Abstract
In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems which depend on a set of sensors to interact with each other and with the surrounding environment. While these improvements have increased the safety and incontestability of the automotive system, they have opened the door for new potential security threats which need to be defined, assessed, and mitigated. The SAE J3061 standard has defined threat modeling as a critical step toward the secure development process for vehicle systems, but it did not determine which method could be used to achieve this process. Therefore, many threat modeling approaches were adopted. However, using one individual approach will not identify all the threats which could target the system, and may lead to insufficient mitigation mechanisms. Thus, having complete security requires the usage of a comprehensive threat model which identifies all the potential threats and vulnerabilities. In this work, we tried to revise the existing threat modeling efforts in the vehicular domain. Also, we proposed using a hybrid method called the Software, Asset, Vulnerability, Threat, and Attacker (SAVTA)-centric method to support security analysis for vehicular systems. SAVTA combines different existing threat modeling approaches to create a comprehensive and hybridized threat model. The model is used as an aid to construct general attack trees which illustrate attack vectors that threaten a particular vehicle asset and classify these attacks under different sub-trees.
Highlights
In recent years, vehicles manufacturing has changed significantly: vehicles moved from a largely electro-mechanical system into an Electrical and Electronic (E/E) system
As we showed in the previous section, there are many threat modeling approaches that have been implemented within the vehicular domain
We created a comprehensive threat model based on the existing vehicle-related threat modeling efforts
Summary
Vehicles manufacturing has changed significantly: vehicles moved from a largely electro-mechanical system into an Electrical and Electronic (E/E) system. ConnectedDrive [7], the WIFI access point of the Mitsubishi Outlander plugin hybrid electric vehicle (PHEV) [8], GM’s Onstar [9], and many others Those vulnerabilities gave attackers the chance to perform numerous attacks and many malicious actions such as turning on/off air conditioning, heating, and lights, disabling the theft alarm and so forth. Speaking, the lack of a general threat model within the vehicular domain makes threat analysis for the different subsystems a resource-consuming task. It increases the possibility of inconsistencies between the interacting subsystems and causes redundancy when defining the attack vectors.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
