This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Identification and Verification of Attack-Tree Threat Models in Connected Vehicles
Technical Paper
2022-01-7087
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
As a result of the ever-increasing application of cyber-physical components in
the automotive industry, cybersecurity has become an urgent topic. Adapting
technologies and communication protocols like Ethernet and WiFi in connected
vehicles yields many attack scenarios. Consequently, ISO/SAE 21434 and UN R155
(2021) define a standard and regulatory framework for automotive cybersecurity,
Both documents follow a risk management-based approach and require a threat
modeling methodology for risk analysis and identification. Such a threat
modeling methodology must conform to the Threat Analysis and Risk Assessment
(TARA) framework of ISO/SAE 21434. Conversely, existing threat modeling methods
enumerate isolated threats disregarding the vehicle’s design and connections.
Consequently, they neglect the role of attack paths from a vehicle’s interfaces
to its assets. In other words, they are missing the TARA work products, e.g.,
attack paths compromising assets or feasibility and impact ratings. We propose a
threat modeling methodology to construct attack paths by identifying,
sequencing, and connecting vulnerabilities from a valid attack surface to an
asset. Initially, we transform cybersecurity guidelines to attack trees, and
then we use their formal interpretations to assess the vehicle’s design. This
workflow yields compositional construction of attack paths along with the
required TARA work products (e.g., attack paths, feasibility, and impact). More
importantly, we can apply the workflow iteratively in the context of connected
vehicles to ensure design conformity, privacy, and cybersecurity. Finally, to
show the complexity and the importance of preemptive threat identification and
risk analysis in the automotive industry, we evaluate the presented modelbased
approach in a connected vehicle testing platform, SPIDER.
Authors
Topic
Citation
Ebrahimi, M., Striessnig, C., Castella Triginer, J., and Schmittner, C., "Identification and Verification of Attack-Tree Threat Models in Connected Vehicles," SAE Technical Paper 2022-01-7087, 2022, https://doi.org/10.4271/2022-01-7087.Also In
References
- ISO/SAE 2021
- UNECE 2021
- Dajsuren , Y. and van den Brand , M. Automotive Systems and Software Engineering Springer 2019
- Lu , M. , Turetken , O. , Adali , O.E. , Castells , J. et al. C-ITS (Cooperative Intelligent Transport Systems) Deployment in Europe: Challenges and Key Findings 25th ITS World Congress Copenhagen, Denmark 17 21 2018
- Kotsi , A. , Mitsakis , E. , and Tzanis , D. Overview of C-ITS Deployment Projects in Europe and USA 2020 IEEE 23rd International Conference on Intelligent Transportation Systems (ITSC) 1 6 2020
- Sjoberg , K. Automotive Industry Faces Challenges [Connected and Autonomous Vehicles] IEEE Vehicular Technology Magazine 15 3 2020 109 112
- Henniger , O. , Ruddle , A. , Seudié , H. , Weyl , B. et al. Securing Vehicular On-Board it Systems: The Evita Project VDIIVW Automotive Security Conference 2009 .
- Macher , G. , Armengaud , E. , Brenner , E. , and Kreiner , C. A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context SAFECOMP’16 , 130 141 2016
- Schmittner , C. , Ma , Z. , Reyes , C. , Dillinger , O. et al. Using SAE 13061 for Automotive Security Requirement Engineering SAFECOMP’16 157 170 2016
- Macher , G. , Schmittner , C. , Veledar , O. , and Brenner , E. ISO/SAE DIS 21434 Automotive Cybersecurity Standard-In a Nutshell SAFECOMP’20 123 135 2020
- Schmittner , C. , Dobaj , J. , Macher , G. , and Brenner , E. A Preliminary View on Automotive Cyber Security Management Systems 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE) , 1634 1639 2020
- Lautenbach , A. , Almgren , M. , and Olovsson , T. Proposing Heavens 2.0-An Automotive Risk Assessment Model Computer Science in Cars Symposium 1 12 2021
- C. Team , 2015
- Christl , K. and Tarrach , T. 2021
- ENISA 2019
- Schneier , B. Attack Trees Dr. Dobb’s Journal 24 12 1999 21 29
- Jhawar , R. , Kordy , B. , Mauw , S. , Radornirovic , S. et al. Attack Trees with Sequential Conjunction ICT – IFIP TC – SEC’15 455 339 353 Springer 2015
- El-Rewini , Z. , Sadatsharan , K. , Sugunaraj , N. , Selvaraj , D.F. et al. Cybersecurity Attacks in Vehicular Sensors IEEE Sensors Journal 20 2020