CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A risk assessment framework for automotive embedded systems

M.M. Islam ; Aljoscha Lautenbach (Institutionen för data- och informationsteknik (Chalmers) ; Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) ) ; C. Sandberg ; Tomas Olovsson (Institutionen för data- och informationsteknik, Nätverk och system (Chalmers) )
CPSS 2016 - Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, Co-located with Asia CCS 2016 p. 3-14. (2016)
[Konferensbidrag, refereegranskat]

© 2016 ACM.

The automotive industry is experiencing a paradigm shift towards autonomous and connected vehicles. Coupled with the increasing usage and complexity of electrical and/or electronic systems, this introduces new safety and security risks. Encouragingly, the automotive industry has relatively well-known and standardised safety risk management practices, but security risk management is still in its infancy. In order to facilitate the derivation of security requirements and security measures for automotive embedded systems, we propose a specifically tailored risk assessment framework, and we demonstrate its viability with an industry use-case. Some of the key features are alignment with existing processes for functional safety, and usability for non-security specialists.

The framework begins with a threat analysis to identify the assets, and threats to those assets. The following risk assessment process consists of an estimation of the threat level and of the impact level. This step utilises several existing standards and methodologies, with changes where necessary. Finally, a security level is estimated which is used to formulate high-level security requirements.

The strong alignment with existing standards and processes should make this framework well-suited for the needs in the automotive industry.

Nyckelord: Automotive security , Risk assessment , Security requirements , Threat analysis



Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2016-09-10.
CPL Pubid: 241617

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)