Threat Modeling and Attack Simulations of Connected Vehicles: A Research Outlook

Wenjun Xiong, Fredrik Krantz, Robert Lagerström

Abstract

Modern vehicles are dependent on software, and are often connected to the Internet or other external services, which makes them vulnerable to various attacks. To improve security for Internet facing systems, holistic threat modeling is becoming a common way to proactively make decisions and design for security. One approach that has not been commonly implemented is to enhance the threat models with probabilistic attack simulations. That is, incorporating security intelligence, attack types, vulnerabilities, and countermeasures to get objective security metrics and risk assessments. This combination has been shown efficient in other disciplines, e.g. energy and banking. However, it has so far been fairly unexplored in the vehicle domain. This position paper reviews previous research in the field, and implements a vehicle threat model using a tool called securiCAD, based on which future research requirements for connected vehicle attack simulations are also derived. The main findings are: 1) not much work has been done in the combined area of connected vehicles and threat modeling with attack simulations, 2) initial tests show that the approach is useful, 3) more research in vehicle specific attacks and countermeasures is needed in order to provide more accurate simulation results, and 4) a more tailored metamodel is needed for the vehicle domain.

Download


Paper Citation


in Harvard Style

Xiong W., Krantz F. and Lagerström R. (2019). Threat Modeling and Attack Simulations of Connected Vehicles: A Research Outlook.In Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-359-9, pages 479-486. DOI: 10.5220/0007412104790486


in Bibtex Style

@conference{icissp19,
author={Wenjun Xiong and Fredrik Krantz and Robert Lagerström},
title={Threat Modeling and Attack Simulations of Connected Vehicles: A Research Outlook},
booktitle={Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2019},
pages={479-486},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007412104790486},
isbn={978-989-758-359-9},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Threat Modeling and Attack Simulations of Connected Vehicles: A Research Outlook
SN - 978-989-758-359-9
AU - Xiong W.
AU - Krantz F.
AU - Lagerström R.
PY - 2019
SP - 479
EP - 486
DO - 10.5220/0007412104790486