Abstract:

Connected vehicles have thousands of components, including software-based applications, making their safety and security-critical. However, the automotive industry faces challenges such as a lack of control over post-market devices, chip shortages leading to fake components, and limited trained resources. Current Threat Modelling and Risk Analysis approaches are insufficient, particularly STRIDE (Spoofing, Tampering, Repudiation, Integrity, Denial of Service and Elevation of Privilege) due to the complex networked interfaces of connected vehicles. Compliance with industry standards, such as ISO/SAE 21434, is also challenging. A more comprehensive approach, such as using STRIDE, Lateral Movement, and the Threat Analysis and Risk Assessment (TARA) process, is necessary to identify critical assets, threats, and associated risks. Simulating potential attack scenarios can help develop effective security strategies. Using tools and solutions can also help smaller automotive manufacturers meet security requirements and reduce costs. Adopting a comprehensive approach to Threat Modelling and Risk Analysis can improve safety and security for connected vehicles.

Keywords: Threat Modelling, Risk Analysis, TARA, ISO/SAE 21434, STRIDE, Lateral Movement, Connected Vehicle, TARA Tool, Compliance

Published in: First International Conference On Computational Intelligence For Information, Security And Communication Applications (CIISCA-2023)