Please use this identifier to cite or link to this item:
Title: STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles
Authors: Abuabed, Zaina 
Alsadeh, Ahmad 
Taweel, Adel 
Keywords: Automated vehicles;Driver assistance systems
Issue Date: Oct-2023
Abstract: Modern automobiles are becoming increasingly sophisticated with enhanced features. Modern car systems have hundreds of millions of lines of code, which increase the attack surface. To address this concern, this paper proposes a new cybersecurity analysis framework that complies with the ISO/SAE 21434:2021 standard. The framework uses the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model, the Attack Tree Analysis (ATA) approach, and the Common Vulnerability Scoring System (CVSS) as a key score exploitation matrix to rate identified potential threats. To evaluate, the framework was applied, to real-life scenarios, to examine the possible cyber threats in Advanced Driver-Assistance Systems (ADAS). To assess, a tool was implemented to automate threat impact ratings, according to safety, operational, financial, privacy, and legislative metrics. It also automates attack feasibility ratings considering attack vectors, complexity, authentication, and risk level identification based on a five-by-five risk matrix. As a result, 199 potential threats were identified and addressed in, four targeted, ADAS-related use cases. For the Lane-Keeping safety-critical use case, as an example, five security requirements were elicited as countermeasures. These results show that ADAS in modern vehicles are vulnerable to cyberattacks.
Appears in Collections:Fulltext Publications
Fulltext Publications

Files in This Item:
File Description SizeFormat
ZainaAbuabed_STRIDE.pdf3.33 MBAdobe PDFView/Open
Show full item record

Page view(s)

checked on Jun 18, 2024


checked on Jun 18, 2024

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.