Case Study for Defining Security Goals and Requirements for Automotive Security Parts Using Threat Modeling 2018-01-0014

Several external networks like telematics, and SOTA and many in-vehicle networks by gateways and domain controllers have been increasingly introduced. However, these trends may potentially make many critical data opened, attacked and modified by hackers. These days, vehicle security has been significantly required as these vehicle security threats are related to the human life like drivers and pedestrians.

Threat modeling is process of secure software development lifecycle which is developed by Microsoft. It is a systematic approach for analyzing the potential threat in software and identifying the security risk associated with software. Through threat modeling, security risk is be mitigated and eliminated.

In vehicle software System, one of vulnerability can affect critical problem about safety. An approach from experience and hacking cases is not enough for analyzing the potential threat and preparing new hacking attack. Thus, as specified J3061, in concept phase, threat analysis and risk assessment is needed.

At the beginning of this paper, weaknesses of several current security use cases are shown. As the first step, with use cases shown in the first step, system components based on threat modeling are defined. As the second step, threat identification and risk assessment are executed. As the last step, security goal and requirements of each component are defined.

The 32-bit MCU with embedded hardware security module (HSM) is used for threat identification and risk assessment.