Browse Publications Technical Papers 2013-01-1415
2013-04-08

Threat Analysis and Risk Assessment in Automotive Cyber Security 2013-01-1415

The process of hazard analysis and risk assessment (H&R or HARA) is well-established in standards and methods for functional safety, such as the automotive functional safety standard ISO 26262. Considering the parallel discipline of cyber security, it is necessary to establish an analogous process of threat analysis and risk assessment (T&R) in order to identify potential security attacks and the risk associated with these attacks if they were successful.
While functional safety H&R processes could be used for threat analysis, these methods need extension and adaptation to the cyber security domain. This paper describes how such a method has been developed based on the approach described in ISO 26262 and the related MISRA Safety Analysis Guidelines. In particular key differences are described in the understanding of the severity of a security attack, and the factors that contribute to the probability of a successful attack. However it also acknowledges that some threats may contribute to a safety-relevant hazard.
The paper will also explore some potential future directions, such as how the T&R can be used to support an assurance case for cyber security.

SAE MOBILUS

Subscribers can view annotate, and download all of SAE's content. Learn More »

Access SAE MOBILUS »

Preview Document Add to Cart
Members save up to 17% off list price.
Login to see discount.
We also recommend:
JOURNAL ARTICLE

Model-based Application of ISO 26262: The Hazard Analysis and Risk Assessment

2013-01-0184

View Details

JOURNAL ARTICLE

Model-based Application of ISO 26262: The Hazard Analysis and Risk Assessment

2013-01-0184

View Details

JOURNAL ARTICLE

System Security and System Safety Engineering: Differences and Similarities and a System Security Engineering Process Based on the ISO 26262 Process Framework

2013-01-1419

View Details

X