Thomas Rosenstatter

Thomas Rosenstatter

Researcher in Cybersecurity
th**as@ro********er.se

Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

portfolio

publications

Applicability of IEC 61499 for event based Smart Grid applications

Published in International Symposium on Smart Electric Distribution Systems and Technologies (EDST), 2015

Abstract: IEC 61499 is an open standard based on function blocks applied for distributed automation solutions. In this paper we discuss the application of IEC 61499 for designing and implementing event-based Smart Grid applications. We show that IEC 61499 is well suited in the context of Smart Grids at the example of the concrete use case of power exchange between several peers of the Smart Grid. The feasibility of IEC 61499 in the context of this use case is assessed on the basis of a prototypical implementation using the open source framework 4DIAC. We conclude that IEC 61499 is a powerful tool for engineering event-based Smart Grid applications.

Recommended citation: T. Rosenstatter, R. Wanger, S. Huber, T. Heistracher and D. Engel, "Applicability of IEC 61499 for event based Smart Grid applications," 2015 International Symposium on Smart Electric Distribution Systems and Technologies (EDST), Vienna, 2015, pp. 278-283. https://doi.org/10.1109/SEDST.2015.7315221

Modelling the Level of Trust in a Cooperative Automated Vehicle Control System

Published in IEEE Transactions on Intelligent Transportation Systems (Volume: 19, Issue: 4, April 2018), 2017

Vehicle-to-vehicle communication is a key technology for achieving increased perception for automated vehicles, where the communication enables virtual sensing by means of sensors in other vehicles. This paper presents a trust system that allows a cooperative and automated vehicle that uses V2V communication to make more reliable and safe decisions. Read more.

Recommended citation: T. Rosenstatter and C. Englund, "Modelling the Level of Trust in a Cooperative Automated Vehicle Control System," in IEEE Transactions on Intelligent Transportation Systems, vol. 19, no. 4, pp. 1237-1247, April 2018. https://doi.org/10.1109/TITS.2017.2749962

Team Halmstad Approach to Cooperative Driving in the Grand Cooperative Driving Challenge 2016

Published in IEEE Transactions on Intelligent Transportation Systems (Volume: 19, Issue: 4, April 2018), 2018

This paper is an experience report of team Halmstad from the participation in a competition organised by the i-GAME project, the Grand Cooperative Driving Challenge 2016. The competition was held in Helmond, The Netherlands, during the last weekend of May 2016. We give an overview of our car’s control and communication system that was developed for the competition following the requirements and specifications of the i-GAME project. Read more.

Recommended citation: M. Aramrattana et al., "Team Halmstad Approach to Cooperative Driving in the Grand Cooperative Driving Challenge 2016," in IEEE Transactions on Intelligent Transportation Systems, vol. 19, no. 4, pp. 1248-1261, April 2018. https://doi.org/10.1109/TITS.2017.2752359

Open Problems when Mapping Automotive Security Levels to System Requirements

Published in 4th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS, 2018

We describe open problems that need to be addressed in a prospective security framework for the automotive domain. Based on a study of several safety and security standards from other areas as well as suggested automotive security models, we propose an appropriate representation of security levels which is similar to, and will work in parallel with traditional safety, and a method to perform the mapping to a set of predefined system requirements, design rules and security mechanisms. Read more.

Recommended citation: T. Rosenstatter and T. Olovsson, "Open Problems when Mapping Automotive Security Levels to System Requirements," 4th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS), Funchal, 2018, pp. 251-260. https://dx.doi.org/10.5220/0006665302510260

Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms

Published in 21st International Conference on Intelligent Transportation Systems (ITSC), 2018

We first suggest that the risk assessment process should result in five security levels. Further, we identify suitable security mechanisms and design rules for automotive system design and associate them with appropriate security levels. Our proposed methodology is as much as possible aligned with ISO 26262 and we believe that it should therefore be realistic to deploy in existing organizations. Read more.

Recommended citation: T. Rosenstatter and T. Olovsson, "Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms," 2018 21st International Conference on Intelligent Transportation Systems (ITSC), Maui, HI, USA, 2018, pp. 1501-1507. https://doi.org/10.1109/ITSC.2018.8569679

HoliSec Deliverable 3.2 – Secure Communication

Published in Project Deliverable of HoliSec HOLIstic Approach to Improve Data SECurity, 2019

This document presents a summary of our achievements in the area of security mechanisms for connected vehicles. We contribute to different areas, such as internal communication, requirements engineering, software development, and V2X communication. Read more.

