Skip to main content

Asset Driven ISO/SAE 21434 Compliant Automotive Cybersecurity Analysis with ThreatGet

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2021)

Abstract

With the trend towards connectivity and automation in the automotive domain, automotive cybersecurity and the protection against cyber attacks is increasingly important. This is mirrored in the upcoming regulation on cybersecurity for UNECE Type Approval. Therefore a structured and systematic approach to automotive cybersecurity risk management is needed.

Risk management in general focuses on, What to protect and How could it be damaged. The combination of these allows to identify and rate existing cybersecurity risks and enables further steps of risk management. Risk management in the automotive domain will be based on an international standard that is currently developed. The draft of ISO/SAE 21434 was published in 2020 and the publication of the final version is expected in 2021.

This standard does not describe a strict risk management approach but rather defines a framework of activities which need to be conducted, without specifying a process or methods. It is therefore important to investigate existing approaches, consider the guidance in standards and regulation and apply and evaluate resulting processes and methods.

We report here experiences collected during the application of an asset driven automotive cybersecurity analysis with the Tool ThreatGet which is compliant with ISO/SAE 21434. The considered use cases for this application is a gateway and communication ECU developed by TTControl.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://www.threatget.com/.

References

  1. Common Methodology for Information Technology Security Evaluation - Evaluation methodology, September 2012

    Google Scholar 

  2. 32, I.S.: ISO 26262-1:2018 road vehicles—functional safety. International Organization for Standardization (2018)

    Google Scholar 

  3. 32, I.S.: ISO/SAE FDIS 21434: Road vehicles – cybersecurity engineering. International Organization for Standardization, SAE International (2020)

    Google Scholar 

  4. Breuing, H., Heil, L., Vierling, B.: It security for the entire automotive ecosystem. ATZelectronics Worldwide 14(7), 60–63 (2019)

    Article  Google Scholar 

  5. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, Black Hat 2015, August 2015

    Google Scholar 

  6. Cho, K., Bae, C., Chu, Y., Suh, M.: Overview of telematics: a system architecture approach. Int. J. Automot. Technol. 7(4), 509–517 (2006)

    Google Scholar 

  7. Committee, SVESS, et al.: SAE j3061-cybersecurity guidebook for cyber-physical automotive systems. SAE-Society of Automotive Engineers (2016)

    Google Scholar 

  8. Consortium, H.: Tailoring the heavens risk assessment methodology for improved performance, March 2018

    Google Scholar 

  9. Eckermann, E.: World history of the automobile. SAE (2001)

    Google Scholar 

  10. Henniger, O., Ruddle, A., Seudié, H., Weyl, B., Wolf, M., Wollinger, T.: Securing vehicular on-board it systems: the Evita project. In: VDI/VW Automotive Security Conference, p. 41 (2009)

    Google Scholar 

  11. Islam, M.M., Lautenbach, A., Sandberg, C., Olovsson, T.: A risk assessment framework for automotive embedded systems. In: Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, pp. 3–14 (2016)

    Google Scholar 

  12. Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: A review of threat analysis and risk assessment methods in the automotive context. In: Skavhaug, A., Guiochet, J., Bitsch, F. (eds.) SAFECOMP 2016. LNCS, vol. 9922, pp. 130–141. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45477-1_11

    Chapter  Google Scholar 

  13. Macher, G., Sporer, H., Berlach, R., Armengaud, E., Kreiner, C.: Sahara: a security-aware hazard and risk analysis method. In: 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 621–624. IEEE (2015)

    Google Scholar 

  14. Mürling, M.W.: Security by design: new “threatget” tool tests cyber security in vehicles and systems (2021). https://www.ait.ac.at/news-events/single-view/detail/6743?cHash=b6d28cc455fff1a63b7a25530dd6b00b

  15. Rass, S., König, S., Schauer, S.: Defending against advanced persistent threats using game-theory. PLoS ONE 12(1), e0168675 (2017)

    Google Scholar 

  16. Rivett, R.S.: Hazard identification and classification: ISO26262-the application of IEC61505 to the automotive sector. In: 2009 5th IET Seminar on SIL Determination, pp. 1–24. IET (2009)

    Google Scholar 

  17. Schmittner, C., Chlup, S., Fellner, A., Macher, G., Brenner, E.: ThreatGet: threat modeling based approach for automated and connected vehicle systems. In: AmE 2020-Automotive meets Electronics; 11th GMM-Symposium, pp. 1–3. VDE (2020)

    Google Scholar 

  18. Schmittner, C., Dobaj, J., Macher, G., Brenner, E.: A preliminary view on automotive cyber security management systems. In: 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1634–1639. IEEE (2020)

    Google Scholar 

  19. Schmittner, C., Griessnig, G., Ma, Z.: Status of the development of ISO/SAE 21434. In: Larrucea, X., Santamaria, I., O’Connor, R.V., Messnarz, R. (eds.) EuroSPI 2018. CCIS, vol. 896, pp. 504–513. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97925-0_43

    Chapter  Google Scholar 

  20. Schmittner, C., Ma, Z., Smith, P.: FMVEA for safety and security analysis of intelligent and cooperative vehicles. In: Bondavalli, A., Ceccarelli, A., Ortmeier, F. (eds.) SAFECOMP 2014. LNCS, vol. 8696, pp. 282–288. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10557-4_31

    Chapter  Google Scholar 

  21. BM Service: Bosch presents the history of the car key, June 2019. https://www.bosch-presse.de/pressportal/de/en/bosch-presents-the-history-of-the-car-key-191680.html

  22. Shostack, A.: Experiences threat modeling at Microsoft. MODSEC@ MoDELS 2008 (2008)

    Google Scholar 

Download references

Acknowledgement

This project has received funding from the ECSEL Joint Undertaking (JU) under grant agreement No 783221 (AFarCloud). The JU receives support from the European Union’s Horizon 2020 research and innovation programme and Austria, Belgium, Czech Republic, Finland, Germany, Greece, Italy, Latvia, Norway, Poland, Portugal, Spain, Sweden. Parts of this work were funded by the Austrian Research Promotion Agency (FFG) and BMK (Austrian Federal Ministry for Climate Action, Environment, Energy, Mobility, Innovation and Technology).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Christoph Schmittner .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Schmittner, C., Schrammel, B., König, S. (2021). Asset Driven ISO/SAE 21434 Compliant Automotive Cybersecurity Analysis with ThreatGet. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds) Systems, Software and Services Process Improvement. EuroSPI 2021. Communications in Computer and Information Science, vol 1442. Springer, Cham. https://doi.org/10.1007/978-3-030-85521-5_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-85521-5_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-85520-8

  • Online ISBN: 978-3-030-85521-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics