This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Requirements for the Automated Generation of Attack Trees to Support Automotive Cybersecurity Assurance
Technical Paper
2022-01-0124
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
As the need for automotive assurance continues to grow, it becomes necessary to develop approaches which can provide assurance cases in a systematic and efficient manner. In the case of cybersecurity, this problem is exacerbated by the increasing complexity of vehicular onboard systems, their inherent obscurity due to their heterogenous architecture, emergent behaviors, and the disparate motivations and resources of potential threat agents. Furthermore, the advancement of connected autonomous vehicles (CAV) may allow external attackers to leverage the naïve trust ECUs have for adjacent devices to compromise the safety and security of the vehicle. To that end, there is an increased interest in automatically producing threat models such as attack trees, which usually rely on intensive expert driven construction or rudimentary formally defined processes, to identify potential threats to a vehicle. Therefore, this paper will explore the ways in which such an automated scheme could be applied for a practicable identification and analysis of potential attack paths. Although ISO/SAE 21434 recommends the development of an assurance case for cybersecurity, the precise nature of a cybersecurity case is not explicitly defined within the standard. Therefore, this paper also explores the combination of threat modelling techniques with assurance case techniques adapted from accepted practice in vehicle safety for functional safety (per ISO 26262) while taking into consideration the relevant standards.
Recommended Content
Authors
Citation
Sowka, K., Cobos, L., Ruddle, A., and Wooderson, P., "Requirements for the Automated Generation of Attack Trees to Support Automotive Cybersecurity Assurance," SAE Technical Paper 2022-01-0124, 2022, https://doi.org/10.4271/2022-01-0124.Also In
References
- Checkoway , S. , Mccoy , D. , Kantor , B. , Anderson , D. , et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces Proc. 20th USENIX Conf. Secur USENIX Association 2011 https://www.usenix.org/legacy/events/sec11/tech/full_papers/Checkoway.pdf
- Koscher , K. , Czeskis , A. , Roesner , F. , Patel , S. , et al. Experimental Security Analysis of a Modern Automobile 2010 IEEE Symp. Secur. Priv IEEE 2010 https://doi.org/10.1109/SP.2010.34
- Miller , C. , and Valasek , C. 2015
- Bolz , R. , Rumez , M. , Sommer , F. , Dürrwang , J. , and Kriesten , R. Enhancement of Cyber Security for Cyber Physical Systems in the Automotive Field Through Attack Analysis Embed. World Conf. 2020 Proceeding 2020
- Kern , M. , Liu , B. , Betancourt , V.P. , Becker , J. Model-Based Attack Tree Generation for Cybersecurity Risk-Assessments in Automotive 2021 IEEE Int. Symp. Syst. Eng IEEE Vienna, Austria 2021 1 7 https://doi.org/10.1109/ISSE51541.2021.9582462
- Dürrwang , J. , Braun , J. , Rumez , M. , Kriesten , R. et al. Enhancement of Automotive Penetration Testing with Threat Analyses Results SAE Int. J. Transp. Cybersecurity Priv. 1 2018 91 112 https://doi.org/10.4271/11-01-02-0005
- Cheah , M. , Shaikh , S.A. , Bryans , J. , and Nguyen , H.N. Combining Third Party Components Securely in Automotive Systems Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) Springer Verlag 2016 262 269 https://doi.org/10.1007/978-3-319-45931-8_18
- Salfer , M. , and Eckert , C. Attack Graph-Based Assessment of Exploitability Risks in Automotive On-Board Networks Proc. 13th Int. Conf. Availability, Reliab. Secur. - ARES 2018 2018 1 10 https://doi.org/10.1145/3230833.3230851
- Felderer , M. , Büchler , M. , Johns , M. , Brucker , A.D. , et al. Security Testing: A Survey Adv. Comput Academic Press Inc. 2016 1 51 https://doi.org/10.1016/bs.adcom.2015.11.003
- Hoppe , T. , Kiltz , S. , and Dittmann , J. Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) Springer Berlin, Heidelberg 2009 145 158 https://doi.org/10.1007/978-3-642-04468-7_13
