Threat Modeling and Attack Simulations of Connected Vehicles: Proof of Concept

Xiong, Wenjun; Krantz, Fredrik; Lagerström, Robert

doi:10.1007/978-3-030-49443-8_13

Cited by 6 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the context of automotive systems, threat modeling plays a crucial role in ensuring the safety and security of vehicles and their associated technologies [190,191]. As technology continues to advance, vehicles are becoming increasingly interconnected and reliant on software, making them more susceptible to cyber threats [192,193]. Threat modeling helps organizations proactively identify and mitigate potential risks, minimizing the likelihood of successful attacks and their potential impact.…”

Section: Threat Modelingmentioning

confidence: 99%

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Krichen

2023

Information

View full text Add to dashboard Cite

The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems.

show abstract

Section: Threat Modelingmentioning

confidence: 99%

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Krichen

2023

Information

View full text Add to dashboard Cite

show abstract

“…Some researchers have investigated the combined use of threat modeling and attack simulations in domains such as energy [51] and vehicular IT [27,57]. CySeMoL [45] is a cyber security modeling language for enterprise-level system architectures; P 2 CySeMoL [19], which is further development of CySeMoL, is an attack graph tool for estimating the cyber security of EAs.…”

Section: Attack Simulationsmentioning

confidence: 99%

Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix

et al. 2021

Self Cite

View full text Add to dashboard Cite

Enterprise systems are growing in complexity, and the adoption of cloud and mobile services has greatly increased the attack surface. To proactively address these security issues in enterprise systems, this paper proposes a threat modeling language for enterprise security based on the MITRE Enterprise ATT&CK Matrix. It is designed using the Meta Attack Language framework and focuses on describing system assets, attack steps, defenses, and asset associations. The attack steps in the language represent adversary techniques as listed and described by MITRE. This entity-relationship model describes enterprise IT systems as a whole; by using available tools, the proposed language enables attack simulations on its system model instances. These simulations can be used to investigate security settings and architectural changes that might be implemented to secure the system more effectively. Our proposed language is tested with a number of unit and integration tests. This is visualized in the paper with two real cyber attacks modeled and simulated.

show abstract

“…e threat model in SecuriCAD is mainly composed of three components: host, network, and attacker. Figure 7 is a partial model of the 2015 Cadillac Escalade vehicle network constructed by Xiong et al [38], where host mainly refers to ECUs and network includes CAN, LIN, MOST, and ethernet. ese are the assets that need to be protected in the system.…”

Section: Threat Analysis and Risk Assessment Toolsmentioning

confidence: 99%

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Luo

Jiang

Zhang

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

With the rapid development of connected vehicles, people can get a better driving experience. However, the interconnection with the external network may bring growing accidents caused by cybersecurity vulnerabilities. As a result, automakers are paying more attention to cybersecurity and spending more cost on developing cybersecurity defense mechanisms. Threat analysis and risk assessment (TARA) is an efficient method to ensure the defense effect and greatly save costs in the early stage of vehicle development. It analyzes the threat of vehicle systems and determines the hierarchical defense and corresponding mitigations according to the potential threat to the system. This paper gives an overview of threat analysis and risk assessment in the automotive field. First, a novel classification of different TARA methods has been proposed. The existing methods have been analyzed and compared. Then, we have found some commonly used tools applied to TARA and compared their performance. After that, a concept named attack-defense mapping is proposed to figure out how to map the already found threats and vulnerabilities of the system to the appropriate mitigations. At last, the future development directions of TARA in the automotive domain have been discussed.

show abstract

Threat Modeling and Attack Simulations of Connected Vehicles: Proof of Concept

Cited by 6 publications

References 26 publications

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Contact Info

Product

Resources

About