Farrell, Marie and Bradbury, Matthew and Cardoso, Rafael C. and Fisher, Michael and Dennis, Louise and Dixon, Clare and Sheik, Al Tariq and Yuan, Hu and Maple, Carsten (2024) Security-Minded Verification of Cooperative Awareness Messages. IEEE Transactions on Dependable and Secure Computing, 21 (4). pp. 4048-4065. ISSN 1545-5971
Restricted to Repository staff only until 1 January 2040.
Available under License Creative Commons Attribution.
Download (0B)
SecurityMindedVerification-3.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (3MB)
Abstract
Autonomous robotic systems systems are both safety- and security-critical, since a breach in system security may impact safety. In such critical systems, formal verification is used to model the system and verify that it obeys specific functional and safety properties. Independently, threat modeling is used to analyse and manage the cyber security threats that such systems may encounter. Both verification and threat analysis serve the purpose of ensuring that the system will be reliable, albeit from differing perspectives. In prior work, we argued that these analyses should be used to inform one another and, in this paper, we extend our previously defined methodology for security-minded verification by incorporating runtime verification. To illustrate our approach, we analyse an algorithm for sending Cooperative Awareness Messages between autonomous vehicles. Our analysis centres on identifying STRIDE security threats. We show how these can be formalised, and subsequently verified, using a combination of formal tools for static aspects, namely Promela/SPIN and Dafny, and generate runtime monitors for dynamic verification. Our approach allows us to focus our verification effort on those security properties that are particularly important and to consider safety and security in tandem, both statically and at runtime.