TRADE - Threat and Risk Assessment for Automotive Distributed Engineering

Automotive development is a highly distributed process with many organizations involved within a company and along the supply chain. Full information sharing between these organizations is not desirable, as it causes exploding complexity. Between companies, disclosure of too much of the organizations’ intellectual property presents another issue. However, security threat and risk assessment (TARA) requires a holistic view to cover all potential attack vectors. Thus, we propose a method for involved organizations to perform partial assessments within their own scope and an interface between the organizations to share required information, such as selected parts of system models, asset definitions, and condensed attack trees. Furthermore, we provide guidance to define engineering scopes and responsibilities as well as how to integrate the partial assessments into a consolidated risk assessment. We demonstrate our approach on an exemplary automotive engineering Alexscenario.

Metadaten
Author:	Alexander Kiening ORCiD GND, Daniel Angermeier ORCiD GND
URN:	urn:nbn:de:hbz:294-83557
DOI:	https://doi.org/10.13154/294-8355
Parent Title (English):	19\(^{th}\) escar Europe : The World's Leading Automotive Cyber Security Conference (Konferenzveröffentlichung)
Document Type:	Part of a Book
Language:	English
Date of Publication (online):	2021/09/29
Date of first Publication:	2021/09/29
Publishing Institution:	Ruhr-Universität Bochum, Universitätsbibliothek
Tag:	Distributed; Interface; Security Engineering; TARA; Threat Analysis and Risk Assessment; automotive
First Page:	116
Last Page:	130
Dewey Decimal Classification:	Allgemeines, Informatik, Informationswissenschaft / Informatik
open_access (DINI-Set):	open_access
Konferenz-/Sammelbände:	19th escar Europe : The World's Leading Automotive Cyber Security Conference
Licence (German):	Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht

RUB » Bibliotheksportal