On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Hao, Jingjing; Han, Guangsheng

doi:10.3390/fi12110198

Cited by 13 publications

(10 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Threat models for the previous generation of the automotive industry are targeted for automotive E/E architecture, which are either adapted from IT and software industry (e.g., Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege (STRIDE) [34], confidentiality, integrity, and availability (CIA) [35] threat, vulnerability and risk assessment (TVRA) [36], E-safety vehicle intrusion protected applications (EVITA) [37], and healing vulnerabilities to enhance software security and safety (HEAVENS)) [24] or heavily influenced by safety analysis models such as fault tree analysis, Hazard Analysis and Risk Assessment (e.g., security-aware hazard analysis and risk assessment (SAHARA)) [38]. In 2021, the ISO/SAE 21434 standard was published for Road Vehicles-Cybersecurity Engineering, which included EVITA, HEAV-ENS, and TVRA in recommendations for automotive threat modeling.…”

Section: A Threat Analysis Methods In Practice For Automotivementioning

confidence: 99%

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

et al. 2023

View full text Add to dashboard Cite

Automated vehicles are a revolutionary step in mobility, providing a safe and convenient riding experience while keeping the human-driving task minimal to none. Therefore, these intelligent vehicles are equipped with sophisticated perception sensors (e.g., cameras and radars), high-performance computers, artificial intelligence (AI)-driven algorithms, and connectivity with other internet-of-things (IoT) devices. This makes autonomous vehicles (AVs) a special kind of cyber-physical system (CPS) that is moving at speed in highly interactive and dynamic environments (e.g., public roads). Thus, AV is a potential target for cyber attackers to weaponize, compromising safety and mobility on the road. The first step in addressing this problem is to have a robust threat modeling framework that can address the evolving cyber-physical threats, especially to AV applications. In this regard, two areas are studied in this paper: the common practice of threat modeling in automotive and the ISO/SAE 21434 standard, and sensors and machine learning (ML) algorithms for AV perception systems and potential cyber-physical attacks. A comparative threat analysis for an AV perception system with the ISO/SAE 21434 standard and a system-theoretic process analysis for security (STPA-Sec) approach is also demonstrated in this paper. Based on the analysis, this paper proposes a robust threat analysis and risk assessment framework with mathematical modeling to identify cyber-physical threats to AV perception systems that are critical for the driving behaviors and complex interactions of AVs in their operational design domain.

show abstract

Section: A Threat Analysis Methods In Practice For Automotivementioning

confidence: 99%

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

et al. 2023

View full text Add to dashboard Cite

show abstract

“…However, STRIDE can also be used for CPS analysis and development due to its generic and modular nature. STRIDE-specific threat modeling methods and approaches, also in the context of CPS development, are discussed in previous studies, for example, 29,31,43,45 and previous works 21,24,34,41,44,46,47 compare aspects and characteristics of various threat modeling approaches and methods.…”

Section: Selecting a Threat Modeling Methodsmentioning

confidence: 99%

Towards a security‐driven automotive development lifecycle

Dobaj

Macher

Ekert³

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

Cybersecurity has become one of the most crucial challenges in the automotive development lifecycle. The upcoming ISO/SAE 21434 standard provides only a generic framework that is insufficient to derive concrete design methods. This article proposes an actionable cybersecurity development lifecycle model that provides concrete action and work product guidance aligned with the ISO/SAE 21434 and Automotive SPICE® extension for cybersecurity. The model has been inspired by action research in “next” industry practice pilot projects, which ensures that it is actionable. It has been augmented by insights gained from literature research in cybersecurity development for embedded systems. The proposed lifecycle model complements the ISO/SAE 21434 standard and provides the basis for the company‐specific process and practice specifications. It has been validated through the integration of cybersecurity‐related aspects in an electric power steering system. A core characteristic of the model is the central role of threat modeling, vulnerability analyses, and cybersecurity requirements derivation on both system and subsystem levels. Without concrete practice guidelines, the ISO/SAE 21434 is very difficult to understand and apply at this stage. This contribution aims to fill this gap through a model inspired by cutting‐edge embedded cybersecurity practices interpreted for the current and near‐future automotive electronic architectures.

show abstract

“…In this context, further methods exist. The STRIDE model (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) is a qualitative approach by Microsoft using a system’s DFD as the base for an evaluation [ 35 ]. Security-related system properties are labeled and checked regarding security characteristics, and threats are identified.…”

Section: Background and State Of The Artmentioning

confidence: 99%

“…HEAVENS includes authenticity, authorization, non-repudiation, privacy, and freshness, on top of the previously mentioned attributes. It evaluates the whole E/E architecture and provides a risk matrix as a result that includes threat as well as impact levels, but also high-level security requirements [ 35 ]. The extension HEAVENS 2.0 is improved according to gaps that could be identified when comparing HEAVENS 1.0 to the requirements of ISO/SAE 21434.…”

Section: Background and State Of The Artmentioning

confidence: 99%

See 1 more Smart Citation

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

2023

View full text Add to dashboard Cite

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table).

show abstract

On the Modeling of Automotive Security: A Survey of Methods and Perspectives

Cited by 13 publications

References 52 publications

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

Towards a security‐driven automotive development lifecycle

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

Contact Info

Product

Resources

About