Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Khan, Ahmed; Bryans, Jeremy; Sabaliauskaitė, Giedrė

doi:10.1007/978-3-031-16815-4_14

Use this url to cite publication: https://cris.mruni.eu/cris/handle/007/49002

Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Type of publication

Straipsnis konferencijos medžiagoje Web of Science duomenų bazėje / Article in conference proceedings in Web of Science database (P1a1)

Author(s)

Author	Affiliation
Khan, Ahmed

Title

Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

[en]

Publisher

Cham : Springer International Publishing

Publisher (trusted)

Springer

Date Issued

Date
2022

Extent

p. 235-247

Is part of

Applied Cryptography and Network Security Workshops : ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA, Rome, Italy, June 20–23, 2022 : Proceedings.

Series/Report no.

Lecture Notes in Computer Science (LNCS); vol. 13285

Description

Included in the following conference series: International Conference on Applied Cryptography and Network Security.

Field of Science

Informatikos inžineri...

Keywords

Attack tree

Cybersecurity

Flow graph

ISO/SAE 21434

Residual risk

Risk management frame...

Abstract

Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.

Is Referenced by

Conference Proceedings Citation Index - Science (Web of Science)

Scopus

Type of document

text::periodical::journal::contribution to journal::journal article::research article

ISBN (of the container)

9783031168147

ISSN (of the container)

0302-9743

1611-3349

DOI

10.1007/978-3-031-16815-4_14

eLABa

216577605

Coverage Spatial

Vokietija / Germany (DE)

Language

Anglų / English (en)

URI

URI
https://cris.mruni.eu/cris/handle/007/49002

Bibliographic Details

27

Date Reporting

2022

Journal	Cite Score	SNIP	SJR	Year	Quartile
Lecture Notes in Computer Science	2.2	0.542	0.32	2022	Q3