Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms
Paper in proceedings, 2018

Modern vehicles are becoming targets and need to be secured throughout their lifetime. There exist several risk assessment models which can be used to derive security levels that describe to what extent components, functions and messages (signals), need to be protected. These models provide methods to gather application specific security requirements based on identified threat and item combinations that need to be coped with. However, a standardized mapping between security levels and required mandatory security mechanisms and design rules is currently missing. We address this problem first by suggesting that the risk assessment process should result in five security levels, similar to the functional safety standard ISO 26262. Second, we identify suitable security mechanisms and design rules for automotive system design and associate them with appropriate security levels. Our proposed methodology is as much as possible aligned with ISO 26262 and we believe that it should therefore be realistic to deploy in existing organizations.

Safety

Security

Automotive engineering

Risk management

ISO Standards

Author

Thomas Rosenstatter

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

Tomas Olovsson

Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)

IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC

1501-1507 8569679

21st International Conference on Intelligent Transportation Systems (ITSC)
Maui, Hawaii, USA,

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA, 2016-04-01 -- 2019-03-31.

Subject Categories

Embedded Systems

Computer Systems

DOI

10.1109/ITSC.2018.8569679

More information

Latest update

3/22/2019