ThreatSurf: A method for automated Threat Surface assessment in automotive cybersecurity engineering

Connected smart cars enable new attacks that may have serious consequences. Thus, the development of new cars must follow a cybersecurity engineering process including a Threat Analysis and Risk Assessment (TARA). The attack surface assessment is a central aspect of a TARA. In this paper, we introduce a concrete approach for attack surface assessment following the steps asset identification, threat scenario identification, attack path analysis, and attack feasibility rating of a TARA compliant to ISO/SAE DIS 21434 and an approach to automatize them. We define a generic reference architecture and assets constituting the attack surface, attack building blocks with associated feasibility rating, and a method for automated generation and rating of attack paths using the attack building blocks and attack feasibility. Our exemplary application of the automated attack surface assessment on several threats from the UN regulation no. 155 shows the feasibility of our approach.