Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434

Christophe Ponsard; Valery Ramon; Jean-Christophe Deprez

doi:10.5220/0010603008330838

Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434

Christophe Ponsard, Valery Ramon, Jean-Christophe Deprez

2021

Abstract

As cars are increasingly connected and autonomous, they also become more exposed to cyber security threats. Providing strong protection and reactive response to such threats in a large industry involving many tiers and complex safety critical systems is challenging and required the development of the new ISO 21434 standard. Along with ISO 2626 dedicated to safety, it provides solid grounds for safety-security co-engineering. This paper focuses on how to provide effective and efficient support to the risk assessment phase based on a model-based approach. A rich goal-oriented meta-model is proposed to capture automotive assets and system properties, to estimate the impact of damage scenarios, to identify threats and to assess their feasibility. The approach is implemented as proof-of-concept through the meta-model adaptation of a generic co-engineering platform and is illustrated on the car light control sub-system.

Download

Paper Citation

in Harvard Style

Ponsard C., Ramon V. and Deprez J. (2021). Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 833-838. DOI: 10.5220/0010603008330838

in Bibtex Style

@conference{secrypt21,
author={Christophe Ponsard and Valery Ramon and Jean-Christophe Deprez},
title={Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={833-838},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010603008330838},
isbn={978-989-758-524-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Goal and Threat Modelling for Driving Automotive Cybersecurity Risk Analysis Conforming to ISO/SAE 21434
SN - 978-989-758-524-1
AU - Ponsard C.
AU - Ramon V.
AU - Deprez J.
PY - 2021
SP - 833
EP - 838
DO - 10.5220/0010603008330838