Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.

Early investigation towards defining and measuring sustainability as a quality attribute in software systems

Sustainability in software system is still a new practice that most software developers and companies are trying to incorporate into their software development lifecycle and has been largely discussed in academia. Sustainability is a complex concept viewed from economic, environment and social dimensions with several definitions proposed making sometimes the concept of sustainability very fuzzy and difficult to apply and assess in software systems. This has hindered the adoption of sustainability in the software industry. A little research explores sustainability as a quality property of software products and services to answer questions such as; How to quantify sustainability as a quality construct in the same way as other quality attributes such as security, usability and reliability? How can it be applied to software systems? What are the measures and measurement scale of sustainability? The Goal of this research is to investigate the definitions, perceptions and measurement of sustainability from the quality perspective. Grounded in the general theory of software measurement, the aim is to develop a method that decomposes sustainability in factors, criteria and metrics. The Result is a method to quantify and access sustainability of software systems while incorporating management and users concern. Conclusion: The method will empower the ability of companies to easily adopt sustainability while facilitating its integration to the software development process and tools. It will also help companies to measure sustainability of their software products from economic, environmental, social, individual and technological dimension.

Forcing Usage Rules in PublicWireless LANs

Langattomien lähiverkkojen yleistyessä nopeasti suurten verkkojen teknologiana käyttösääntöjen valvonta tulee tarpeelliseksi. Tässä työssä kuvataan, kuinka käyttäjät voidaan pakottaa noudattamaan käyttösääntöjä julkisissa WLAN-verkoissa. Työssä käsiteltävät ongelmat koskevat menetelmiä epäluotettavien DHCP-palvelinten paljastamiseksi sekä omia IP-osoitteita käyttävien käyttäjien paljastamiseksi tilanteissa, jolloin IP-osoite ei ole virallisen DHCP-palvelimen myöntämä. Jokaisen menetelmän kohdalla pohditaan, kuinka tällaisia käyttäjiä voidaan estää rikkomasta käyttösääntöjä. Lisäksi pohditaan keskitetyn tietojen keruun hyödyntämistä kuvattujen tehtävien suorittamiseksi. Esitetyt ratkaisut on erityisesti suunniteltu testiverkkoa varten, mutta yleiset ideat ovat toimivia missä tahansa langattomassa verkossa.