In the realm of automotive cybersecurity, Threat Analysis and Risk Assessment (TARA) methodologies are pivotal in evaluating the risks associated with Electronic Control Units (ECUs). Traditional TARA approaches primarily focus on the technical feasibility of attacks, often overlooking the motivational factors that drive attackers. This paper proposes the integration of a “motivational” factor into the calculation of the Attack Feasibility Level (AFL) to enhance the realism and accuracy of risk assessments. By incorporating motivational aspects, such as the perceived value and potential benefits of attacking specific ECUs, the revised AFL calculation aims to provide a more nuanced picture of cybersecurity risks. This approach acknowledges that ECUs with higher perceived value to attackers are more likely to be targeted, even if they present similar technical challenges as less valuable ECUs. The proposed model is validated through AFL calculations on exemplary ECUs, demonstrating its effectiveness in prioritizing cybersecurity efforts and resource allocation based on a more comprehensive understanding of attack likelihood. This enhancement to TARA methodologies promises to improve the robustness of automotive cybersecurity strategies, ensuring better protection against increasingly sophisticated threats.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Enhancing Automotive TARA: The Role of Attacker Motivation in Attack Feasibility Levels

  • Thomas Faschang,
  • Omar Veledar,
  • Georg Macher

摘要

In the realm of automotive cybersecurity, Threat Analysis and Risk Assessment (TARA) methodologies are pivotal in evaluating the risks associated with Electronic Control Units (ECUs). Traditional TARA approaches primarily focus on the technical feasibility of attacks, often overlooking the motivational factors that drive attackers. This paper proposes the integration of a “motivational” factor into the calculation of the Attack Feasibility Level (AFL) to enhance the realism and accuracy of risk assessments. By incorporating motivational aspects, such as the perceived value and potential benefits of attacking specific ECUs, the revised AFL calculation aims to provide a more nuanced picture of cybersecurity risks. This approach acknowledges that ECUs with higher perceived value to attackers are more likely to be targeted, even if they present similar technical challenges as less valuable ECUs. The proposed model is validated through AFL calculations on exemplary ECUs, demonstrating its effectiveness in prioritizing cybersecurity efforts and resource allocation based on a more comprehensive understanding of attack likelihood. This enhancement to TARA methodologies promises to improve the robustness of automotive cybersecurity strategies, ensuring better protection against increasingly sophisticated threats.