Please use this identifier to cite or link to this item:
http://hdl.handle.net/20.500.11889/8551
Title: | STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles | Authors: | Abuabed, Zaina Alsadeh, Ahmad Taweel, Adel |
Keywords: | Automated vehicles;Driver assistance systems | Issue Date: | Oct-2023 | Abstract: | Modern automobiles are becoming increasingly sophisticated with enhanced features. Modern car systems have hundreds of millions of lines of code, which increase the attack surface. To address this concern, this paper proposes a new cybersecurity analysis framework that complies with the ISO/SAE 21434:2021 standard. The framework uses the Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privileges (STRIDE) threat model, the Attack Tree Analysis (ATA) approach, and the Common Vulnerability Scoring System (CVSS) as a key score exploitation matrix to rate identified potential threats. To evaluate, the framework was applied, to real-life scenarios, to examine the possible cyber threats in Advanced Driver-Assistance Systems (ADAS). To assess, a tool was implemented to automate threat impact ratings, according to safety, operational, financial, privacy, and legislative metrics. It also automates attack feasibility ratings considering attack vectors, complexity, authentication, and risk level identification based on a five-by-five risk matrix. As a result, 199 potential threats were identified and addressed in, four targeted, ADAS-related use cases. For the Lane-Keeping safety-critical use case, as an example, five security requirements were elicited as countermeasures. These results show that ADAS in modern vehicles are vulnerable to cyberattacks. | URI: | http://hdl.handle.net/20.500.11889/8551 | DOI: | https://doi.org/10.1016/j.cose.2023.103391 139122448 139122448 https://doi.org/10.1016/j.cose.2023.103391 139122448 https://doi.org/10.1016/j.cose.2023.103391 https://doi.org/10.1016/j.cose.2023.103391 139122448 https://doi.org/10.1016/j.cose.2023.103391 139122448 https://doi.org/10.1016/j.cose.2023.103391 139122448 https://doi.org/10.1016/j.cose.2023.103391 139122448 |
Appears in Collections: | Fulltext Publications Fulltext Publications |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
ZainaAbuabed_STRIDE.pdf | 3.33 MB | Adobe PDF | View/Open |
Page view(s)
56
checked on May 13, 2024
Download(s)
32
checked on May 13, 2024
Google ScholarTM
Check
Altmetric
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.