- ISO 2021 https://doi.org/10.4271/ISO/SAE21434
- Schneider , B. Secrets and Lies - Chapter 21: Attack trees, in: Secrets Lies Digit. Secur. a Networked World John Wiley & Sons 2000 https://doi.org/10.1002/9781119183631
- Ruddle , A. , Weyl , B. , Idrees , S. , Roudier , Y. et al. Security Requirements for Automotive On-Board Networks Based on Dark-Side Scenarios. Deliverable D2.3: EVITA. E-safety Vehicle Intrusion Protected Applications Fraunhofer ISI 2009
- Gadyatskaya , O. , and Trujillo-Rasua , R. New Directions in Attack Tree Research: Catching up with Industrial Needs Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) Springer Verlag 2018 115 126 https://doi.org/10.1007/978-3-319-74860-3_9
- Salfer , M. , Schweppe , H. , and Eckert , C. Efficient Attack Forest Construction for Automotive On-Board Networks Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 8783 2014 442 453 https://doi.org/10.1007/978-3-319-13257-0_27
- Karray , K. , Danger , J.-L. , Guilley , S. , Abdelaziz Elaabid , M. Attack Tree Construction and Its Application to the Connected Vehicle Cyber-Physical Syst. Secur Springer International Publishing 2018 10.1007/978-3-319-98935-8_9
- Bryans , J. , Liew , L.S. , Nguyen , H.N. , Sabaliauskaite , G. , et al. A Template-Based Method for the Generation of Attack Trees Laurent Maryline , T. Giannetsos Inf. Secur. Theory Pract Springer International Publishing Cham 2020 155 165 10.1007/978-3-030-41702-4_10
- 2020 https://unece.org/fileadmin/DAM/trans/doc/2020/wp29grva/ECE-TRANS-WP29-2020-079-Revised.pdf
- Cobos , L.-P. , Ruddle , A.R. , and Sabaliauskaite , G. Cybersecurity Assurance Challenges for Future Connected and Automated Vehicles Proc. 31st Eur. Saf. Reliab. Conf. (ESREL 2021) 2021 https://doi.org/10.3850/978-981-18-2016-8
- ISO 2015 https://doi.org/10.1109/IEEESTD.2015.7346375
- 2018 https://www.iso.org/standard/68383.html
- Bayzat , A. 2019 https://www.mcscert.ca/wp-content/uploads/2020/06/Bayzat_Alison_MT_2019August_MASc.pdf
- Fuchs , A. , and Sigrid , G. 2010
- Macher , G. , Armengaud , E. , Brenner , E. , and Kreiner , C. A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) Springer Verlag 2016 130 141 https://doi.org/10.1007/978-3-319-45477-1_11
- Cheah , M. , Nguyen , H.N. , Bryans , J. , and Shaikh , S.A. Formalising Systematic Security Evaluations Using Attack Trees for Automotive Applications Lect. Notes Comput. Sci. (Including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) Springer Verlag 2018 113 129 https://doi.org/10.1007/978-3-319-93524-9_7
- Mahmood , S. , Fouillade , A. , Nguyen , H.N. , and Shaikh , S.A. A Model-Based Security Testing Approach for Automotive Over-The-Air Updates Proc. - 2020 IEEE 13th Int. Conf. Softw. Testing, Verif. Valid. Work. ICSTW 2020 Institute of Electrical and Electronics Engineers Inc. 2020 6 13 https://doi.org/10.1109/ICSTW50294.2020.00019
- Kordy , B. , Mauw , S. , Radomirović , S. , and Schweitzer , P. 2010 80 95
- Jhawar , R. , Kordy , B. , Mauw , S. , Radomirović , S. , and Trujillo-Rasua , R. Attack Trees with Sequential Conjunction ICT Syst. Secur. Priv. Prot., 1st ed. Springer International Publishing 2015 https://doi.org/10.1007/978-3-319-18467-8_23
- Cheah , M. , Shaikh , S.A. , Haas , O. , Ruddle , A. Towards a Systematic Security Evaluation of the Automotive Bluetooth Interface Veh. Commun. 9 2017 8 18 10.1016/j.vehcom.2017.02.008
- Goodenough , J.B. , Weinstock , C.B. , Klein , A.Z. 2015 http://www.sei.cmu.edu
- Wooderson , P. and Ward , D. Cybersecurity Testing and Validation SAE Technical Paper 2017-01-1655 2021 https://doi.org/10.4271/2017-01-1655
- MITRE Corporation n.d. https://cve.mitre.org/index.html
- National Institute of Standards and Technology, NVD - Home n.d. https://nvd.nist.gov/
- Faez , F. , Ommi , Y. , Baghshah , M.S. , and Rabiee , H.R. 2020 http://arxiv.org/abs/2012.15544
- Wiyatno , R.R. , Xu , A. , Dia , O. , and de Berker , A. 2019 https://arxiv.org/abs/1911.05268v2