16 May
2021
16 May
'21
12:01 p.m.
Hello,
I would like to report that we have submitted two papers. Details of the papers are below.
If accepted, we will acknowledge SPARTA.
Best greetings,
Raimundas
—————————
Title: Information Security Analysis in the Passenger-Autonomous Vehicle Interaction
Authors: Mariia Bakhtina, Raimundas Matulevičius
Venue: International Workshop on Security and Privacy in Intelligent Infrastructures (SP2I
2021) co-organised at ARES 2021.
Abstract: Autonomous vehicles (AV) are becoming a part of humans' everyday life. There
are numerous pilot projects of driverless public buses; some car manufacturers deliver
their premium-level automobiles with advanced self-driving features. Thus, assuring the
security of a Passenger--Autonomous Vehicle interaction arises as an important research
topic, as along with opportunities, new cybersecurity risks and challenges occur that
potentially may threaten Passenger's privacy and safety on the roads. This study
proposes an approach of the security requirements elicitation based on the developed
threat model. Thus, information security risk management helps to fulfil one of the
principles needed to protect data privacy - information security. We demonstrate the
process of security requirements elicitation to mitigate arising security risks. The
findings of the thesis are case-oriented and are based on the literature review. They are
applicable for AV system implementation used by ride-hailing service providers that enable
supervisory AV control.
—————————
Title: Risk-Oriented Design Approach For Forensic-Ready Software Systems
Authors: Lukas Daubner, Raimundas Matulevičius
Venue: the 14th International Workshop on Digital Forensics (WSDF 2021) co-organised at
ARES 2021.
Abstract: Digital forensic investigation is a complex and time-consuming activity in
response to a cybersecurity incident or cybercrime to answer questions related to it.
These typically are what happened, when, where, how, and who is responsible. However,
answering them is often very laborious and sometimes outright impossible due to a lack of
useable data. The forensic-ready software systems are designed to produce valuable
on-point data for use in the investigation with potentially high evidence value. Still,
the particular ways to develop these systems are currently not explored.
This paper proposes consideration of forensic readiness within security risk management to
refine specific requirements on forensic-ready software systems. The idea is to
re-evaluate the taken security risk decisions with the aim to provide trustable data when
the security measures fail. Additionally, it also considers possible disputes, which the
digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design,
composes of two parts: (1) process guiding the identification of the requirements in the
form of potential evidence sources, and (2) supporting BPMN notation capturing the
potential evidence sources and their relationship. Together they are aimed to provide a
high-level overview of the forensic-ready requirements within the system. Finally, the
approach is demonstrated on an automated valet parking scenario, followed by a discussion
regarding its impact and usefulness within the forensic readiness effort.
5 Jun
5 Jun
9:10 a.m.
Dear all,
The aforementioned papers are now accepted at the the venues. We will acknowledge the
SPARTA project in the camera ready version.
Both studies contribute to the WP6.5 result.
Best greetings,
Raimundas
Hello,
I would like to report that we have submitted two papers. Details of the papers are below.
If accepted, we will acknowledge SPARTA.
Best greetings,
Raimundas
—————————
Title: Information Security Analysis in the Passenger-Autonomous Vehicle Interaction
Authors: Mariia Bakhtina, Raimundas Matulevičius
Venue: International Workshop on Security and Privacy in Intelligent Infrastructures (SP2I
2021) co-organised at ARES 2021.
Abstract: Autonomous vehicles (AV) are becoming a part of humans' everyday life. There
are numerous pilot projects of driverless public buses; some car manufacturers deliver
their premium-level automobiles with advanced self-driving features. Thus, assuring the
security of a Passenger--Autonomous Vehicle interaction arises as an important research
topic, as along with opportunities, new cybersecurity risks and challenges occur that
potentially may threaten Passenger's privacy and safety on the roads. This study
proposes an approach of the security requirements elicitation based on the developed
threat model. Thus, information security risk management helps to fulfil one of the
principles needed to protect data privacy - information security. We demonstrate the
process of security requirements elicitation to mitigate arising security risks. The
findings of the thesis are case-oriented and are based on the literature review. They are
applicable for AV system implementation used by ride-hailing service providers that enable
supervisory AV control.
—————————
Title: Risk-Oriented Design Approach For Forensic-Ready Software Systems
Authors: Lukas Daubner, Raimundas Matulevičius
Venue: the 14th International Workshop on Digital Forensics (WSDF 2021) co-organised at
ARES 2021.
Abstract: Digital forensic investigation is a complex and time-consuming activity in
response to a cybersecurity incident or cybercrime to answer questions related to it.
These typically are what happened, when, where, how, and who is responsible. However,
answering them is often very laborious and sometimes outright impossible due to a lack of
useable data. The forensic-ready software systems are designed to produce valuable
on-point data for use in the investigation with potentially high evidence value. Still,
the particular ways to develop these systems are currently not explored.
This paper proposes consideration of forensic readiness within security risk management to
refine specific requirements on forensic-ready software systems. The idea is to
re-evaluate the taken security risk decisions with the aim to provide trustable data when
the security measures fail. Additionally, it also considers possible disputes, which the
digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design,
composes of two parts: (1) process guiding the identification of the requirements in the
form of potential evidence sources, and (2) supporting BPMN notation capturing the
potential evidence sources and their relationship. Together they are aimed to provide a
high-level overview of the forensic-ready requirements within the system. Finally, the
approach is demonstrated on an automated valet parking scenario, followed by a discussion
regarding its impact and usefulness within the forensic readiness effort.
--------
Information Security Research Group: <https://infosec.cs.ut.ee>
--------
Dr. Raimundas Matulevičius,
Professor of Information Security
Institute of Computer Science
University of Tartu
Narva mnt 18,
51009 Tartu
Estonia
1588
days inactive
1608
days old
bodies.dissemination-committee@internal.sparta.eu
1 comments
1 participants
participants (1)
-
Raimundas Matulevicius