Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Attack Surface Assessment for Cybersecurity Engineering in the Automotive Domain

 
: Plappert, C.; Zelle, D.; Gadacz, H.; Rieke, R.; Scheuermann, D.; Krauß, C.

:

Institute of Electrical and Electronics Engineers -IEEE-:
29th Euromicro International Conference on Parallel, Distributed and Network-Based Processing, PDP 2021. Proceedings : Valladolid, Spain, 10-12 March 2021, on-line conference
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2021
ISBN: 978-1-6654-4764-5
ISBN: 978-1-6654-1455-5
S.266-275
International Conference on Parallel, Distributed and Network-Based Processing (PDP) <29, 2021, Online>
Englisch
Konferenzbeitrag
Fraunhofer SIT ()

Abstract
Connected smart cars enable new attacks that may have serious consequences. Thus, the development of new cars must follow a cybersecurity engineering process as defined for example in ISO/SAE 21434. A central part of such a process is the threat and risk assessment including an attack feasibility rating. In this paper, we present an attack surface assessment with focus on the attack feasibility rating compliant to ISO/SAE 21434. We introduce a reference architecture with assets constituting the attack surface, the attack feasibility rating for these assets, and the application of this rating on typical use cases. The attack feasibility rating assigns attacks and assets to an evaluation of the attacker dimensions such as the required knowledge and the feasibility of attacks derived from it. Our application of sample use cases shows how this rating can be used to assess the feasibility of an entire attack path. The attack feasibility rating can be used as a building block in a threat and risk assessment according to ISO/SAE 21434.

: http://publica.fraunhofer.de/dokumente/N-637561.html