IEEE Access (Jan 2024)

Development for High-Assurance Software Update Management System Complying With UN R156

  • Jaewan Seo,
  • Jiwon Kwak,
  • Seungjoo Kim

DOI
https://doi.org/10.1109/ACCESS.2024.3426591
Journal volume & issue
Vol. 12
pp. 135811 – 135830

Abstract

Read online

With the advent of autonomous driving and connected vehicles in the automotive industry, various vehicle software components are now connected to wireless networks. This enables vehicles to automatically patch vulnerabilities by Original Equipment Manufacturers (OEMs) using Over-The-Air (OTA) technology. However, this increased connectivity also exposes vehicles to a wider range of threats due to the expanded attack surfaces. As a response, the United Nations Economic Commission for Europe (UNECE) has introduced regulations to ensure vehicle security. Among these, regulation no. 156 outlines requirements for implementing a Software Update Management System (SUMS) related explicitly to OTA. However, the abstract requirements in UN R156 pose challenges for OEMs looking to implement SUMS according to their specific needs. Therefore, we conducted threat modeling to derive more detailed security requirements than those outlined in UN R156. Subsequently, we designed a secure SUMS architecture based on these enhanced security requirements and formally verified whether the architecture satisfies the specified security criteria. Finally, we utilized Atelier B to generate source code for the SUMS.

Keywords