2019
DOI: 10.1155/2019/4614721
|View full text |Cite
|
Sign up to set email alerts
|

A Comparative Study of JASO TP15002-Based Security Risk Assessment Methods for Connected Vehicle System Design

Abstract: In recent years, much attention has been paid to autonomous vehicles and security threats on such vehicles have become an important issue. One of these examples is a command injection issue on a gateway ECU, which was reported in 2016. In order to mitigate these threats, the secure design of connected vehicle systems, which is done at the concept phase during development, has become increasingly important in industry. From this perspective, a security guideline such as JASO TP15002 which specifies two concrete… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
7
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
5
2
1

Relationship

2
6

Authors

Journals

citations
Cited by 11 publications
(7 citation statements)
references
References 40 publications
0
7
0
Order By: Relevance
“…The security analysis process specified in JASO TP15002 [14] consists of five phases: ToE (Target of Evaluation) definition, Threat analysis, Risk assessment, Define security objectives, and Security requirement selection. We follow a concretization of it studied in [26]. It also reflects a refactoring of the process and data in the original security analysis process.…”
Section: Process Overviewmentioning
confidence: 99%
See 1 more Smart Citation
“…The security analysis process specified in JASO TP15002 [14] consists of five phases: ToE (Target of Evaluation) definition, Threat analysis, Risk assessment, Define security objectives, and Security requirement selection. We follow a concretization of it studied in [26]. It also reflects a refactoring of the process and data in the original security analysis process.…”
Section: Process Overviewmentioning
confidence: 99%
“…Based on the model in [27], a vehicular network system can be specified as the ToE. While the entire network system is analyzed in [26], the focus of this paper is on specific parts of the network (Fig. 5).…”
Section: Target Of Evaluation(toe)mentioning
confidence: 99%
“…e Japanese Automotive Standard Organization (JASO) published the TP15002 guideline to standardize the procedures of the security design in the early stage of the development [12]. Kawanishi et al proposed better solutions for security evaluation based on TP15002 [13,14]. e E-safety Vehicle Intrusion Protected Application (EVITA) project, funded by European Union, designed, verified, and prototyped a security architecture for in-vehicle networks where securityrelevant components and data are pretested against unauthorized access.…”
Section: Cybersecurity Designmentioning
confidence: 99%
“…Threat identification is used to identify possible security threats inside each target of evaluation (TOE) module, such as message tampering, malicious code injection, and message blocking. Attack surfaces and corresponding threats against connected vehicles have been investigated by [4,11,16,26]. In our example, the possible attacks were extracted from these research efforts.…”
Section: Threat Identificationmentioning
confidence: 99%