Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms
Paper in proceeding, 2018
Modern vehicles are becoming targets and need to be secured throughout their lifetime. There exist several risk assessment models which can be used to derive security levels that describe to what extent components, functions and messages (signals), need to be protected. These models provide methods to gather application specific security requirements based on identified threat and item combinations that need to be coped with. However, a standardized mapping between security levels and required mandatory security mechanisms and design rules is currently missing. We address this problem first by suggesting that the risk assessment process should result in five security levels, similar to the functional safety standard ISO 26262. Second, we identify suitable security mechanisms and design rules for automotive system design and associate them with appropriate security levels. Our proposed methodology is as much as possible aligned with ISO 26262 and we believe that it should therefore be realistic to deploy in existing organizations.
Safety
Security
Automotive engineering
Risk management
ISO Standards
Author
Thomas Rosenstatter
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
Tomas Olovsson
Chalmers, Computer Science and Engineering (Chalmers), Networks and Systems (Chalmers)
IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC
Vol. 2018-November 1501-1507 8569679
978-1-7281-0323-5 (ISBN)
21st International Conference on Intelligent Transportation Systems (ITSC)
Maui, Hawaii, USA,
Maui, Hawaii, USA,
Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)
VINNOVA (2015-06894), 2016-04-01 -- 2019-03-31.
Subject Categories
Embedded Systems
Computer Systems
DOI
10.1109/ITSC.2018.8569679