Identification and Verification of Attack-Tree Threat Models in
Connected Vehicles 2022-01-7087
As a result of the ever-increasing application of cyber-physical components in
the automotive industry, cybersecurity has become an urgent topic. Adapting
technologies and communication protocols like Ethernet and WiFi in connected
vehicles yields many attack scenarios. Consequently, ISO/SAE 21434 and UN R155
(2021) define a standard and regulatory framework for automotive cybersecurity,
Both documents follow a risk management-based approach and require a threat
modeling methodology for risk analysis and identification. Such a threat
modeling methodology must conform to the Threat Analysis and Risk Assessment
(TARA) framework of ISO/SAE 21434. Conversely, existing threat modeling methods
enumerate isolated threats disregarding the vehicle’s design and connections.
Consequently, they neglect the role of attack paths from a vehicle’s interfaces
to its assets. In other words, they are missing the TARA work products, e.g.,
attack paths compromising assets or feasibility and impact ratings. We propose a
threat modeling methodology to construct attack paths by identifying,
sequencing, and connecting vulnerabilities from a valid attack surface to an
asset. Initially, we transform cybersecurity guidelines to attack trees, and
then we use their formal interpretations to assess the vehicle’s design. This
workflow yields compositional construction of attack paths along with the
required TARA work products (e.g., attack paths, feasibility, and impact). More
importantly, we can apply the workflow iteratively in the context of connected
vehicles to ensure design conformity, privacy, and cybersecurity. Finally, to
show the complexity and the importance of preemptive threat identification and
risk analysis in the automotive industry, we evaluate the presented modelbased
approach in a connected vehicle testing platform, SPIDER.
Citation: Ebrahimi, M., Striessnig, C., Castella Triginer, J., and Schmittner, C., "Identification and Verification of Attack-Tree Threat Models in Connected Vehicles," SAE Technical Paper 2022-01-7087, 2022, https://doi.org/10.4271/2022-01-7087. Download Citation
Author(s):
Masoud Ebrahimi, Christoph Striessnig, Joaquim Castella Triginer, Christoph Schmittner
Affiliated:
Graz University of Technology, Virtual Vehicle Research GmbH, Austrian Institute of Technology
Pages: 17
Event:
SAE 2022 Intelligent and Connected Vehicles Symposium
ISSN:
0148-7191
e-ISSN:
2688-3627
Related Topics:
Connectivity
Risk assessments
Communication protocols
Regulations
Cybersecurity
Simulation and modeling
Identification
Fabrication
SAE MOBILUS
Subscribers can view annotate, and download all of SAE's content.
Learn More »