Sara

Monteuuis, Jean-Philippe; Boudguiga, Aymen; Berri, Sara; Labiod, Houda; Servel, Alain; Urien, Pascal

doi:10.1145/3198458.3198465

Cited by 35 publications

(21 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As an extension to EVITA, RACE also improves the EVITA attack tree to include a brief and practical description of the attack. Monteuuis et al [ 42 ] proposed a systematic threat analysis and risk assessment framework called SARA. This framework includes improved threat models, new attack methods/asset graphs, attacker profiles, and a new metrics called observations.…”

Section: Related Workmentioning

confidence: 99%

Complying with ISO 26262 and ISO/SAE 21434: A Safety and Security Co-Analysis Method for Intelligent Connected Vehicle

Li,

Liu,

Liu

et al. 2024

Sensors

View full text Add to dashboard Cite

A cyber-physical system (CPS) integrates communication and automation technologies into the operational processes of physical systems. Nowadays, as a complex CPS, an intelligent connected vehicle (ICV) may be exposed to accidental functional failures and malicious attacks. Therefore, ensuring the ICV’s safety and security is crucial. Traditional safety/security analysis methods, such as failure mode and effect analysis and attack tree analysis, cannot provide a comprehensive analysis for the interactions between the system components of the ICV. In this work, we merge system-theoretic process analysis (STPA) with the concept phase of ISO 26262 and ISO/SAE 21434. We focus on the interactions between components while analyzing the safety and security of ICVs to reduce redundant efforts and inconsistencies in determining safety and security requirements. To conquer STPA’s abstraction in describing causal scenarios, we improved the physical component diagram of STPA-SafeSec by adding interface elements. In addition, we proposed the loss scenario tree to describe specific scenarios that lead to unsafe/unsecure control actions. After hazard/threat analysis, a unified risk assessment process is proposed to ensure consistency in assessment criteria and to streamline the process. A case study is implemented on the autonomous emergency braking system to demonstrate the validation of the proposed method.

show abstract

Section: Related Workmentioning

confidence: 99%

Complying with ISO 26262 and ISO/SAE 21434: A Safety and Security Co-Analysis Method for Intelligent Connected Vehicle

Li,

Liu,

Liu

et al. 2024

Sensors

View full text Add to dashboard Cite

show abstract

“…ANP (i.e., analytical network process) is a matrix approach that can effectively consider dependencies and conflicts between attributes for joint evaluation [ 16 ]. Attacker-based methods, such as SARA (i.e., security automotive risk analysis) [ 17 ], conduct threat analysis and risk assessment based on the knowledge level of possible attackers, attack paths, attack motivations, and resources possessed. SAM (i.e., security abstraction model) [ 18 ] combines safety management and model-based system engineering through an abstract description of automotive security modeling.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Cybersecurity Requirements Management in the Automotive Domain

Luo

Jiang

Wang

et al. 2023

Sensors

View full text Add to dashboard Cite

The rapid development of intelligent connected vehicles has increased the attack surface of vehicles and made the complexity of vehicle systems unprecedented. Original equipment manufacturers (OEMs) need to accurately represent and identify threats and match corresponding security requirements. Meanwhile, the fast iteration cycle of modern vehicles requires development engineers to quickly obtain cybersecurity requirements for new features in their developed systems in order to develop system code that meets cybersecurity requirements. However, existing threat identification and cybersecurity requirement methods in the automotive domain cannot accurately describe and identify threats for a new feature while also quickly matching appropriate cybersecurity requirements. This article proposes a cybersecurity requirements management system (CRMS) framework to assist OEM security experts in conducting comprehensive automated threat analysis and risk assessment and to help development engineers identify security requirements prior to software development. The proposed CRMS framework enables development engineers to quickly model their systems using the UML-based (i.e., capable of describing systems using UML) Eclipse Modeling Framework and security experts to integrate their security experience into a threat library and security requirement library expressed in Alloy formal language. In order to ensure accurate matching between the two, a middleware communication framework called the component channel messaging and interface (CCMI) framework, specifically designed for the automotive domain, is proposed. The CCMI communication framework enables the fast model of development engineers to match with the formal model of security experts for threat and security requirement matching, achieving accurate and automated threat and risk identification and security requirement matching. To validate our work, we conducted experiments on the proposed framework and compared the results with the HEAVENS approach. The results showed that the proposed framework is superior in terms of threat detection rates and coverage rates of security requirements. Moreover, it also saves analysis time for large and complex systems, and the cost-saving effect becomes more pronounced with increasing system complexity.

show abstract

“…In some cases, instead of reducing the capabilities and access rights of system components at risk, the inverse strategy is used: granting these components additional privileges to be able to recover (Yoon et al, 2017), or scheduling an inspection and informing users of the risk (Teimourikia and Fugini, 2017). In addition to increasing the security level, proposed strategies include the anonymization of communication and messages (Monteuuis et al, 2018), e.g. to prevent the leaking of confidential and personal data.…”

Section: Adaptation Strategiesmentioning

confidence: 99%