Identification and Verification of Attack-Tree Threat Models in Connected Vehicles

Masoud Ebrahimi, Christoph Striessnig, Joaquim Castella Triginer, Christoph Schmittner

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review


As a result of the ever-increasing application of cyber-physical components in the automotive industry, cybersecurity has become an urgent topic. Adapting technologies and communication protocols like Ethernet and WiFi in connected vehicles yields many attack scenarios. Consequently, ISO/SAE 21434 and UN R155 (2021) define a standard and regulatory framework for automotive cybersecurity. Both documents follow a risk management-based approach and require a threat modeling methodology for risk analysis and identification. Such a threat modeling methodology must conform to the Threat Analysis and Risk Assessment (TARA) framework of ISO/SAE 21434. Conversely, existing threat modeling methods enumerate isolated threats disregarding the vehicle's design and connections. Consequently, they neglect the role of attack paths from a vehicle's interfaces to its assets. In other words, they are missing the TARA work products, e.g., attack paths compromising assets or feasibility and impact ratings. We propose a threat modeling methodology to construct attack paths by identifying, sequencing, and connecting vulnerabilities from a valid attack surface to an asset. Initially, we transform cybersecurity guidelines to attack trees, and then we use their formal interpretations to assess the vehicle's design. This workflow yields compositional construction of attack paths along with the required TARA work products (e.g., attack paths, feasibility, and impact). More importantly, we can apply the workflow iteratively in the context of connected vehicles to ensure design conformity, privacy, and cybersecurity. Finally, to show the complexity and the importance of preemptive threat identification and risk analysis in the automotive industry, we evaluate the presented model-based approach in a connected vehicle testing platform, SPIDER.
Original languageEnglish
Title of host publicationSAE 2022 Intelligent and Connected Vehicles Symposium
PublisherSAE Technical Paper
Number of pages17
Publication statusPublished - 22 Dec 2022
EventSAE 2022 Intelligent and Connected Vehicles Symposium - Shanghai, Virtuell, China
Duration: 22 Sept 202223 Sept 2022


ConferenceSAE 2022 Intelligent and Connected Vehicles Symposium


  • cs.CR


Dive into the research topics of 'Identification and Verification of Attack-Tree Threat Models in Connected Vehicles'. Together they form a unique fingerprint.

Cite this