Abstract

Modern automobiles are becoming increasingly sophisticated with enhanced features. Modern car systems have hundreds of millions of lines of code, which increase the attack surface. To address this concern, this paper proposes a new cybersecurity analysis framework that complies with the ISO/SAE 21434:2021 standard. The framework uses the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model, the Attack Tree Analysis (ATA) approach, and the Common Vulnerability Scoring System (CVSS) as a key score exploitation matrix to rate identified potential threats. To evaluate, the framework was applied, to real-life scenarios, to examine the possible cyber threats in Advanced Driver-Assistance Systems (ADAS). To assess, a tool was implemented to automate threat impact ratings, according to safety, operational, financial, privacy, and legislative metrics. It also automates attack feasibility ratings considering attack vectors, complexity, authentication, and risk level identification based on a five-by-five risk matrix. As a result, 199 potential threats were identified and addressed in, four targeted, ADAS-related use cases. For the Lane-Keeping safety-critical use case, as an example, five security requirements were elicited as countermeasures. These results show that ADAS in modern vehicles are vulnerable to cyberattacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.