This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling
Technical Paper
2018-01-0014
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Language:
English
Abstract
Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians.
Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated.
In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack. Thus, as specified J3061, in concept phase, threat analysis and risk assessment is needed.
At the beginning of this paper, weaknesses of several current security use cases are shown. As the first step, with use cases shown in the first step, system components based on threat modeling are defined. As the second step, threat identification and risk assessment are executed. As the last step, security goal and requirements of each component are defined.
The 32-bit MCU with embedded hardware security module (HSM) is used for threat identification and risk assessment.
Recommended Content
Technical Paper | Security Mechanisms Design for In-Vehicle Network Gateway |
Technical Paper | Platform-Based Automotive Safety Features |
Technical Paper | Designing a Vehicle Electric Component Testing System for Automotive Production Lines |
Authors
Topic
Citation
Park, J., Kim, D., Hong, S., Lee, H. et al., "Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling," SAE Technical Paper 2018-01-0014, 2018, https://doi.org/10.4271/2018-01-0014.Data Sets - Support Documents
Title | Description | Download |
---|---|---|
Unnamed Dataset 1 | ||
Unnamed Dataset 2 | ||
Unnamed Dataset 3 | ||
Unnamed Dataset 4 | ||
Unnamed Dataset 5 | ||
Unnamed Dataset 6 | ||
Unnamed Dataset 7 |
Also In
References
- Shostack , A. Threat Modeling: Designing for Security Indianapolis John Wiley & Sons Inc 2014
- Zou , Q. , Chan , W. , Gui , K. , Chen , Q. et al. The Study of Secure CAN Communication for Automotive Applications SAE Technical Paper 2017-01-1658 2017 10.4271/2017-01-1658
- Escherich , R. , Ledendecker , I. , Schmal , C. , Kuhls , B. et al 2009
- Kim , D. , Shin , E. , Park , J. , LEE , K. et al. Secure Boot Implementation for Hard Real-Time Powertrain System SAE Technical Paper 2017-01-1656 2017 10.4271/2017-01-1656
- “The STRIDE Threat Model . Microsoft.
- Schmittner , C. , Ma , Z. , Schoitsch , E. , and Gruber . T. 2015
- Schoitsch , E. , Schmittner , C. , Ma , Z. , and Gruber , T. 2015