Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Jürgen Dobaj; Damjan Ekert; Jakub Stolfa; Svatopluk Stolfa; Georg Macher; Richard Messnarz

doi:10.3897/JUCS.72367

Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Jürgen Dobaj, Damjan Ekert, Jakub Stolfa, Svatopluk Stolfa, Georg Macher, Richard Messnarz

Institut für Technische Informatik (4480)

Publikation: Beitrag in einer Fachzeitschrift › Artikel › Begutachtung

Abstract

Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

Originalsprache	englisch
Seiten (von - bis)	830-849
Seitenumfang	20
Fachzeitschrift	Journal of Universal Computer Science
Jahrgang	27
Ausgabenummer	8
DOIs	https://doi.org/10.3897/JUCS.72367
Publikationsstatus	Veröffentlicht - 2021

ASJC Scopus subject areas

Theoretische Informatik
Allgemeine Computerwissenschaft

Zugriff auf Dokument

10.3897/JUCS.72367

Andere Dateien und Links

Verknüpfung zur Publikation in Scopus

Dieses zitieren

@article{9a6edc5e331c4ee299eb4378471f8695,

title = "Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study",

abstract = "Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.",

keywords = "Cybersecurity, Design Patterns, Risk Assessment, Threat Modeling, Validation, Verification",

author = "J{\"u}rgen Dobaj and Damjan Ekert and Jakub Stolfa and Svatopluk Stolfa and Georg Macher and Richard Messnarz",

note = "Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 ? 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385)-www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use that may be made of the information it contains. We are grateful to the EuroSPI community and conference series (www.eurospi.net) for sharing experience since 1994 and the EU Project ECQA Certified Cybersecurity Engineer and Manager ? Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. This research has been supported by Grant of SGS No. SP2020/62, V?B-Technical University of Ostrava, Czech Republic. Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 – 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385) - www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use thatmay be made ofthe information it contains. Publisher Copyright: {\textcopyright} 2021, IICM. All rights reserved.",

year = "2021",

doi = "10.3897/JUCS.72367",

language = "English",

volume = "27",

pages = "830--849",

journal = "Journal of Universal Computer Science",

issn = "0948-695X",

publisher = "Verlag der Technischen Universit{\"a}t Graz",

number = "8",

}

TY - JOUR

T1 - Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems

T2 - A case study

AU - Dobaj, Jürgen

AU - Ekert, Damjan

AU - Stolfa, Jakub

AU - Stolfa, Svatopluk

AU - Macher, Georg

AU - Messnarz, Richard

N1 - Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 ? 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385)-www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use that may be made of the information it contains. We are grateful to the EuroSPI community and conference series (www.eurospi.net) for sharing experience since 1994 and the EU Project ECQA Certified Cybersecurity Engineer and Manager ? Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. This research has been supported by Grant of SGS No. SP2020/62, V?B-Technical University of Ostrava, Czech Republic. Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 – 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385) - www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use thatmay be made ofthe information it contains. Publisher Copyright: © 2021, IICM. All rights reserved.

PY - 2021

Y1 - 2021

N2 - Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

AB - Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

KW - Cybersecurity

KW - Design Patterns

KW - Risk Assessment

KW - Threat Modeling

KW - Validation

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=85115305884&partnerID=8YFLogxK

U2 - 10.3897/JUCS.72367

DO - 10.3897/JUCS.72367

M3 - Article

AN - SCOPUS:85115305884

SN - 0948-695X

VL - 27

SP - 830

EP - 849

JO - Journal of Universal Computer Science

JF - Journal of Universal Computer Science

IS - 8

ER -

Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Abstract

ASJC Scopus subject areas

Zugriff auf Dokument

Andere Dateien und Links

Fingerprint

Dieses zitieren