Identification and Verification of Attack-Tree Threat Models in Connected Vehicles

Masoud Ebrahimi, Christoph Striessnig, Joaquim Castella Triginer, Christoph Schmittner

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandBegutachtung


As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity. Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. Such a threat modeling methodology must conform to the Threat Analysis and Risk Assessment (TARA) framework of ISO/SAE 21434. Conversely, existing threat modeling methods enumerate isolated threats disregarding the vehicle's design and connections. Consequently, they neglect the role of attack paths from a vehicle's interfaces to its assets. In other words, they are missing the TARA work products, e.g., attack paths compromising assets or feasibility and impact ratings. We propose a threat modeling methodology to construct attack paths by identifying, sequencing, and connecting vulnerabilities from a valid attack surface to an asset. Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle's design. This workflow yields compositional construction of attack paths along with the required TARA work products (e.g., attack paths, feasibility, and impact). More importantly, we can apply the workflow iteratively in the context of connected vehicles to ensure design conformity, privacy, and cybersecurity. Finally, to show the complexity and the importance of preemptive threat identification and risk analysis in the automotive industry, we evaluate the presented model-based approach in a connected vehicle testing platform, SPIDER.
TitelSAE 2022 Intelligent and Connected Vehicles Symposium
Herausgeber (Verlag)SAE Technical Paper
PublikationsstatusVeröffentlicht - 22 Dez. 2022
VeranstaltungSAE 2022 Intelligent and Connected Vehicles Symposium - Shanghai, Virtuell, China
Dauer: 22 Sep. 202223 Sep. 2022


KonferenzSAE 2022 Intelligent and Connected Vehicles Symposium


Untersuchen Sie die Forschungsthemen von „Identification and Verification of Attack-Tree Threat Models in Connected Vehicles“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren