Home // SECURWARE 2023, The Seventeenth International Conference on Emerging Security Information, Systems and Technologies // View article

Leveraging Attack Graphs in Automotive Threat Analysis and Risk Assessment

Authors:
Mera Nizam-Edden Saulaiman
Miklos Kozlovszky
Akos Csilling

Keywords: TARA, threat and risk analysis, automotive network, connected vehicles

Abstract:
With the increase in complexity of automotive network systems and the shift towards connected vehicles, cyber threats are constantly evolving, creating the need for advanced methodologies to assess and mitigate these threats and ensure the security of these systems. The ISO/SAE 21434 standard defines the Threat Analysis and Risk Assessment (TARA) methodology as a key activity for analyzing and assessing cybersecurity risks for a defined automotive system. In this paper, we introduce a Graph-based Attack Path Prioritization Tool (GAPP), which aims to introduce the concept of automation and address the limitations of manual TARA. GAPP automates the generation of attack paths, calculates the feasibility of each path, and identifies the most feasible attack paths within automotive networks. By providing a more dynamic, comprehensive, and automated means of analyzing network security, our approach aims to enhance TARA and offers a promising avenue for future research and development in the field of automotive cybersecurity.

Pages: 82 to 87

Copyright: Copyright (c) IARIA, 2023

Publication date: September 25, 2023

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-68558-092-6

Location: Porto, Portugal

Dates: from September 25, 2023 to September 29, 2023