자동차 소프트웨어 & 공급망 보증(A-SSCA)

  • 김동원 (고려대학교 정보보호대학원) ;
  • 한근희 (고려대학교 융합소프트웨어전문대학원)
  • Published : 2015.02.28

Abstract

현대의 자동차는 안전중요(Safety Critical) 시스템이기 때문에 차량의 안전성을 보장하는 것은 물론 초 연결사회를 지향하는 사물인터넷 기술의 발전과 자동차의 스마트화 됨에 따른 자동차 보안문제가 대두됨에 따라 자동차 소프트웨어와 공급망에서의 보증 방안이 필요하다. 본 논문에서는 자동차 소프트웨어의 보안성을 확보하고, 공급망에서의 보안성을 보증하기 위한 자동차 소프트웨어&공급망 보증(A-SSCA, Automotive-Software& Supply Chain Assurance)을 위한 보안쟁점 및 고려사항을 제시하고자 한다.

Keywords

References

  1. Seonghyun Yun, "A study on international standards and safety requirements for the development of automotive safety-related software", KSAE, 2009.
  2. Younho Kim, "A Method of System Requirements Specification Corresponding to ISO 26262 Functional Safety", KSAE, 2011.
  3. Automotive SPICE, "www.automotivespice.com", Introduction, 2013.
  4. IEC 61508, "Functional safety of E/E/PE safety-related systems", Part 1-7
  5. 5ISO CD 26262, "Road vehicles ? Functional Safety", Part 1-9
  6. AUTOSAR, "Main Requirements", Sep. 2008.
  7. AUTOSAR, "Specification of operating system", Jun. 2008.
  8. Stephen Checkoway, "Comprehensive Experimental Analyses of Automotive Attack Surfaces", USENIX Security, pp.1-16, Nov. 2011.
  9. Kari Koscher, "Experimental Security Analysis of a Moderm Automobile", IEEE Symposium of Security and Privacy, pp.16-19, May. 2010.
  10. Ishtiaq Rouf, "Security and Privcy Vulnerabilities of In-Car Wireless Network: A Tire Pressure Monitoring System Case Study", USENIX Security, pp.1-16, Aug. 2010.
  11. 김강석, "CAN 통신 도청 및 조작을 통한 차량 ECU의 외부위협 가능성 분석", Korea University, Dec, 2010
  12. US: Researchers hack BMW, OnStar, Ford SYNC and Hyundai telematics, "http://telematicsnews.in fo/2011/07/29/us-researchers-hack-bmw-onstar-ford-sync-and-hyundai-telematics_jl2291", Telematicsnews, July. 2011.
  13. Hacker Disables More Than 100 Cars Remotely, "http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars" WIRED,
  14. Hackers steal Subaru Outback with smartphone, "http://content.usatoday.com/communities/driveon/post/2011/08/hackers-show-you-could-steal-a-subaru-with-your-smart-phone-black-hat-unlock-start/1#.UGPslbRjIRA", DRIVEON, Aug. 2011.
  15. SBS News, "http://news.sbs.co.kr/section_news/news_read.jsp?news_id=N1001371173", Sep. 2012.
  16. hankooki.com, "http://news.hankooki.com/lpage/world/201303/h2013032502344222450.htm", hankooki, Mar. 2013.
  17. Police admit they're 'stumped' by mystery car thefts, "http://www.today.com/news/police-admit-theyre-stumped-mystery-car-thefts-6C10169993", TODAY, Jun. 2013.
  18. 김원종, "Car Secrutiy Technology", ETRI, Jun. 2013.
  19. 임관택, "On the Improvement and Application of the FMEA Process in ISO 26262", AJOU University, Dec. 2013.
  20. Software Assurance in Acquisition and Contract Language, buildsecurityin.us-cert.gov, May. 2012.
  21. Rome, NY: Data and Analysis Center for Software, "Software Development Security: A Risk Management Perspective," in The DOD Software Tech News? Secure Software Engineering 8, no. 2, July 2005).
  22. NIST SP800-161, "Supply Chain Risk Management Practices for Federal Information Systems and Organizations(Second Draft)", June. 2014.
  23. Approaches for Embedded System Information Security(2010 revised Edition), IPA, Feb. 2011.
  24. EVITA, "Security requirements for automotive on-board networks based on dark-side scenarios", July. 2008.
  25. IPA, "Approaches for Vehicle Information Security", Aug. 2013.