In the automotive domain, the overall complexity of technical components has increased enormously. Formerly isolated, purely mechanical cars are now a multitude of cyber-physical systems that are continuously interacting with other IT systems, for example, with the smartphone of their driver or the backend servers of the car manufacturer. This has huge security implications as demonstrated by several recent research papers that document attacks endangering the safety of the car. However, there is, to the best of our knowledge, no holistic overview or structured description of the complex automotive domain. Without such a big picture, distinct security research remains isolated and is lacking interconnections between the different subsystems. Hence, it is difficult to draw conclusions about the overall security of a car or to identify aspects that have not been sufficiently covered by security analyses. In this work, we propose a comprehensive model covering all relevant aspects of the automotive environment and link it with selected attack scenarios and defense strategies already discussed in academic literature. This showcases the capabilities of our model to build new attack chains, to compare alternative defense strategies, to structure existing work, and to identify possibilities for future research.
