Browse Publications Technical Papers 12-04-04-0026

Security Threat Analysis of In-vehicle Network Using STRIDE-Based Attack Tree and Fuzzy Analytic Hierarchy Process 12-04-04-0026

This also appears in SAE International Journal of Connected and Automated Vehicles-V130-12EJ

The development of electrification, industrial intelligence, and interconnectivity has driven the transformation of the automobile from a mechanical to an intelligent product. Automobiles have gradually changed from a closed system to an open environment. Therefore, a variety of security threats and attack surfaces are emerging. Hackers or attackers can illegally access and control vehicles through external interfaces such as Bluetooth, Wi-Fi, and cellular. Automotive cybersecurity issues are becoming more prominent than ever. SAE J3061 and ISO/SAE 21434 being drafted also indicate that automotive cybersecurity has been elevated to a position equal to or more important than functional safety. Security threat analysis helps the development of the early concept phase of automotive cybersecurity. However, the threat analysis based on the traditional attack tree has the disadvantages of multiple subjective factors and low accuracy. In this article, we present an attack tree analysis method based on Microsoft’s threat model and fuzzy analytic hierarchy process (FAHP). First, a hierarchical in-vehicle network model is proposed. Then, with the help of Microsoft’s threat model, we identify the threats corresponding to the assets and construct a more comprehensive attack tree. Finally, for each threat attack sequence of the attack tree, the attack probability is calculated based on the FAHP. Furthermore, FAHP is compared with the analytic hierarchy process (AHP) and traditional methods. The results show that the proposed method plays a certain role in security threat analysis.


Subscribers can view annotate, and download all of SAE's content. Learn More »

Members save up to 19% off list price.
Login to see discount.
We also recommend:

An Integrated View on Automotive SPICE, Functional Safety and Cyber-Security


View Details


Delivering Threat Analysis and Risk Assessment Based on ISO 21434: Practical and Tooling Considerations


View Details


Security Mechanisms Design of Automotive Gateway Firewall


View Details