Download here

Licentiate Thesis – Towards a Standardised Framework for Securing Connected Vehicles

Published in Technical report L - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University: 198 , 2019

In this thesis we study various safety and security standards and proposed frameworks from different industrial domains with respect to their way of classifying demands in the form of levels and their methods to derive requirements. In our proposed framework, we suggest security levels appropriate for automotive systems and continue with a mapping between these security levels and identified security mechanisms and design rules to provide basic security. We further study in detail a mechanism which provides freshness to authenticated messages, namely AUTOSAR SecOC Profile 3, and present a novel extension that offers a faster synchronisation between ECUs and reduces the number of required messages for synchronisation. Read more.

Recommended citation: T. Rosenstatter, "Towards a Standardised Framework for Securing Connected Vehicles," Licentiate Thesis, Chalmers University of Technology, Sweden, 2019. https://research.chalmers.se/publication/511915

Extending AUTOSARs Counter-based Solution for Freshness of Authenticated Messages in Vehicles

Published in 24th Pacific Rim International Symposium on Dependable Computing (PRDC), 2020

We analyse AUTOSAR SecOC Profile 3, a solution to provide freshness for authenticated messages, and further propose an extension of this security profile that copes with the limitations identified in our analysis. The extended profile provides a faster resynchronisation of the freshness value and consumes less bandwidth due to the reduction of the number of synchronisation messages needed. We evaluated our solution based on two demonstrators, one communicating via CAN bus and one communicating over Ethernet. Read more.

Recommended citation: T. Rosenstatter, C. Sandberg and T. Olovsson, "Extending AUTOSAR's Counter-Based Solution for Freshness of Authenticated Messages in Vehicles," 2019 IEEE 24th Pacific Rim International Symposium on Dependable Computing (PRDC), Kyoto, Japan, 2019, pp. 1-109. https://doi.org/10.1109/PRDC47002.2019.00012

REMIND: A Framework for the Resilient Design of Automotive Systems

Published in IEEE Secure Development Conference, 2020

In this paper, we contribute to supporting the design of resilient automotive systems. We review and analyze scientific literature on resilience techniques, fault tolerance, and dependability. As a result, we present the REMIND resilience framework providing techniques for attack detection, mitigation, recovery, and resilience endurance. Moreover, we provide guidelines on how the REMIND framework can be used against common security threats and attacks and further discuss the trade-offs when applying these guidelines. Read more.

Recommended citation: T. Rosenstatter, K. Strandberg, R. Jolak, R. Scandariato, T. Olovsson, "REMIND: A Framework for the Resilient Design of Automotive Systems," 2020 IEEE Secure Development Conference (SecDev), Atlanta, GA, USA, 2020, pp. 81-95. https://doi.org/10.1109/SecDev45635.2020.00028

Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats

Published in IEEE 91th Vehicular Technology Conference (VTC2021-Spring), 2021

In this paper, we perform a comprehensive threat and risk analysis on published attacks against vehicles and further derive necessary security and resilience techniques. In addition, we map between asset, attack, threat actor, threat category, and required mitigation mechanism for each attack, which results in a presentation of a secure and resilient vehicle design. Ultimately, we present the Resilient Shield a novel framework to justify and ensure security and resilience within the automotive domain. Read more.

Recommended citation: K. Strandberg, T. Rosenstatter, R. Jolak, N. Nowdehi, T. Olovsson, "Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats," 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), Helsinki, Finland, 2021, pp 1-7. https://doi.org/10.1109/VTC2021-Spring51267.2021.9449029

V2C: A Trust-Based Vehicle to Cloud Anomaly Detection Framework for Automotive Systems

Published in 16th International Conference on Availability, Reliability and Security (ARES), 2021

In our proposed V2C Anomaly Detection framework, peer vehicles assess each other based on their perceived behavior in traffic and V2X-enabled interactions, and upload these assessments to the cloud for analysis. This framework consists of four modules. For each module we define functional demands, interfaces and evaluate solutions proposed in literature allowing manufacturers and fleet owners to choose appropriate techniques. We detail attack scenarios where this type of framework is particularly useful in detecting and identifying potential attacks and failing software and hardware. Furthermore, we describe what basic vehicle data the cloud analysis can be based upon. Read more.

Recommended citation: T. Rosenstatter, T. Olovsson, M. Almgren, "V2C: A Trust-Based Vehicle to Cloud Anomaly Detection Framework for Automotive Systems," 16th International Conference on Availability, Reliability and Security (ARES 2021), Association for Computing Machinery, New York, NY, USA, Article 23, 1–10. https://doi.org/10.1145/3465481.3465750

Ph.D. Thesis – On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Published in Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 5000 - Department of Computer Science and Engineering, Chalmers University of Technology and Göteborg University, 2021

