Threat and Risk Assessment Methodologies in the Automotive Domain

Georg Macher, Eric Armengaud, Eugen Brenner, Christian Josef Kreiner

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development.

Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.
Originalspracheenglisch
TitelThe 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016)
Herausgeber (Verlag)Elsevier B.V.
Seiten1-7
Seitenumfang7
PublikationsstatusVeröffentlicht - 26 Mai 2016

Publikationsreihe

Name Procedia Computer Science
Herausgeber (Verlag)Elsevier BV
Band83

Schlagwörter

  • ISO26262
  • HARA
  • STRIDE
  • automotive
  • safety
  • Security

Fields of Expertise

  • Mobility & Production
  • Information, Communication & Computing

Dies zitieren

Macher, G., Armengaud, E., Brenner, E., & Kreiner, C. J. (2016). Threat and Risk Assessment Methodologies in the Automotive Domain. in The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) (S. 1-7). ( Procedia Computer Science; Band 83). Elsevier B.V..

Threat and Risk Assessment Methodologies in the Automotive Domain. / Macher, Georg; Armengaud, Eric; Brenner, Eugen; Kreiner, Christian Josef.

The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) . Elsevier B.V., 2016. S. 1-7 ( Procedia Computer Science; Band 83).

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Macher, G, Armengaud, E, Brenner, E & Kreiner, CJ 2016, Threat and Risk Assessment Methodologies in the Automotive Domain. in The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) . Procedia Computer Science, Bd. 83, Elsevier B.V., S. 1-7.
Macher G, Armengaud E, Brenner E, Kreiner CJ. Threat and Risk Assessment Methodologies in the Automotive Domain. in The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) . Elsevier B.V. 2016. S. 1-7. ( Procedia Computer Science).
Macher, Georg ; Armengaud, Eric ; Brenner, Eugen ; Kreiner, Christian Josef. / Threat and Risk Assessment Methodologies in the Automotive Domain. The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016) . Elsevier B.V., 2016. S. 1-7 ( Procedia Computer Science).
@inproceedings{ff8c38d11e3243e48991fe6b586765e7,
title = "Threat and Risk Assessment Methodologies in the Automotive Domain",
abstract = "Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development.Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.",
keywords = "ISO26262, HARA, STRIDE, automotive, safety, Security",
author = "Georg Macher and Eric Armengaud and Eugen Brenner and Kreiner, {Christian Josef}",
year = "2016",
month = "5",
day = "26",
language = "English",
series = "Procedia Computer Science",
publisher = "Elsevier B.V.",
pages = "1--7",
booktitle = "The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016)",
address = "Netherlands",

}

TY - GEN

T1 - Threat and Risk Assessment Methodologies in the Automotive Domain

AU - Macher, Georg

AU - Armengaud, Eric

AU - Brenner, Eugen

AU - Kreiner, Christian Josef

PY - 2016/5/26

Y1 - 2016/5/26

N2 - Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development.Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.

AB - Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development.Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.

KW - ISO26262

KW - HARA

KW - STRIDE

KW - automotive

KW - safety

KW - Security

M3 - Conference contribution

T3 - Procedia Computer Science

SP - 1

EP - 7

BT - The 7th International Conference on Ambient Systems, Networks and Technologies (ANT 2016)

PB - Elsevier B.V.

ER -