Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Jürgen Dobaj; Damjan Ekert; Jakub Stolfa; Svatopluk Stolfa; Georg Macher; Richard Messnarz

doi:10.3897/JUCS.72367

Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Jürgen Dobaj, Damjan Ekert, Jakub Stolfa, Svatopluk Stolfa, Georg Macher, Richard Messnarz

Institute of Technical Informatics (4480)

Research output: Contribution to journal › Article › peer-review

Abstract

Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

Original language	English
Pages (from-to)	830-849
Number of pages	20
Journal	Journal of Universal Computer Science
Volume	27
Issue number	8
DOIs	https://doi.org/10.3897/JUCS.72367
Publication status	Published - 2021

Keywords

Cybersecurity
Design Patterns
Risk Assessment
Threat Modeling
Validation
Verification

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.3897/JUCS.72367

Cite this

@article{9a6edc5e331c4ee299eb4378471f8695,

title = "Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study",

abstract = "Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.",

keywords = "Cybersecurity, Design Patterns, Risk Assessment, Threat Modeling, Validation, Verification",

author = "J{\"u}rgen Dobaj and Damjan Ekert and Jakub Stolfa and Svatopluk Stolfa and Georg Macher and Richard Messnarz",

note = "Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 ? 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385)-www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use that may be made of the information it contains. We are grateful to the EuroSPI community and conference series (www.eurospi.net) for sharing experience since 1994 and the EU Project ECQA Certified Cybersecurity Engineer and Manager ? Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. This research has been supported by Grant of SGS No. SP2020/62, V?B-Technical University of Ostrava, Czech Republic. Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 – 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385) - www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use thatmay be made ofthe information it contains. Publisher Copyright: {\textcopyright} 2021, IICM. All rights reserved.",

year = "2021",

doi = "10.3897/JUCS.72367",

language = "English",

volume = "27",

pages = "830--849",

journal = "Journal of Universal Computer Science ",

issn = "0948-695X",

publisher = "Verlag der Technischen Universit{\"a}t Graz",

number = "8",

}

TY - JOUR

T1 - Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems

T2 - A case study

AU - Dobaj, Jürgen

AU - Ekert, Damjan

AU - Stolfa, Jakub

AU - Stolfa, Svatopluk

AU - Macher, Georg

AU - Messnarz, Richard

N1 - Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 ? 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385)-www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use that may be made of the information it contains. We are grateful to the EuroSPI community and conference series (www.eurospi.net) for sharing experience since 1994 and the EU Project ECQA Certified Cybersecurity Engineer and Manager ? Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. This research has been supported by Grant of SGS No. SP2020/62, V?B-Technical University of Ostrava, Czech Republic. Funding Information: This project has received funding from the BLUEPRINT project DRIVES (2018 – 2021) under grant agreement No 591988-EPP-1-2017-1-CZ-EPPKA2-SSA-B and from the H2020 project TEACHING (n. 871385) - www.teaching-h2020.eu. The publication reflects only the author's view and that the funding agency is not responsible for any use thatmay be made ofthe information it contains. Publisher Copyright: © 2021, IICM. All rights reserved.

PY - 2021

Y1 - 2021

N2 - Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

AB - Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.

KW - Cybersecurity

KW - Design Patterns

KW - Risk Assessment

KW - Threat Modeling

KW - Validation

KW - Verification

UR - http://www.scopus.com/inward/record.url?scp=85115305884&partnerID=8YFLogxK

U2 - 10.3897/JUCS.72367

DO - 10.3897/JUCS.72367

M3 - Article

AN - SCOPUS:85115305884

SN - 0948-695X

VL - 27

SP - 830

EP - 849

JO - Journal of Universal Computer Science

JF - Journal of Universal Computer Science

IS - 8

ER -

Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: A case study

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this