{"id":"https://openalex.org/W4402957942","doi":"https://doi.org/10.1145/3678890.3678927","title":"A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update Framework","display_name":"A Comprehensive, Automated Security Analysis of the Uptane Automotive Over-the-Air Update Framework","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957942","doi":"https://doi.org/10.1145/3678890.3678927"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678927","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678927","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678927","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5012934005","display_name":"Robert Lorch","orcid":"https://orcid.org/0000-0001-9242-019X"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Robert Lorch","raw_affiliation_strings":["Department of Computer Science, The University of Iowa, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The University of Iowa, USA","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054784931","display_name":"Daniel Larraz","orcid":"https://orcid.org/0000-0001-5305-7340"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Larraz","raw_affiliation_strings":["Department of Computer Science, The University of Iowa, United States of America"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The University of Iowa, United States of America","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046830049","display_name":"Cesare Tinelli","orcid":"https://orcid.org/0000-0002-6726-775X"},"institutions":[{"id":"https://openalex.org/I126307644","display_name":"University of Iowa","ror":"https://ror.org/036jqmy94","country_code":"US","type":"education","lineage":["https://openalex.org/I126307644"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cesare Tinelli","raw_affiliation_strings":["Department of Computer Science, The University of Iowa, United States of America"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The University of Iowa, United States of America","institution_ids":["https://openalex.org/I126307644"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5070136662","display_name":"Omar Chowdhury","orcid":"https://orcid.org/0000-0002-1356-6279"},"institutions":[{"id":"https://openalex.org/I59553526","display_name":"Stony Brook University","ror":"https://ror.org/05qghxh33","country_code":"US","type":"education","lineage":["https://openalex.org/I59553526"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Omar Chowdhury","raw_affiliation_strings":["Department of Computer Science, Stony Brook University, United States of America"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Stony Brook University, United States of America","institution_ids":["https://openalex.org/I59553526"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5012934005"],"corresponding_institution_ids":["https://openalex.org/I126307644"],"apc_list":null,"apc_paid":null,"fwci":0.8351,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.73432791,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"594","last_page":"612"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10761","display_name":"Vehicular Ad Hoc Networks (VANETs)","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10761","display_name":"Vehicular Ad Hoc Networks (VANETs)","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11504","display_name":"Advanced Authentication Protocols Security","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/automotive-industry","display_name":"Automotive industry","score":0.7651645541191101},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6242031455039978},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.43008658289909363},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37068337202072144},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.32467812299728394},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.2090339958667755},{"id":"https://openalex.org/keywords/aerospace-engineering","display_name":"Aerospace engineering","score":0.07850980758666992}],"concepts":[{"id":"https://openalex.org/C526921623","wikidata":"https://www.wikidata.org/wiki/Q190117","display_name":"Automotive industry","level":2,"score":0.7651645541191101},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6242031455039978},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.43008658289909363},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37068337202072144},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.32467812299728394},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.2090339958667755},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.07850980758666992}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3678890.3678927","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678927","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678927","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678927","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W95608104","https://openalex.org/W146244851","https://openalex.org/W1993180463","https://openalex.org/W2029693536","https://openalex.org/W2109584177","https://openalex.org/W2114016378","https://openalex.org/W2116520617","https://openalex.org/W2148542607","https://openalex.org/W2166327763","https://openalex.org/W2350778671","https://openalex.org/W2503425026","https://openalex.org/W2544274814","https://openalex.org/W2587653085","https://openalex.org/W2588687125","https://openalex.org/W2789994347","https://openalex.org/W2792636363","https://openalex.org/W2883374116","https://openalex.org/W2885631351","https://openalex.org/W2921212998","https://openalex.org/W2939926306","https://openalex.org/W2987215725","https://openalex.org/W2992860123","https://openalex.org/W3005876284","https://openalex.org/W3008932255","https://openalex.org/W3110647387","https://openalex.org/W3164066735","https://openalex.org/W3197682755","https://openalex.org/W4214674051","https://openalex.org/W4226074903","https://openalex.org/W4296292872","https://openalex.org/W4362633631","https://openalex.org/W4391331278"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W4382644535","https://openalex.org/W2522768275","https://openalex.org/W2352938035","https://openalex.org/W2390279801","https://openalex.org/W2351672553","https://openalex.org/W2373392303","https://openalex.org/W2765894405","https://openalex.org/W1884735063"],"abstract_inverted_index":{"We":[0],"present":[1],"our":[2,139,185,250,266],"experience":[3],"of":[4,11,22,49,52,91,105,124,138,146,214,239],"formally":[5],"verifying":[6],"the":[7,12,31,38,89,92,121,143,173,273],"desired":[8],"security":[9,48,241],"properties":[10],"Uptane":[13,26,50,85,125,260],"over-the-air":[14],"(OTA)":[15],"software":[16,45,60,69],"update":[17],"framework":[18],"against":[19],"a":[20,152,168,201],"set":[21,213],"applicable":[23],"threat":[24],"models.":[25],"is":[27,35,51,220],"gaining":[28],"traction":[29],"in":[30,79,84,142,172],"automobile":[32,44],"industry":[33],"and":[34,151,191,256,268],"widely":[36],"considered":[37],"next":[39],"de-facto":[40],"standard":[41],"for":[42,61,195],"OTA":[43,68],"updates.":[46],"The":[47,259],"utmost":[53],"importance":[54],"because":[55],"modern":[56],"automobiles":[57],"rely":[58],"on":[59],"their":[62],"safety-critical":[63],"functionalities":[64],"and,":[65],"especially,":[66],"require":[67],"updates":[70,93,271],"to":[71,94,114,119,132,159,166,209,222,272,277],"add":[72],"new":[73,102,225],"safety":[74,110],"features":[75,123],"or":[76,97,126,252],"patch":[77],"bugs":[78],"existing":[80],"ones.":[81,232],"Design":[82],"flaws":[83,247],"can":[86,107],"either":[87,117,244],"violate":[88],"integrity":[90],"be":[95],"installed":[96],"prevent":[98],"vehicles":[99],"from":[100,128,254],"installing":[101],"updates,":[103],"both":[104],"which":[106],"cause":[108],"severe":[109],"issues.":[111,258],"Previous":[112],"approaches":[113],"protocol":[115,154,216,274],"verification":[116],"fail":[118],"capture":[120],"necessary":[122],"suffer":[127],"termination":[129,257],"issues":[130],"due":[131],"Uptane\u2019s":[133,212,240],"complexity.":[134],"A":[135],"key":[136,169],"component":[137],"approach":[140,186,219,251],"lies":[141],"eager":[144],"combination":[145],"an":[147],"infinite-state":[148],"model":[149],"checker":[150],"cryptographic":[153],"verifier,":[155],"where":[156],"(in":[157],"contrast":[158],"prior":[160],"lazy":[161],"approaches)":[162],"we":[163],"are":[164],"able":[165,221],"eliminate":[167],"manual":[170],"step":[171],"workflow":[174],"while":[175,227],"enabling":[176],"reasoning":[177],"over":[178,211],"more":[179],"fine-grained":[180],"message":[181],"structures.":[182],"In":[183],"addition,":[184],"utilizes":[187],"two":[188],"proven":[189],"soundness-":[190],"completeness-preserving":[192],"state-space-reduction":[193],"optimizations":[194],"computational":[196],"tractability,":[197],"as":[198,200],"well":[199],"meta-level":[202],"analysis":[203],"technique":[204],"that":[205],"makes":[206],"it":[207],"feasible":[208],"reason":[210],"optional":[215],"features.":[217],"Our":[218],"discover":[223],"six":[224],"vulnerabilities":[226],"rediscovering":[228],"all":[229],"five":[230],"known":[231],"While":[233],"there":[234],"have":[235],"been":[236],"previous":[237],"analyses":[238],"properties,":[242],"they":[243],"missed":[245],"design":[246],"identified":[248],"by":[249],"suffered":[253],"coverage":[255],"standards":[261],"body":[262],"has":[263,269],"positively":[264],"acknowledged":[265],"findings":[267],"suggested":[270],"specification":[275],"documents":[276],"address":[278],"them.":[279]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-29T08:15:47.926485","created_date":"2025-10-10T00:00:00"}