已入深夜,您辛苦了!由于当前在线用户较少,发布求助请尽量完整地填写文献信息,科研通机器人24小时在线,伴您度过漫漫科研夜!祝你早点完成任务,早点休息,好梦!

Combining Cyber Security Intelligence to Refine Automotive Cyber Threats

计算机安全 计算机科学 汽车工业 网络攻击 工程类 航空航天工程
作者
Florian Sommer,Mona Gierl,Reiner Kriesten,Frank Kargl,Eric Sax
出处
期刊:ACM transactions on privacy and security [Association for Computing Machinery]
卷期号:27 (2): 1-34 被引量:1
标识
DOI:10.1145/3644075
摘要

Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as in UN R155, are still abstract, this creates a risk that potential vulnerabilities are overlooked and the vehicle is not secured against them. So far, there is no common understanding of the relationship of automotive attacks, the concrete vulnerabilities they exploit, and security mechanisms that would protect the system against these attacks. In this article, we aim at closing this gap by creating a mapping between UN R155, Microsoft STRIDE classification, Common Attack Pattern Enumeration and Classification (CAPEC), and Common Weakness Enumeration (CWE). In this way, already existing detailed knowledge of attacks, vulnerabilities, and mitigations is combined and linked to the automotive domain. In practice, this refines the list of UN R155 threats and therefore supports vehicle manufacturers, suppliers, and approval authorities to meet and assess the requirements for vehicle development in terms of cybersecurity. Overall, 204 mappings between UN threats, STRIDE, CAPEC attack patterns, and CWE weaknesses were created. We validated these mappings by applying our Automotive Attack Database (AAD) that consists of 361 real-world attacks on vehicles. Furthermore, 25 additional attack patterns were defined based on automotive-related attacks.

科研通智能强力驱动
Strongly Powered by AbleSci AI
科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
着急毕业的干饭人完成签到,获得积分10
1秒前
1秒前
香蕉觅云应助KK采纳,获得10
1秒前
水滴发布了新的文献求助30
2秒前
3秒前
852应助今年还能发文章吗采纳,获得10
3秒前
4秒前
愉快的真发布了新的文献求助10
5秒前
5秒前
华仔应助CLW采纳,获得10
6秒前
111完成签到,获得积分10
7秒前
8秒前
8秒前
9秒前
123完成签到,获得积分10
9秒前
gao完成签到,获得积分10
10秒前
夏花般灿烂完成签到,获得积分10
11秒前
11秒前
愉快的真发布了新的文献求助10
12秒前
13秒前
14秒前
18秒前
19秒前
20秒前
20秒前
21秒前
21秒前
典雅发箍完成签到 ,获得积分10
21秒前
22秒前
KANEKI发布了新的文献求助10
23秒前
Sean完成签到,获得积分10
24秒前
snowman发布了新的文献求助10
25秒前
爆米花应助Focus采纳,获得10
25秒前
26秒前
27秒前
不安的斑马完成签到,获得积分10
27秒前
HHHH发布了新的文献求助10
27秒前
29秒前
CipherSage应助zclzclzcl采纳,获得20
29秒前
愉快的真发布了新的文献求助10
29秒前
高分求助中
Principles of Economics, 11th Edition 10000
University Physics with Modern Physics, 16th edition 10000
(应助此贴封号)【重要!!请各用户(尤其是新用户)详细阅读】【科研通的精品贴汇总】 10000
Molecular Mechanisms of Photosynthesis, 4th Edition 1000
Organic Reactions, Volume 116 1000
Current concepts in cutaneous toxicity : proceedings of the Fourth Conference on Cutaneous Toxicity, Washington, D.C., May 9-11, 1979 1000
The recovery-stress questionnaires : user manual 600
热门求助领域 (近24小时)
化学 材料科学 医学 生物 纳米技术 工程类 有机化学 化学工程 生物化学 计算机科学 内科学 物理 复合材料 催化作用 细胞生物学 无机化学 光电子学 物理化学 电极 基因
热门帖子
关注 科研通微信公众号,转发送积分 7257223
求助须知:如何正确求助?哪些是违规求助? 8879203
关于积分的说明 18755520
捐赠科研通 6937518
什么是DOI,文献DOI怎么找? 3200999
关于科研通互助平台的介绍 2375073
邀请新用户注册赠送积分活动 2176736