Please use this identifier to cite or link to this item: http://hdl.handle.net/20.500.11889/8391
Title: STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles
Authors: Abuabed, Zaina 
Alsadeh, Ahmad 
Taweel, Adel 
Keywords: Attack tree;Cybersecurity for vehicle;Electric vehicles - Security measures;Exploitability;Impact rating;Electric vehicles - Risk management;Risk management;Financial risk management;Risk matrix;Threat modeling
Issue Date: 2023
Abstract: Modern automobiles are becoming increasingly sophisticated with enhanced features. Modern car systems have hundreds of millions of lines of code, which increase the attack surface. To address this concern, this paper proposes a new cybersecurity analysis framework that complies with the ISO/SAE 21434:2021 standard. The framework uses the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model, the Attack Tree Analysis (ATA) approach, and the Common Vulnerability Scoring System (CVSS) as a key score exploitation matrix to rate identified potential threats. To evaluate, the framework was applied, to real-life scenarios, to examine the possible cyber threats in Advanced Driver Assistance Systems (ADAS). To assess, a tool was implemented to automate threat impact ratings, according to safety, operational, financial, privacy, and legislative metrics. It also automates attack feasibility ratings considering attack vectors, complexity, authentication, and risk level identification based on a five-by-five risk matrix. As a result, 199 potential threats were identified and addressed in, four targeted, ADAS-related use cases. For the Lane-Keeping safety-critical use case, as an example, five security requirements were elicited as countermeasures. These results show that ADAS in modern vehicles are vulnerable to cyberattacks.
URI: http://hdl.handle.net/20.500.11889/8391
Appears in Collections:Fulltext Publications

Files in This Item:
File Description SizeFormat
STRIDE threat model-based framework for assessing the vulnerabilities of.pdf3.22 MBAdobe PDFView/Open
Show full item record

Page view(s)

24
checked on Jun 18, 2024

Download(s)

108
checked on Jun 18, 2024

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.