Combining safety and security threat modeling to improve automotive penetration testing

Thumbnail Image

Files

Thesis_MW_Oparu.pdf (3.06 MB)

Date

2019-04-03

Authors

Journal Title

Journal ISSN

Volume Title

Publication Type

Abschlussarbeit (Master; Diplom)

DOI

http://dx.doi.org/10.18725/OPARU-13062

Published in

Abstract

Newer technologies like connectivity and autonomy in the automotive sector increases the need for stronger security and for its evaluation penetration tests. In order to focus the tests first on the most critical possible vulnerabilities, threat modeling with a ranking of the risk level is mandatory. Because lives depend on the security of the vehicle, both safety and security aspects should be included into this threat model. Furthermore, the usage of a tool is required, which helps and automates some parts of the process, so the time effort is reduced and the acceptance of the methodology increased. Up to our knowledge no such holistic methodology exists, therefore we have created the CVSIL threat methodology. It combines the outcome of a Hazard Analysis and Risk Assessment (HARA) with results from using Microsofts’ Threat Modeling Tool 2016 and our own application, the TMTe4PT. With our proposed novel solution, after the faults have been mapped to the threats, the Collateral Damage Potential metric can be derived from the HARA, and so the CVSS overall score can be calculated and used as risk level. Additionally, we have introduced another score for the ranking, the Security-ASIL, which consists of elements from the security and safety analysis. For the evaluation, we have illustrated a hypothetical Adaptive Cruise Control (ACC) system and analyzed it with our model and tool. These findings were compared to those from expert interviews and the problems discussed. Based on our results, the CVSIL methodology in its current state does not provide a better distinction and therefore a better ranking between the threats violating the safety. The contribution of this thesis is the evaluation of existing threat methodologies, public threat modeling tools and our own CVSIL methodology. Furthermore we provide a hypothetical ACC system with system architecture and component definitions. For this system, the results of a shortened HARA and threat analysis are released. Additionally, our tool the TMTe4PT will be made open source.

Description

Faculties

Fakultät für Ingenieurwissenschaften, Informatik und Psychologie

Institutions

Institut fĂĽr Verteilte Systeme

Citation

DFG Project uulm

License

CC BY 4.0 International
http://creativecommons.org/licenses/by/4.0/

Keywords

Threat Modeling, CVSS, HARA, ASIL, Straßenverkehrsgefährdung, Penetrationstest, Unfallverhütung, Thread, Penetration testing (Computer security), DDC 004 / Data processing & computer science