Vehicles have come a long way from being purely mechanical systems to systems that comprise an internal network of more than 100 small microcontrollers. Vehicles are also connected to the Internet and communicate with other vehicles and the road infrastructure, such as traffic lights. Moreover, they are safety-critical systems that are operated by millions of people every day. Considering also the number of vehicles on the road and the large number of points attackers may use to get access into the system shows that securing vehicles is not only imperative to keep our society safe, but also challenging. This research work focuses on cyber security and resilience of automotive systems. The former focuses on detecting and preventing attacks whereas the latter concentrates on maintaining the vehicle’s intended operation in the presence of faults and attacks, which may even require the vehicle to disable some functionality to protect the passengers in and around the car. In this thesis, we provide methods that aid practitioners in identifying and selecting the necessary and appropriate security and resilience techniques during the design of an automotive system. Additionally, this thesis also proposes three techniques to secure them, namely a mechanism to secure the internal communication, a model to assess a vehicle’s behaviour and reliability when it is driving in traffic, and a framework to detect attacks and anomalies in a vehicle fleet. Read more.

Recommended citation: T. Rosenstatter, "On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines," Ph.D. Thesis, Chalmers University of Technology, Sweden, 2021. https://research.chalmers.se/publication/526019

CONSERVE: A framework for the selection of techniques for monitoring containers security

Published in The Journal of Systems & Software, 2021

CONSERVE (i) provides a systematic decision support for monitoring containers security; (ii) is an easy-to-use framework for selecting container monitoring techniques; and (iii) supports an efficient selection of container monitoring techniques. Read more.

Recommended citation: R. Jolak, T. Rosenstatter, M. Mohamad, et al., CONSERVE: A framework for the selection of techniques for monitoring containers security. The Journal of Systems and Software (2021), doi: 10.1016/j.jss.2021.111158 https://doi.org/10.1016/j.jss.2021.111158

RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems

Published in Software Engineering and Advanced Applications (SEAA) Euromicro Conference 2022, 2022

In this paper we present RIPOSTE, a framework for collaborative real-time evaluation and selection of suitable response techniques when an attack is in progress. We evaluate the framework from a safety perspective by conducting a qualitative study involving domain experts. The proposed framework is deemed slightly unsafe, and insights into how to improve the overall safety of the framework are provided. Read more.

Recommended citation: R. Jolak, T. Rosenstatter, S. Aldaghistani, and R. Scandariato, "RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems," 48th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), Gran Canaria, Spain, 2022, pp. 350-357, doi: 10.1109/SEAA56994.2022.00062. https://doi.org/10.1109/SEAA56994.2022.00062

Systematic Evaluation of Automotive Intrusion Detection Datasets

Published in ACM Computer Science in Cars Symposium (CSCS) 2022, 2022

Next generation security solutions to detect anomalies and attacks are likely relying on machine learning and related technologies. Therefore, it is of utmost importance that appropriate data for training and evaluation are being used. In this paper, we investigate different characteristics of security datasets and propose several qualitative and quantitative metrics for evaluating them. Furthermore, we demonstrate how these metrics can be used to learn the strengths and weaknesses in these datasets. </u></b>](./2022-SystematicEvaluationAutoIDS/)

Recommended citation: A. Vahidi, T. Rosenstatter, and N. Mowla. 2022. Systematic Evaluation of Automotive Intrusion Detection Datasets. In Computer Science in Cars Symposium (CSCS '22), December 8, 2022, Ingolstadt, Germany. ACM, New York, NY, USA, 12 pages. https://doi.org/10.1145/3568160.3570226

Towards Synthetic Data Generation of VANET Attacks for Efficient Testing

Published in 2023 IEEE Intelligent Vehicles Symposium (IV), 2023

In this paper, we present an attack simulation and generation framework that allows training the attack generator with either simulated or real VANET attacks. We outline the structure of our proposed framework and describe the setup of a standard-compliant attack simulator that generates valid standardised CAM and DENM messages specified by ETSI in the Cooperative Intelligent Transport Systems (C-ITS) standards. Based on the introduced framework, we demonstrate the feasibility of using deep learning for the generation of VANET attacks, which ultimately allows us to test and verify prototypes without running resource-demanding simulations. </u></b>](./2023-TowardsSyntheticVANETAttacks/)

Recommended citation: T. Rosenstatter, and K. Melnyk. 2023. Towards Synthetic Data Generation of VANET Attacks for Efficient Testing. 2023 IEEE Intelligent Vehicles Symposium (IV), Anchorage, AK, USA, 2023, IEEE. https://doi.org/10.1109/IV55152.2023.10186685

Rapport: Förstudie om digital säkerhet för små och medelstora företag i Skåne

Published in , 2023

The pre-study discusses the current security situation in small and medium sized companies in Skåne. The results of our online survey with 26 respondents working in SMEs in Skåne show that there was at least one respondent in every attack scenario saying that they were knowingly victim of such an attack. </u></b>](./2023-forstudie-sakerhet-skaane/)

