underground cables and that these aspects should be considered when planning grid infrastructure projects

Late Endosomes Act as mRNA Translation Platforms and Sustain Mitochondria in Axons.

Local translation regulates the axonal proteome, playing an important role in neuronal wiring and axon maintenance. How axonal mRNAs are localized to specific subcellular sites for translation, however, is not understood. Here we report that RNA granules associate with endosomes along the axons of retinal ganglion cells. RNA-bearing Rab7a late endosomes also associate with ribosomes, and real-time translation imaging reveals that they are sites of local protein synthesis. We show that RNA-bearing late endosomes often pause on mitochondria and that mRNAs encoding proteins for mitochondrial function are translated on Rab7a endosomes. Disruption of Rab7a function with Rab7a mutants, including those associated with Charcot-Marie-Tooth type 2B neuropathy, markedly decreases axonal protein synthesis, impairs mitochondrial function, and compromises axonal viability. Our findings thus reveal that late endosomes interact with RNA granules, translation machinery, and mitochondria and suggest that they serve as sites for regulating the supply of nascent pro-survival proteins in axons

N-acetylaspartic acid in cerebrospinal fluid of multiple sclerosis patients determined by gas-chromatography-mass spectrometry

Background: Axonal degeneration is considered to play a major role in the development of clinical disability in multiple sclerosis (MS). N-AcetylAspartic Acid (NAA) is a neuron-specific marker constantly identified in MR-spectroscopy studies of the normal and MS brain. To our knowledge there are no studies available that evaluated NAA in cerebrospinal fluid (CSF) as a possible marker for disease severity. Objective: To evaluate CSF concentrations of NAA in MS in relation to disease phenotype, clinical measures of disability and MRI markers of disease burden. Methods: NAA concentrations were determined in CSF of 46 patients with MS (26 relapsing remitting (RRMS), 12 secondary progressive (SPMS) and 8 primary progressive (PPMS)). Prior to lumbar puncture, MS-patients underwent MRI and clinical examination, including the Expanded Disability Status Scale (EDSS) and the MS Functional Composite (MSFC). Additionally, CSF concentrations of NAA were determined in 12 patients with other neurological diseases (OND). Results: Median CSF NAA concentration was 0.74 (IQR: 0.59-0.94) in RRMS , 0.54 (IQR: 0.35-0.73) in SPMS and 0.83 μmol/l (IQR: 0.56-1.03) in PPMS patients. SPMS patients had a significantly lower NAA concentration than RRMS patients. NAA concentrations correlated with EDSS (r = )0.37, p = 0.016), MSFC (r = 0.41, p = 0.010), normalised brain volume (r = 0.49, p = 0.001), T2 lesion load (r = )0.35, p = 0.021) and black hole lesion load (r = )0.47, p = 0.002). No differences were observed between OND (median: 0.57 IQR: 0.28-0.73) and MS patients. Conclusions: CSF NAA concentration in MS patients is related to clinical performance and MRI measures of disease burden and may therefore be an important neuron specific marker of disease severity and possibly progression

A Sensitive Assay for Virus Discovery in Respiratory Clinical Samples

In 5–40% of respiratory infections in children, the diagnostics remain negative, suggesting that the patients might be infected with a yet unknown pathogen. Virus discovery cDNA-AFLP (VIDISCA) is a virus discovery method based on recognition of restriction enzyme cleavage sites, ligation of adaptors and subsequent amplification by PCR. However, direct discovery of unknown pathogens in nasopharyngeal swabs is difficult due to the high concentration of ribosomal RNA (rRNA) that acts as competitor. In the current study we optimized VIDISCA by adjusting the reverse transcription enzymes and decreasing rRNA amplification in the reverse transcription, using hexamer oligonucleotides that do not anneal to rRNA. Residual cDNA synthesis on rRNA templates was further reduced with oligonucleotides that anneal to rRNA but can not be extended due to 3′-dideoxy-C6-modification. With these modifications >90% reduction of rRNA amplification was established. Further improvement of the VIDISCA sensitivity was obtained by high throughput sequencing (VIDISCA-454). Eighteen nasopharyngeal swabs were analysed, all containing known respiratory viruses. We could identify the proper virus in the majority of samples tested (11/18). The median load in the VIDISCA-454 positive samples was 7.2 E5 viral genome copies/ml (ranging from 1.4 E3–7.7 E6). Our results show that optimization of VIDISCA and subsequent high-throughput-sequencing enhances sensitivity drastically and provides the opportunity to perform virus discovery directly in patient material

Digital Cranial Endocast of Hyopsodus (Mammalia, “Condylarthra”): A Case of Paleogene Terrestrial Echolocation?

We here describe the endocranial cast of the Eocene archaic ungulate Hyopsodus lepidus AMNH 143783 (Bridgerian, North America) reconstructed from X-ray computed microtomography data. This represents the first complete cranial endocast known for Hyopsodontinae. The Hyopsodus endocast is compared to other known “condylarthran” endocasts, i. e. those of Pleuraspidotherium (Pleuraspidotheriidae), Arctocyon (Arctocyonidae), Meniscotherium (Meniscotheriidae), Phenacodus (Phenacodontidae), as well as to basal perissodactyls (Hyracotherium) and artiodactyls (Cebochoerus, Homacodon). Hyopsodus presents one of the highest encephalization quotients of archaic ungulates and shows an “advanced version” of the basal ungulate brain pattern, with a mosaic of archaic characters such as large olfactory bulbs, weak ventral expansion of the neopallium, and absence of neopallium fissuration, as well as more specialized ones such as the relative reduction of the cerebellum compared to cerebrum or the enlargement of the inferior colliculus. As in other archaic ungulates, Hyopsodus midbrain exposure is important, but it exhibits a dorsally protruding largely developed inferior colliculus, a feature unique among “Condylarthra”. A potential correlation between the development of the inferior colliculus in Hyopsodus and the use of terrestrial echolocation as observed in extant tenrecs and shrews is discussed. The detailed analysis of the overall morphology of the postcranial skeleton of Hyopsodus indicates a nimble, fast moving animal that likely lived in burrows. This would be compatible with terrestrial echolocation used by the animal to investigate subterranean habitat and/or to minimize predation during nocturnal exploration of the environment