Browse Publications Technical Papers 2022-28-0304

Common Vulnerability Considerations as an Integral Part of the Automotive Cybersecurity Engineering Process 2022-28-0304

In the present scenario, the automotive industry is driven by information technology. Most of the innovations such as automotive interconnectivity, e-mobility, automotive electronics are data-driven systems to decide and to act on the functionality of vehicle architecture. Connectivity has its own concerns about message spoofing, tampering, and increased privacy-focused information hardening by exploiting weak points. Weaknesses ends up in a vulnerability resulting in legal consequences, reputation, cost of recalls, installation of software package bug fixes. Vulnerability tracking and control are taken into consideration because of the incident responses for on-avenue vehicles. Several weaknesses associated with degreed vulnerabilities are documented in databases like CWE (common weakness enumeration) and CVE (common vulnerability and exposures) respectively, significantly to automotive, it’s miles obvious that most of the methods employed by the attackers are known and reused strategies. To build secure systems of road vehicles, the cybersecurity engineering standard ISO21434[11] suggests the evaluation of vulnerabilities throughout engineering process, such as attack path analysis, system requirement stage, software architecture, design, and implementation and testing phases. With my analysis and practices, it is appropriate to include the common vulnerabilities that ought to be an integral part of the automotive cybersecurity engineering process.
In this paper, the author would like to provide a list of vulnerabilities that might be a suggestion for threat analysis and risk assessment and propose two solutions that may be adopted directly in the V-model for security-relevant software development.


Subscribers can view annotate, and download all of SAE's content. Learn More »


Members save up to 16% off list price.
Login to see discount.
Special Offer: Download multiple Technical Papers each year? TechSelect is a cost-effective subscription option to select and download 12-100 full-text Technical Papers per year. Find more information here.
We also recommend:

Cybersecurity Testing and Validation


View Details


Knowledge System Based Design-for-Reliability for Developing Connected Intelligent Products


View Details


Hypervisor Implementation in Vehicle Networks


View Details