Recommended citation: T. Rosenstatter, J. Olajos, L. Håkansson, L. Johansson, P. Lavesson and R. Nilsson. Rapport: Förstudie om digital säkerhet för små och medelstora företag i Skåne. Mobile Heights, Sweden, 2023. https://mobileheights.org/wp-content/uploads/2023/04/Rapport-Forstudie-om-digital-sakerhet-for-sma-och-medelstora-foretag-i-Skane.pdf

STRIDE-based Methodologies for Threat Modeling of Industrial Control Systems: A Review

Published in 2024 IEEE 7th Industrial Cyber-Physical Systems Conference (ICPS2024), 2024

The OT domain is fundamentally different to IT by exhibiting unique characteristics such as high reliability, strict safety requirements or unique physical attack risks. Threat assessment thus needs to be adapted. This paper reviews STRIDE-based threat modeling approaches in that respect and provides a first step towards the overarching goal of establishing a common STRIDE-based methodology for threat modeling for ICS. </u></b>](./2024-STRIDE-inOT/)

Recommended citation: O. Saßnick, T. Rosenstatter, C. Schäfer and S. Huber. "STRIDE-based Methodologies for Threat Modeling of Industrial Control Systems: A Review," 2024 IEEE 7th Industrial Cyber-Physical Systems Conference (ICPS2024), St. Louis, USA, 2024, pp. 1-8. https://doi.org/10.1109/ICPS59941.2024.10639949

AsIf: Asset Interface Analysis of Industrial Automation Devices

Published in 8th Cyber Security in Networking Conference (CSNet), 2024

We propose a method for the analysis of assets in industrial systems, with special focus on physical threats. Inspired by the ISO/OSI reference model, a systematic approach is introduced to help identify and classify asset interfaces. This results in an enriched system model of the asset, offering a comprehensive overview visually represented as an interface tree, thereby laying the foundation for subsequent threat modeling steps.</u></b>](./2024-AsIf-arxiv/)

Recommended citation: T. Rosenstatter, C. Schäfer, O. Saßnick and S. Huber. "AsIf: Asset Interface Analysis of Industrial Automation Devices," 8th Cyber Security in Networking Conference (CSNet), Paris, France, 2024, pp. 165-172. https://doi.org/10.1109/CSNet64211.2024.10851752

talks

Towards a Standardised Framework for Securing Connected Vehicles

Published:

Vehicular security was long limited to physical security - to prevent theft. However, the trend of adding more comfort functions and delegating advanced driving tasks back to the vehicle increased the magnitude of attacks, making cybersecurity inevitable. Attackers only need to find one vulnerability in the myriad of electronic control units (ECUs) and communication technologies used in a vehicle to compromise its functions. Vehicles might also be attacked by the owners, who want to modify or even disable certain vehicle functions.

Bringing Automotive Security and Safety Closer Together

Published:

We already have best practices and mechanisms for functional safety in place, however, a structured or standardised approach for identifying specific security mechanisms mandatory to be implemented are missing for the automotive domain. Our proposed approach covers basic security demands and enables a closer cooperation between safety and security work.

On the Secure and Resilient Design of Connected Vehicles: Methods and Guidelines

Published:

Vehicular security was long limited to physical security - to prevent theft. However, the trend of adding more comfort functions and delegating advanced driving tasks back to the vehicle increased the magnitude of attacks, making cybersecurity inevitable. Attackers only need to find one vulnerability in the myriad of electronic control units (ECUs) and communication technologies used in a vehicle to compromise its functions. Vehicles might also be attacked by the owners, who want to modify or even disable certain vehicle functions.

CyReV Results: REMIND and V2C Anomaly Detection

Published:

At this spring’s AutoSec conference organised by Chalmers and RISE, I presented our work about resilience techniques for automotive systems (REMIND) and a vehicle to cloud anomaly detection framework (V2C Anomaly Detection).

An example of what recently happened during an attack on a specific car brand.

Published:

At the AutoSec lunch seminar organised by Chalmers and RISE, I presented a walk through of a the hack of a Hyundai’s infotainment system. It highlights the major security pitfalls that ultimately allowed a dedicated and patient programmer to ultimately program and run his own applications on his car’s infotainment system. The description of the hack can be found here.

teaching

Internet Protocols and Services, 2023/24, 2024/25

Bachelor's degree, lecture, in German, Salzburg University of Applied Sciences Salzburg, 2023

Content:

  • Starting with the OSI model (reference model, service access points, …)
  • Calculation of the transmission time over several hops
  • Layer 2: focus on automatic repeat requests (ARQ) and Ethernet
  • Layer 3: focus on routing protocols, IPv4, IPv6 and quality of service (QoS) using prioritisation
  • Layer 4: focus on TCP functions, like reliable end-to-end connection with exercises on transmitting segments, TCP Reno and Tahoe
  • Layer 7: focus essential Internet protocols