This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Threat Identification and Defense Control Selection for Embedded Systems
Journal Article
11-03-02-0005
ISSN: 2572-1046, e-ISSN: 2572-1054
Sector:
Citation:
Moitra, A., Prince, D., Siu, K., Durling, M. et al., "Threat Identification and Defense Control Selection for Embedded Systems," SAE Int. J. Transp. Cyber. & Privacy 3(2):81-96, 2020, https://doi.org/10.4271/11-03-02-0005.
Language:
English
Abstract:
Threat identification and security analysis have become mandatory steps in the engineering design process of high-assurance systems, where successful cyberattacks can lead to hazardous property damage or loss of lives. This article describes a novel approach to perform security analysis on embedded systems modeled at the architectural level. The tool, called Security Threat Evaluation and Mitigation (STEM), associates threats from the Common Attack Pattern Enumeration and Classification (CAPEC) library with components and connections and suggests potential defense patterns from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security standard. This article also provides an illustrative example based on a drone package delivery system modeled in Architecture Analysis and Design Language (AADL).