论文信息 - Detailed Analysis of Security Evaluation of Automotive Systems Based on JASO TP15002

Detailed Analysis of Security Evaluation of Automotive Systems Based on JASO TP15002

In response to the recent Jeep hacking and recalls based on information security vulnerability in 2015, the significance of secure system design has become increasingly important in the automotive industry. From this perspective, security guidelines such as JASO TP 15002 and SAE J3061 have been published. To realize future connected-car systems or the future autonomous driving in line with these guidelines, many automotive Original Equipment Manufacturers (OEMs) and their major suppliers are now developing key components such as central gateways (CGW), telematics, or end Electronic Control Units (ECUs), with theses security concerns in mind. In this paper, we focus on a security evaluation that consists of model definition, threat identification, and the risk analysis in JASO TP 15002. To do so we first identify gaps between an understanding of JASO TP15002 and implementation of secure system design based on it. We then present a detailed analysis which includes new methods to fill this gap using illustrative examples such as CGW. As a result, we provide a solution with an improvement in terms of work efficiency over typical methods according to the JASO TP 15002.

Hirotaka Yoshida | Hideaki Nishihara | Yasuyuki Kawanishi | Daisuke Souma

[1] David Watson,et al. The Case for Modeling Security, Privacy, Usability and Reliability (SPUR) in Automotive Software , 2006, ASWSD.

[2] Matti Valovirta,et al. Experimental Security Analysis of a Modern Automobile , 2011 .

[3] C. Manifavas,et al. Software Security, Privacy, and Dependability: Metrics and Measurement , 2016, IEEE Software.

[4] Jan Trobitius,et al. Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[5] Donald Firesmith,et al. Common Concepts Underlying Safety, Security, and Survivability Engineering , 2003 .

[6] Ludovic Apvrille,et al. Security requirements for automotive on-board networks , 2009, 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST).

[7] James Stevens,et al. Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process , 2007 .

[8] Carl E. Landwehr,et al. Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[9] Christoph Schmittner,et al. Towards a Framework for Alignment Between Automotive Safety and Security Standards , 2014, SAFECOMP Workshops.

[10] Nancy G. Leveson,et al. Safeware: System Safety and Computers , 1995 .