Challenges and Opportunities for Model-Based Security Risk Assessment of Cyber-Physical Systems

Rocchetto, Marco; Ferrari, Alberto; Senni, Valerio

doi:10.1007/978-3-319-95597-1_2

Cited by 9 publications

(5 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The adoption of models can increase confidence and completeness in risk assessment, provide formal support for a more objective evaluation and documentation of the risk assessment rationale through reviewable artefacts and support change management through traceability of risks to design elements [28]. However, the results of the security evaluation are usually considered only during the design phase to validate or certify the security of the CPS, missing very valuable information that reports the security flaws that the system has and how they could be avoided during the system's operation phase.…”

Section: Underestimated Security Assessment Resultsmentioning

confidence: 99%

Integrating the Manufacturer Usage Description Standard in The Modelling of Cyber-Physical Systems

Garcia

Sánchez-Cabrera²,

Schiavone³

et al. 2023

SSRN Journal

View full text Add to dashboard Cite

Section: Underestimated Security Assessment Resultsmentioning

confidence: 99%

Integrating the Manufacturer Usage Description Standard in The Modelling of Cyber-Physical Systems

Garcia

Sánchez-Cabrera²,

Schiavone³

et al. 2023

SSRN Journal

View full text Add to dashboard Cite

“…Rocchetto et al [48] performed a cost/benefit trade-off analysis to justify the necessary costs implied by the corresponding countermeasures and the adoption of specific security requirements. ey proposed two different costs, the cost for the attackers and the cost to mitigate the vulnerability.…”

Section: Designed-rule-based Approachmentioning

confidence: 99%

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Luo

Jiang

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of connected vehicles, people can get a better driving experience. However, the interconnection with the external network may bring growing accidents caused by cybersecurity vulnerabilities. As a result, automakers are paying more attention to cybersecurity and spending more cost on developing cybersecurity defense mechanisms. Threat analysis and risk assessment (TARA) is an efficient method to ensure the defense effect and greatly save costs in the early stage of vehicle development. It analyzes the threat of vehicle systems and determines the hierarchical defense and corresponding mitigations according to the potential threat to the system. This paper gives an overview of threat analysis and risk assessment in the automotive field. First, a novel classification of different TARA methods has been proposed. The existing methods have been analyzed and compared. Then, we have found some commonly used tools applied to TARA and compared their performance. After that, a concept named attack-defense mapping is proposed to figure out how to map the already found threats and vulnerabilities of the system to the appropriate mitigations. At last, the future development directions of TARA in the automotive domain have been discussed.

show abstract

“…Risk Analysis includes a review of identified risks to provide a quantitative estimate for the likelihood of a specific risk and the related impact on assets [77]. During risk evaluation, each risk is compared against an evaluation criteria, where risks are measured against security requirements indicating the required security measures' [79,77]. This is Table 1.7 ISO 27001:2013 provides a standard framework for information security management, where risk assessment is characterized by three activities: identification, analysis and evaluation.…”

Section: Risk Assessmentmentioning

confidence: 99%