Towards a Standardized Mapping from Automotive Security Levels to Security Mechanisms
Paper i proceeding, 2018

Modern vehicles are becoming targets and need to be secured throughout their lifetime. There exist several risk assessment models which can be used to derive security levels that describe to what extent components, functions and messages (signals), need to be protected. These models provide methods to gather application specific security requirements based on identified threat and item combinations that need to be coped with. However, a standardized mapping between security levels and required mandatory security mechanisms and design rules is currently missing. We address this problem first by suggesting that the risk assessment process should result in five security levels, similar to the functional safety standard ISO 26262. Second, we identify suitable security mechanisms and design rules for automotive system design and associate them with appropriate security levels. Our proposed methodology is as much as possible aligned with ISO 26262 and we believe that it should therefore be realistic to deploy in existing organizations.

Safety

Security

Automotive engineering

Risk management

ISO Standards

Författare

Thomas Rosenstatter

Chalmers, Data- och informationsteknik, Nätverk och system

Tomas Olovsson

Chalmers, Data- och informationsteknik, Nätverk och system

IEEE Conference on Intelligent Transportation Systems, Proceedings, ITSC

1501-1507 8569679

21st International Conference on Intelligent Transportation Systems (ITSC)
Maui, Hawaii, USA,

Holistiskt angreppssätt att förbättra datasäkerhet (HoliSec)

VINNOVA, 2016-04-01 -- 2019-03-31.

Ämneskategorier

Inbäddad systemteknik

Datorsystem

DOI

10.1109/ITSC.2018.8569679

Mer information

Senast uppdaterat

2019-03-22