Home > Research > Publications & Outputs > Security-Minded Verification of Cooperative Awa...

Electronic data

  • SecurityMindedVerification-3

    Accepted author manuscript, 3.15 MB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

Links

Text available via DOI:

View graph of relations

Security-Minded Verification of Cooperative Awareness Messages

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published
  • Marie Farrell
  • Matthew Bradbury
  • Rafael C. Cardoso
  • Michael Fisher
  • Louise Dennis
  • Clare Dixon
  • Al Tariq Sheik
  • Hu Yuan
  • Carsten Maple
Close
<mark>Journal publication date</mark>31/07/2024
<mark>Journal</mark>IEEE Transactions on Dependable and Secure Computing
Issue number4
Volume21
Number of pages18
Pages (from-to)4048-4065
Publication StatusPublished
Early online date21/12/23
<mark>Original language</mark>English

Abstract

Autonomous robotic systems systems are both safety- and security-critical, since a breach in system security may impact safety. In such critical systems, formal verification is used to model the system and verify that it obeys specific functional and safety properties. Independently, threat modeling is used to analyse and manage the cyber security threats that such systems may encounter. Both verification and threat analysis serve the purpose of ensuring that the system will be reliable, albeit from differing perspectives. In prior work, we argued that these analyses should be used to inform one another and, in this paper, we extend our previously defined methodology for security-minded verification by incorporating runtime verification. To illustrate our approach, we analyse an algorithm for sending Cooperative Awareness Messages between autonomous vehicles. Our analysis centres on identifying STRIDE security threats. We show how these can be formalised, and subsequently verified, using a combination of formal tools for static aspects, namely Promela/SPIN and Dafny, and generate runtime monitors for dynamic verification. Our approach allows us to focus our verification effort on those security properties that are particularly important and to consider safety and security in tandem, both statically and at runtime.