Implementing a Model-based Engineering Tool as Web Application
Authors:
Florian Hölzl,
Simon Barner
Abstract:
This paper reports on a study of transferring a desktop-based model-based engineering tool to a web application. The study has been conducted in the WEBMODEL project where the well-established technology stack around the Eclipse platform and the Eclipse Modeling Framework was lifted into a cloud-based environment. As results, a modeling language independent tooling kernel for web-based modeling to…
▽ More
This paper reports on a study of transferring a desktop-based model-based engineering tool to a web application. The study has been conducted in the WEBMODEL project where the well-established technology stack around the Eclipse platform and the Eclipse Modeling Framework was lifted into a cloud-based environment. As results, a modeling language independent tooling kernel for web-based modeling tools and a minimal prototypical web-based implementation of the AutoFOCUS 3 model-based engineering tool are presented. Furthermore, the report documents experiences and implementation advises gained during the implementation.
△ Less
Submitted 27 February, 2023;
originally announced February 2023.
Technical Report: Automating Vehicle SOA Threat Analysis using a Model-Based Methodology
Authors:
Yuri Gil Dantas,
Simon Barner,
Pei Ke,
Vivek Nigam,
Ulrich Schoepp
Abstract:
While the adoption of Service-Oriented Architectures (SOA) eases the implementation of features such as autonomous driving and over-the-air updates, it also increases the vehicle's exposure to attacks that may place road-users in harm. To address this problem, standards (ISO 21434/UNECE) expect manufacturers to produce security arguments and evidence by carrying out appropriate threat analysis. As…
▽ More
While the adoption of Service-Oriented Architectures (SOA) eases the implementation of features such as autonomous driving and over-the-air updates, it also increases the vehicle's exposure to attacks that may place road-users in harm. To address this problem, standards (ISO 21434/UNECE) expect manufacturers to produce security arguments and evidence by carrying out appropriate threat analysis. As key threat analysis steps, e.g., damage/threat scenario and attack path enumeration, are often carried out manually and not rigorously, security arguments lack precise guarantees, e.g., traceability w.r.t. safety goals, especially under system updates. This article proposes automated methods for threat analysis using a model-based engineering methodology that provides precise guarantees with respect to safety goals. This is accomplished by proposing an intruder model for automotive SOA which together with the system architecture and the loss scenarios identified by safety analysis are used as input for computing assets, impact rating, damage/threat scenarios, and attack paths. To validate the proposed methodology, we developed a faithful model of the autonomous driving functions of the Apollo framework, a widely used open-source autonomous driving stack. The proposed machinery automatically enumerates several attack paths on Apollo, including attack paths not reported in the literature.
△ Less
Submitted 23 December, 2022;
originally announced December 2022.