Proposing HEAVENS 2.0 – an automotive risk assessment model

Lautenbach, Aljoscha; Almgren, Magnus; Olovsson, Tomas

doi:10.1145/3488904.3493378

Cited by 17 publications

(17 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Threat models for the previous generation of the automotive industry are targeted for automotive E/E architecture, which are either adapted from IT and software industry (e.g., Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege (STRIDE) [34], confidentiality, integrity, and availability (CIA) [35] threat, vulnerability and risk assessment (TVRA) [36], E-safety vehicle intrusion protected applications (EVITA) [37], and healing vulnerabilities to enhance software security and safety (HEAVENS)) [24] or heavily influenced by safety analysis models such as fault tree analysis, Hazard Analysis and Risk Assessment (e.g., security-aware hazard analysis and risk assessment (SAHARA)) [38]. In 2021, the ISO/SAE 21434 standard was published for Road Vehicles-Cybersecurity Engineering, which included EVITA, HEAV-ENS, and TVRA in recommendations for automotive threat modeling.…”

Section: A Threat Analysis Methods In Practice For Automotivementioning

confidence: 99%

“…In 2021, ISO/SAE 21434 standard was published that provides a threat analysis and risk assessment (TARA) guideline for E/E systems within road vehicles [23]. Most of these threat modeling approaches have the foundation of IT-based threat models with some modifications relevant to E/E systems [24]. However, an ADS has a different kind of operating environment and requires a stricter real-time response to changes in that environment than devices in an IT environment.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

et al. 2023

View full text Add to dashboard Cite

Automated vehicles are a revolutionary step in mobility, providing a safe and convenient riding experience while keeping the human-driving task minimal to none. Therefore, these intelligent vehicles are equipped with sophisticated perception sensors (e.g., cameras and radars), high-performance computers, artificial intelligence (AI)-driven algorithms, and connectivity with other internet-of-things (IoT) devices. This makes autonomous vehicles (AVs) a special kind of cyber-physical system (CPS) that is moving at speed in highly interactive and dynamic environments (e.g., public roads). Thus, AV is a potential target for cyber attackers to weaponize, compromising safety and mobility on the road. The first step in addressing this problem is to have a robust threat modeling framework that can address the evolving cyber-physical threats, especially to AV applications. In this regard, two areas are studied in this paper: the common practice of threat modeling in automotive and the ISO/SAE 21434 standard, and sensors and machine learning (ML) algorithms for AV perception systems and potential cyber-physical attacks. A comparative threat analysis for an AV perception system with the ISO/SAE 21434 standard and a system-theoretic process analysis for security (STPA-Sec) approach is also demonstrated in this paper. Based on the analysis, this paper proposes a robust threat analysis and risk assessment framework with mathematical modeling to identify cyber-physical threats to AV perception systems that are critical for the driving behaviors and complex interactions of AVs in their operational design domain.

show abstract

Section: A Threat Analysis Methods In Practice For Automotivementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

et al. 2023

View full text Add to dashboard Cite

show abstract

“…The extension HEAVENS 2.0 is improved according to gaps that could be identified when comparing HEAVENS 1.0 to the requirements of ISO/SAE 21434. It includes an attack path analysis and risk treatment decisions with the result of identifying cybersecurity goals, and claims to be compliant with the regulation [ 13 ]. HEAVENS 1.0 and 2.0, as mentioned in [ 13 ], have the potential to be used in industries with similar characteristics, such as the medical device industry, with some slight modifications.…”

Section: Background and State Of The Artmentioning

confidence: 99%

“…Besides the SAE J3061 Cybersecurity guidebook, the ISO/SAE 21434 regulation defines an automotive-specific cybersecurity engineering standard concerning the whole vehicle life cycle [ 65 ]. A key aspect of the standard is the TARA, which is used to identify security risks and threats, with the purpose of developing countermeasures and mitigation strategies [ 13 ].…”

Section: Background and State Of The Artmentioning

confidence: 99%

See 1 more Smart Citation

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

2023

View full text Add to dashboard Cite

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table).

show abstract

STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles

Abuabed,

Alsadeh,

Taweel

2023

Computers & Security

View full text Add to dashboard Cite

Proposing HEAVENS 2.0 – an automotive risk assessment model

Cited by 17 publications

References 22 publications

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

An Integrated Approach of Threat Analysis for Autonomous Vehicles Perception System

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles

Contact Info

Product

Resources

About