Attack Analysis Methodologies
Typ
Examensarbete för masterexamen
Program
Publicerad
2019
Författare
Reza Esmaeili, Seyed
Soltani Esterabadi, Afshin
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
new, hi-tech, automated devices entered our lives, a tendency of moving from the
disjointed nature of objects to a more interconnected world has emerged. Although
such need of interconnection was originated in the IT industry and with the Internet
of Things (IoT), automotive industry was also affected by such a trend. Connected,
electric, highly-automated and autonomous vehicles are making their way into our
lives. As a result of this paradigm shift, new security challenges are introduced in
the automotive industry.
Vehicles are comprised of tens or sometimes a hundred of computers, also known as
Electronic Control Units (ECUs) that need to communicate and be interconnected
in order for the vehicle to function properly. Protecting vehicles from potential
threats and attacks that may compromise the security and consequently the safety
of both the vehicle and the passenger is of great importance. Hence, a comprehensible
attack analysis methodology is needed to model the possible attacks in vehicles.
Attack analysis is part of the risk assessment process. To have an accurate risk
analysis, two factors are needed: first, the impact of an attack vector, which is not
the subject of this thesis, and second, the feasibility of an attack path which is what
we address as a part of our thesis using the nominated attack analysis methodology.
In this thesis, we investigate existing methodologies for modelling attacks and try
to nominate one that is most suitable for the automotive industry. This judgement
is based on a list of criteria that are collected either through surveying previous
related works or through interviewing industrial and academic experts. Once the
methodology is nominated, we introduce a method for calculating the feasibility
of different possible attack paths using the proposed methodology. Finally, we use
some use cases by means of which we demonstrate how our nominated method can
be used to model attacks against some assets and how the feasibility of each attack
vector can be calculated for the use cases.
Beskrivning
Ämne/nyckelord
Automotive , Cybersecurity , Cyberattack , Attack surface , Attack analysis , Risk assessment , Threat analysis , Attack feasibility , Attack potentials.