Combining Cyber Security Intelligence to Refine Automotive Cyber Threats

Abstract: Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as i… Show more

“…We provide a generalisable example of using the extended TRADES Tool to curate security-related information from multiple sources. We discuss the mapping of a specific threat-threat #6 of the United Nations' vehicle cyber security regulation (henceforth: UN-T6) [24]-to CAPEC and ATT&CK information, based on the work by Sommer et al [11]. We selected this particular threat's mapping due to the relatively low number of mappings to CAPEC and ATT&CK (as identified originally by Sommer et al), which allows us to concisely demonstrate our contribution to representing and improving the mapping, without overloading the reader.…”

“…The specific representation of UN-T6 mapping can, for example, raise a question with the viewer/reader as to the possible exploitation of ATT&CK to address the CAPEC Content Spoofing pattern. This gap is not communicated by the original textual/table orientation of the mapping [11]. If one methodically looks into the mapping method then-since the specific CAPEC pattern suggests a mapping to an ATT&CK technique-there should be a mapping between the CAPEC pattern into the relevant ATT&CK technique, and this can possibly lead to some ATT&CK-derived mitigation guidance.…”

“…In this paper, we focus on the integration of pertinent information from existing and evolving public-domain security knowledge bases. Specifically, the information of interest is information relating to two important concepts in threat and risk assessment: (1) threat, or alternatively attack, which is a potential action that could compromise a system or its constituents [3][4][5][9][10][11][12][13], and (2) security control, or, alternatively, mitigation, which is a concept that can prevent the successful materialisation of a threat [4,[10][11][12][13]. We next discuss the public-domain knowledge bases that can be used while modelling instances of these concepts as part of a security threat and risk assessment.…”

“…. and possible mitigations" [11]. Maunero et al propose an ontology-based approach to automate aspects of cybersecurity risk assessment, using CAPEC attack patterns as a catalogue of threats [5].…”

“…." [11]. To our knowledge, there is no security modelling environment that allows for the use of existing knowledge bases (e.g., CAPEC and NIST SP800-53) in an integrated form, let alone in an open manner that allows for their update (as the knowledge bases continuously evolve).…”

Facilitating the Integrative Use of Security Knowledge Bases within a Modelling Environment

“…We provide a generalisable example of using the extended TRADES Tool to curate security-related information from multiple sources. We discuss the mapping of a specific threat-threat #6 of the United Nations' vehicle cyber security regulation (henceforth: UN-T6) [24]-to CAPEC and ATT&CK information, based on the work by Sommer et al [11]. We selected this particular threat's mapping due to the relatively low number of mappings to CAPEC and ATT&CK (as identified originally by Sommer et al), which allows us to concisely demonstrate our contribution to representing and improving the mapping, without overloading the reader.…”

“…The specific representation of UN-T6 mapping can, for example, raise a question with the viewer/reader as to the possible exploitation of ATT&CK to address the CAPEC Content Spoofing pattern. This gap is not communicated by the original textual/table orientation of the mapping [11]. If one methodically looks into the mapping method then-since the specific CAPEC pattern suggests a mapping to an ATT&CK technique-there should be a mapping between the CAPEC pattern into the relevant ATT&CK technique, and this can possibly lead to some ATT&CK-derived mitigation guidance.…”

“…In this paper, we focus on the integration of pertinent information from existing and evolving public-domain security knowledge bases. Specifically, the information of interest is information relating to two important concepts in threat and risk assessment: (1) threat, or alternatively attack, which is a potential action that could compromise a system or its constituents [3][4][5][9][10][11][12][13], and (2) security control, or, alternatively, mitigation, which is a concept that can prevent the successful materialisation of a threat [4,[10][11][12][13]. We next discuss the public-domain knowledge bases that can be used while modelling instances of these concepts as part of a security threat and risk assessment.…”

“…. and possible mitigations" [11]. Maunero et al propose an ontology-based approach to automate aspects of cybersecurity risk assessment, using CAPEC attack patterns as a catalogue of threats [5].…”

“…." [11]. To our knowledge, there is no security modelling environment that allows for the use of existing knowledge bases (e.g., CAPEC and NIST SP800-53) in an integrated form, let alone in an open manner that allows for their update (as the knowledge bases continuously evolve).…”

Facilitating the Integrative Use of Security Knowledge Bases within a Modelling Environment

A Framework for the Systematic Assessment of Anomaly Detectors in Time-Sensitive Automotive Networks