TY - JOUR
T1 - THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity
AU - Chlup, Sebastian
AU - Christl, Korbinian
AU - Schmittner, Christoph
AU - Shaaban, Abdelkader Magdy
AU - Schauer, Stefan
AU - Latzenhofer, Martin
PY - 2022
Y1 - 2022
N2 - The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if not secured thoroughly. Thus, the automotive sector is exposed to new cyber risk factors. Consequently, joint approaches targeting securing vehicles and infrastructure by identifying and mitigating potential threats for the automotive domain have been developed in several research projects. This paper builds on developments originating from these projects and correlated standards and regulations. Moreover, the extension of an existing threat modeling tool—THREATGET—with a novel automated approach toward attack propagation will be introduced. Therefore, we will conduct an analysis of a real-world example from the automotive domain. Furthermore, we will identify and analyze potential threats and discuss their accumulation to automatically generate an attack tree.
AB - The automotive domain is moving away from simple isolated vehicles to interconnected networks of heterogeneous systems forming a complex transportation infrastructure. The additional means of communication result in increased attack surfaces which can be exploited by physical as well as remote attackers if not secured thoroughly. Thus, the automotive sector is exposed to new cyber risk factors. Consequently, joint approaches targeting securing vehicles and infrastructure by identifying and mitigating potential threats for the automotive domain have been developed in several research projects. This paper builds on developments originating from these projects and correlated standards and regulations. Moreover, the extension of an existing threat modeling tool—THREATGET—with a novel automated approach toward attack propagation will be introduced. Therefore, we will conduct an analysis of a real-world example from the automotive domain. Furthermore, we will identify and analyze potential threats and discuss their accumulation to automatically generate an attack tree.
UR - https://www.mendeley.com/catalogue/3bf5a314-4c08-342c-9937-eb8963c6b9da/
U2 - 10.3390/info14010014
DO - 10.3390/info14010014
M3 - Article
SN - 2078-2489
VL - 14
SP - 1
EP - 28
JO - Information
JF - Information
IS - 1
ER -