Hybrid 18^th escar Europe - The World's Leading Automotive Cyber Security Conference

The workshops and the tutorial are taking place November 11th, 09:00am - 12:00am.

They are held parallel to our social program and are not overlapping with the presentations. The conference starts November 11th 01:00pm.

In order to guarantee a good workshop atmosphere and for you to be able to gain new insights or deepen your knowledge successfully the number of participants is limited to 35 in each workshop.

Workshop / Tutorial Fee
On site:   EUR 299,00 (plus VAT 19%)
Virtual:    EUR 189,00 (plus VAT 19%)
Please note: the workshops are not included in the conference fee.

 

Workshop 1: Automotive Privacy Engineering (Dr. Christoph Bösch)

At latest since the introduction of the GDPR it is mandatory to consider privacy throughout the system development lifecycle and to integrate appropriate privacy mechanism into the design of applications and services. 
In this tutorial, we present several basic principles to more easily and effectively integrate privacy engineering into system development and show how to bring the notion of privacy-by-design into practice. An essential part of privacy engineering is the data protection impact assessment, which will be the main emphasis of this tutorial. For this, we focus on LINDDUN, a structured privacy threat modeling methodology (similar to the security threat modeling methodology STRIDE) that supports analysts and software engineers with limited privacy expertise in systematically eliciting and mitigating privacy threats in software architectures by selecting suitable privacy enhancing technologies (PETs).

Outline of the tutorial:

1. Introduction to Privacy Engineering
   - Privacy by Design, Privacy Strategies and Patterns
   - Privacy Aware V-Model
   - Privacy Impact Assessment

2. LINDDUN Privacy Threat Modeling
   - Privacy Threat Categories
         
   - Problem Space
     - Data flow modeling
     - Identify threat scenarios (Trees)

   - Solution Space
     - Mitigation Strategies
     - Select Corresponding PETs

 

Workshop 2: Automotive Security Testing (Dr. Martin Moser)

With ISO/SAE 21434 and UNECE WP.29 on the horizon, the IT security of vehicles will become mandatory for type approval. On the one hand, security engineering processes integrate security considerations into every new development, but on the other hand security testing is of equal importance. Security tests provide an additional verification of the security concept and security measures, they ensure that security requirements are implemented correctly and that there are no open vulnerabilities that have been overlooked before. The overall goal is to identify and fix an many flaws as possible before vehicles hit the road and others may find them. In this workshop we are giving a detailed overview about security testing in the automotive area: What it is, why it differs from classical software testing, how it can be done, which methods/tools exist and will also present some practical examples.

Outline of the workshop:

1. General introduction
- Definition
- Importance of security testing
- Comparison to classical software testing

2. Detailed technical introduction
- Introduction to the various security testing methods and tools
- Comparison between manual (expert-based) and automated (tool-based) testing methods
- Continuous integration testing
- Automotive specific topics

3. Definition of meaningful security testing strategies

4. Practical examples

 

Workshop 3: Foundations of Automotive Cyber Security (Prof. Dr. Jan Pelzl)

Cyber Security is an essential part in the development of car components. Engineers must anticipate several forms of attacks on vehicular systems to prevent non-authorized access to both safety-critical functions and data. Development processes have been adopted to take major security requirements into account.
Applied cryptography constitutes the foundation of most practical solutions and requires knowledge of cryptographic primitives, protocols, parameters, cryptographic hardware, key management and specific automotive constraints. This workshop on Automotive Cyber Security provides the necessary background on the fundamentals of IT-Security from a practical and theoretical perspective, focusing on topics relevant for the automotive domain. We will provide the basic principles of modern security engineering for automotive including threat analysis and risk evaluation. Practical examples will be provided throughout the workshop.

Outline of the workshop:

1. Introduction to automotive security
- History
- Challenges in automotive

2. IT-Security for automotive
- Cryptographic fundamentals and relevant standards
- Security in hard- and software
- Key management
- Automotive use cases

3. Advanced Topics in automotive cybersecurity
- Risk-based approach towards IT-security
- Principles of security engineering
- Relevant standards