Browse Publications Technical Papers 2022-01-0124

Requirements for the Automated Generation of Attack Trees to Support Automotive Cybersecurity Assurance 2022-01-0124

As the need for automotive assurance continues to grow, it becomes necessary to develop approaches which can provide assurance cases in a systematic and efficient manner. In the case of cybersecurity, this problem is exacerbated by the increasing complexity of vehicular onboard systems, their inherent obscurity due to their heterogenous architecture, emergent behaviors, and the disparate motivations and resources of potential threat agents. Furthermore, the advancement of connected autonomous vehicles (CAV) may allow external attackers to leverage the naïve trust ECUs have for adjacent devices to compromise the safety and security of the vehicle. To that end, there is an increased interest in automatically producing threat models such as attack trees, which usually rely on intensive expert driven construction or rudimentary formally defined processes, to identify potential threats to a vehicle. Therefore, this paper will explore the ways in which such an automated scheme could be applied for a practicable identification and analysis of potential attack paths. Although ISO/SAE 21434 recommends the development of an assurance case for cybersecurity, the precise nature of a cybersecurity case is not explicitly defined within the standard. Therefore, this paper also explores the combination of threat modelling techniques with assurance case techniques adapted from accepted practice in vehicle safety for functional safety (per ISO 26262) while taking into consideration the relevant standards.


Subscribers can view annotate, and download all of SAE's content. Learn More »

Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Strategy to Adopt ISO/SAE 21434 Cyber Security Assurance Level in the Organization


View Details


Test Method for the SAE J3138 Automotive Cyber Security Standard


View Details


Security Threat Analysis of In-vehicle Network Using STRIDE-Based Attack Tree and Fuzzy Analytic Hierarchy Process


View Details