The increasing complexity of automotive systems necessitates robust security measures to protect against potential threats. ISO/ SAE 21434 mandates that Threat Analysis and Risk Assessment (TARA) is performed during the concept phase. However, cybersecurity must be maintained throughout the entire product lifecycle, including production, operation, maintenance, and decommissioning. Consequently, the TARA will be continuously updated with each newly detected vulnerability. Therefore, new vehicle engineering requires strategies to optimize the development of vehicle-level TARAs, which then serve as the initial TARA reference. This study focuses on a multi-layer, non-project-based TARA strategy for the development of future vehicles. Such reference TARA will rely on catalogs based on the most recent TARA updates. Our TARA approach focuses on dividing the architecture into layers based on attack steps to ensure the identification and mitigation of potential security threats in automotive systems. The attacks are also classified in a manner that links them to architecture and assets. Therefore, a generic non-project template was created using a TARA-specific tool, designed to be the initial TARA for the development of every new vehicle.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Multi-layer Non-project-Based TARA

  • Akshath Kumar,
  • Joaquim Maria Castella Triginer,
  • Nadja Marko,
  • Gerald Mayr,
  • Klaus Kainrath,
  • Fatih Copuroglu

摘要

The increasing complexity of automotive systems necessitates robust security measures to protect against potential threats. ISO/ SAE 21434 mandates that Threat Analysis and Risk Assessment (TARA) is performed during the concept phase. However, cybersecurity must be maintained throughout the entire product lifecycle, including production, operation, maintenance, and decommissioning. Consequently, the TARA will be continuously updated with each newly detected vulnerability. Therefore, new vehicle engineering requires strategies to optimize the development of vehicle-level TARAs, which then serve as the initial TARA reference. This study focuses on a multi-layer, non-project-based TARA strategy for the development of future vehicles. Such reference TARA will rely on catalogs based on the most recent TARA updates. Our TARA approach focuses on dividing the architecture into layers based on attack steps to ensure the identification and mitigation of potential security threats in automotive systems. The attacks are also classified in a manner that links them to architecture and assets. Therefore, a generic non-project template was created using a TARA-specific tool, designed to be the initial TARA for the development of every new vehicle.