THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity
The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attac...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-12-01
|
| Series: | Information |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2078-2489/14/1/14 |
| _version_ | 1797440937067020288 |
|---|---|
| author | Sebastian Chlup Korbinian Christl Christoph Schmittner Abdelkader Magdy Shaaban Stefan Schauer Martin Latzenhofer |
| author_facet | Sebastian Chlup Korbinian Christl Christoph Schmittner Abdelkader Magdy Shaaban Stefan Schauer Martin Latzenhofer |
| author_sort | Sebastian Chlup |
| collection | DOAJ |
| description | The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if not secured thoroughly. Thus, the automotive sector is exposed to new cyber risk factors. Consequently, joint approaches targeting securing vehicles and infrastructure by identifying and mitigating potential threats for the automotive domain have been developed in several research projects. This paper builds on developments originating from these projects and correlated standards and regulations. Moreover, the extension of an existing threat modeling tool—THREATGET—with a novel automated approach toward attack propagation will be introduced. Therefore, we will conduct an analysis of a real-world example from the automotive domain. Furthermore, we will identify and analyze potential threats and discuss their accumulation to automatically generate an attack tree. |
| first_indexed | 2024-03-09T12:16:37Z |
| format | Article |
| id | doaj.art-3bc59fd3e1aa4cd89d82ca8daa377014 |
| institution | Directory Open Access Journal |
| issn | 2078-2489 |
| language | English |
| last_indexed | 2024-03-09T12:16:37Z |
| publishDate | 2022-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Information |
| spelling | doaj.art-3bc59fd3e1aa4cd89d82ca8daa3770142023-11-30T22:46:04ZengMDPI AGInformation2078-24892022-12-011411410.3390/info14010014THREATGET: Towards Automated Attack Tree Analysis for Automotive CybersecuritySebastian Chlup0Korbinian Christl1Christoph Schmittner2Abdelkader Magdy Shaaban3Stefan Schauer4Martin Latzenhofer5Austrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaAustrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaAustrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaAustrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaAustrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaAustrian Institute of Technology GmbH, Giefinggasse 4, 1210 Vienna, AustriaThe automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if not secured thoroughly. Thus, the automotive sector is exposed to new cyber risk factors. Consequently, joint approaches targeting securing vehicles and infrastructure by identifying and mitigating potential threats for the automotive domain have been developed in several research projects. This paper builds on developments originating from these projects and correlated standards and regulations. Moreover, the extension of an existing threat modeling tool—THREATGET—with a novel automated approach toward attack propagation will be introduced. Therefore, we will conduct an analysis of a real-world example from the automotive domain. Furthermore, we will identify and analyze potential threats and discuss their accumulation to automatically generate an attack tree.https://www.mdpi.com/2078-2489/14/1/14automotive cybersecuritythreat modelingattack treesrisk management |
| spellingShingle | Sebastian Chlup Korbinian Christl Christoph Schmittner Abdelkader Magdy Shaaban Stefan Schauer Martin Latzenhofer THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity Information automotive cybersecurity threat modeling attack trees risk management |
| title | THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity |
| title_full | THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity |
| title_fullStr | THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity |
| title_full_unstemmed | THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity |
| title_short | THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity |
| title_sort | threatget towards automated attack tree analysis for automotive cybersecurity |
| topic | automotive cybersecurity threat modeling attack trees risk management |
| url | https://www.mdpi.com/2078-2489/14/1/14 |
| work_keys_str_mv | AT sebastianchlup threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity AT korbinianchristl threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity AT christophschmittner threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity AT abdelkadermagdyshaaban threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity AT stefanschauer threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity AT martinlatzenhofer threatgettowardsautomatedattacktreeanalysisforautomotivecybersecurity |