eduzhai > Applied Sciences > Engineering >

An STPA-based Approach for Systematic Security Analysis of In-vehicle Diagnostic and Software Update Systems

  • Save

... pages left unread,continue reading

Document pages: 6 pages

Abstract: The in-vehicle diagnostic and software update system, which supports remotediagnostic and Over-The-Air (OTA) software updates, is a critical attack goalin automobiles. Adversaries can inject malicious software into vehicles orsteal sensitive information through communication channels. Therefore, securityanalysis, which identifies potential security issues, needs to be conducted insystem design. However, existing security analyses of in-vehicle systems arethreat-oriented, which start with threat identification and assess risks bybrainstorming. In this paper, a system-oriented approach is proposed on thebasis of the System-Theoretic Process Analysis (STPA). The proposed approachextends the original STPA from the perspective of data flows and is applicablefor information-flow-based systems. Besides, we propose a general model forin-vehicle diagnostic and software update systems and use it to establish asecurity analysis guideline. In comparison with threat-oriented approaches, theproposed approach shifts from focusing on threats to system vulnerabilities andseems to be efficient to prevent the system from known or even unknown threats.Furthermore, as an extension of the STPA, which has been proven to beapplicable to high level designs, the proposed approach can be well integratedinto high-level analyses and perform co-design in different disciplines withina unified STPA framework.

Please select stars to rate!

         

0 comments Sign in to leave a comment.

    Data loading, please wait...
×