A risk assessment framework for automotive embedded systems
Paper i proceeding, 2016

© 2016 ACM. The automotive industry is experiencing a paradigm shift towards autonomous and connected vehicles. Coupled with the increasing usage and complexity of electrical and/or electronic systems, this introduces new safety and security risks. Encouragingly, the automotive industry has relatively well-known and standardised safety risk management practices, but security risk management is still in its infancy. In order to facilitate the derivation of security requirements and security measures for automotive embedded systems, we propose a specifically tailored risk assessment framework, and we demonstrate its viability with an industry use-case. Some of the key features are alignment with existing processes for functional safety, and usability for non-security specialists. The framework begins with a threat analysis to identify the assets, and threats to those assets. The following risk assessment process consists of an estimation of the threat level and of the impact level. This step utilises several existing standards and methodologies, with changes where necessary. Finally, a security level is estimated which is used to formulate high-level security requirements. The strong alignment with existing standards and processes should make this framework well-suited for the needs in the automotive industry.

Automotive security

Threat analysis

Risk assessment

Security requirements

Författare

Mafijul Islam

Volvo

Aljoscha Lautenbach

Chalmers, Data- och informationsteknik, Nätverk och system

C. Sandberg

Volvo

Tomas Olovsson

Chalmers, Data- och informationsteknik, Nätverk och system

CPSS 2016 - Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, Co-located with Asia CCS 2016

3-14

Styrkeområden

Informations- och kommunikationsteknik

Transport

Ämneskategorier

Systemvetenskap

Inbäddad systemteknik

Datorsystem

DOI

10.1145/2899015.2899018

ISBN

978-1-4503-4288-9