Skip to main content

A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context

  • Conference paper
  • First Online:
Computer Safety, Reliability, and Security (SAFECOMP 2016)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9922))

Included in the following conference series:

Abstract

Consumer demands for advanced automotive assistant systems and connectivity of cars to the internet make cyber-security an important requirement for vehicle providers. As vehicle providers gear up for the cyber security challenges, they can leverage experiences from many other domains, but nevertheless, must face several unique challenges. Thus, several security standards are well established and do not need to be created from scratch. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides information and high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems.

In the course of this document, a review of available threat analysis methods and the recommendations of the SAE J3061 guidebook regarding threat analysis and risk assessment method (TARA) is given. The aim of this work is to provide a position statement for the discussion of available analysis methods and their applicability for early development phases in context of ISO 26262 and SAE J3061.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.artemis-emc2.eu/.

  2. 2.

    http://www.soqrates.de/.

References

  1. Ebert, C., Jones, C.: Embedded software: facts, figures, and future. IEEE Comput. Soc. 09, 42–52 (2009). ISSN: 0018–9162

    Article  Google Scholar 

  2. ISO - International Organization for Standardization. IEC 61508 functional safety of electrical/electronic/programmable electronic safety-related systems

    Google Scholar 

  3. ISO - International Organization for Standardization. IEC 60812 analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA) (2006)

    Google Scholar 

  4. ISO - International Organization for Standardization. IEC 61025 fault tree analysis (FTA), December 2006

    Google Scholar 

  5. ISO - International Organization for Standardization. IEC 62443 - industrial communication networks. Network and system security (2009)

    Google Scholar 

  6. ISO - International Organization for Standardization. ISO 26262 road vehicles functional safety part 1–10 (2011)

    Google Scholar 

  7. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: SAHARA: a security-aware hazard and risk analysis method. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 621–624, March 2015

    Google Scholar 

  8. Microsoft Corporation. The STRIDE Threat Model (2005)

    Google Scholar 

  9. Miller, M.: The Internet of Things: How Smart TVs, Smart Cars, Smart Homes, and Smart Cities are Changing the World. Que, Indianapolis (2015)

    Google Scholar 

  10. National Highway Traffic Safety Administration. Characterization of Potential Security Threats in Modern Automobiles - A Composite Modeling Approach, October 2014

    Google Scholar 

  11. Petschnigg, C., Deutschmann, M., Osterhues, A., Steden, L., Botta, S., Krasikau, M., Tverdyshev, S., Diemer, J., Ahrendts, L., Thiele, D., Bernardeschi, C., Natale, M.D., Dini, G., Sun, Y.: D2.1 architecture models and patterns for safety and security (alpha). Report ICT-644080-D2.1, SAFURE Project Partners, February 2016

    Google Scholar 

  12. Sapiro, B.: Binary Risk Analysis. Creative Commons License. 1st edn

    Google Scholar 

  13. Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)

    Google Scholar 

  14. Sentilles, S., Štěpán, P., Carlson, J., Crnković, I.: Integration of extra-functional properties in component models. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 173–190. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Vehicle Electrical System Security Committee. SAE J3061 Cybersecurity Guidebook for Cyber-Physical Automotive Systems

    Google Scholar 

Download references

Acknowledgments

This work is supported by the \(EMC^2\) project. The research leading to these results has received funding from the ARTEMIS Joint Undertaking under grant agreement nr 621429 (project \(EMC^2\)).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Georg Macher .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Macher, G., Armengaud, E., Brenner, E., Kreiner, C. (2016). A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2016. Lecture Notes in Computer Science(), vol 9922. Springer, Cham. https://doi.org/10.1007/978-3-319-45477-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45477-1_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45476-4

  • Online ISBN: 978-3-319-45477-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics