Threat Identification and Defense Control Selection for Embedded Systems

Journal Article
11-03-02-0005
ISSN: 2572-1046, e-ISSN: 2572-1054
Published August 18, 2020 by SAE International in United States
Threat Identification and Defense Control Selection for Embedded Systems
Citation: Moitra, A., Prince, D., Siu, K., Durling, M. et al., "Threat Identification and Defense Control Selection for Embedded Systems," SAE Int. J. Transp. Cyber. & Privacy 3(2):2020.
Language: English

Abstract:

Threat identification and security analysis have become mandatory steps in the engineering design process of high-assurance systems, where successful cyberattacks can lead to hazardous property damage or loss of lives. This article describes a novel approach to perform security analysis on embedded systems modeled at the architectural level. The tool, called Security Threat Evaluation and Mitigation (STEM), associates threats from the Common Attack Pattern Enumeration and Classification (CAPEC) library with components and connections and suggests potential defense patterns from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security standard. This article also provides an illustrative example based on a drone package delivery system modeled in AADL.