Threat Modeling for Automotive Security Analysis
نویسندگان
چکیده
Connected and intelligent vehicles create new risks to cybersecurity and road safety. Threat modeling is a building block in automotive security engineering that identifies potential threats for corresponding mitigations. In this paper, we address how to conduct threat modeling for automotive security analysis during the development lifecycle. We propose a practical and efficient approach to threat modeling, extending existing tool support and demonstrating its applicability and feasibility.
منابع مشابه
Modeling Guidelines and Usage Analysis Towards Applying HiP-HOPS Method to Airborne Electrical Systems
11:20-11:45 Simulation of Automotive Security Threat Warnings to Analyze Driver Interpretations and Emotional Transitions Robert Altschaffel, Tobias Hoppe, Sven Kuhlmann, Jana Dittmann 11:45-12:10 Improving Dependability of Vision-Based Advanced Driver Assistance Systems Using Navigation Data and Checkpoint Recognition Ayhan Mehmed, Sasikumar Punnekkat, Wilfried Steiner, Giacomo Spampinato, Mar...
متن کاملStandard Compliant Hazard and Threat Analysis for the Automotive Domain
The automotive industry has successfully collaborated to release the ISO 26262 standard for developing safe software for cars. The standard describes in detail how to conduct hazard analysis and risk assessments to determine the necessary safety measures for each feature. However, the standard does not concern threat analysis for malicious attackers or how to select appropriate security counter...
متن کاملSecurity Threat Modeling and Analysis: a Goal-oriented Approach
Threat modeling provides a good foundation for the specification of security requirements during application development. When applied during the early phases of software development, threat modeling empowers developers in several ways. These range from verifying application architecture, identifying and evaluating threats, designing countermeasures, to penetration testing based on a threat mod...
متن کاملExperiences Threat Modeling at Microsoft
Describes a decade of experience threat modeling products and services at Microsoft. Describes the current threat modeling methodology used in the Security Development Lifecycle. The methodology is a practical approach, usable by non-experts, centered on data flow diagrams and a threat enumeration technique of ‘STRIDE per element.’ The paper covers some lessons learned which are likely applicab...
متن کاملAutomotive Proxy-Based Security Architecture for CE Device Integration
Increasing adoption of Consumer Electronic (CE) devices in the automotive world encourages car makers to propose new CE-related features each year. However, car complexity and security concerns slow down this process. The ubiquitous and personal nature of such devices represents a real threat for car IT systems. We believe that the arrival of IP standards in car should solve most of these issue...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016