Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Ahmed Khan; Jeremy Bryans; Giedre Sabaliauskaite

doi:10.1007/978-3-031-16815-4_14

Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Ahmed Khan, Jeremy Bryans, Giedre Sabaliauskaite

Centre for Future Transport and Cities

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

Abstract

Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.

Original language	English
Title of host publication	Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings
Editors	Jianying Zhou, Sridhar Adepu, Cristina Alcaraz, Lejla Batina, Emiliano Casalicchio, Sudipta Chattopadhyay, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Suryadipta Majumdar, Weizhi Meng, Stjepan Picek, Jun Shao, Chunhua Su, Cong Wang, Yury Zhauniarovich, Saman Zonouz
Publisher	Springer, Cham
Pages	235-247
Number of pages	13
ISBN (Electronic)	978-3-031-16815-4
ISBN (Print)	978-3-031-16814-7
DOIs	https://doi.org/10.1007/978-3-031-16815-4_14
Publication status	Published - 24 Sept 2022
Event	International Conference on Applied Cryptography and Network Security, ACNS 2022: ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA - Rome, Italy Duration: 20 Jun 2022 → 23 Jun 2022 Conference number: 20 https://sites.google.com/di.uniroma1.it/acns2022

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13285 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Conference on Applied Cryptography and Network Security, ACNS 2022
Country/Territory	Italy
City	Rome
Period	20/06/22 → 23/06/22
Internet address	https://sites.google.com/di.uniroma1.it/acns2022

Bibliographical note

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Keywords

Attack tree
Cybersecurity
Flow graph
ISO/SAE 21434
Residual risk
Risk management framework

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-031-16815-4_14

Cite this

Khan, A., Bryans, J., & Sabaliauskaite, G. (2022). Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434. In J. Zhou, S. Adepu, C. Alcaraz, L. Batina, E. Casalicchio, S. Chattopadhyay, C. Jin, J. Lin, E. Losiouk, S. Majumdar, W. Meng, S. Picek, J. Shao, C. Su, C. Wang, Y. Zhauniarovich, & S. Zonouz (Eds.), Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings (pp. 235-247). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13285 LNCS). Springer, Cham . https://doi.org/10.1007/978-3-031-16815-4_14

Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434. / Khan, Ahmed ; Bryans, Jeremy ; Sabaliauskaite, Giedre.

Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. ed. / Jianying Zhou; Sridhar Adepu; Cristina Alcaraz; Lejla Batina; Emiliano Casalicchio; Sudipta Chattopadhyay; Chenglu Jin; Jingqiang Lin; Eleonora Losiouk; Suryadipta Majumdar; Weizhi Meng; Stjepan Picek; Jun Shao; Chunhua Su; Cong Wang; Yury Zhauniarovich; Saman Zonouz. Springer, Cham , 2022. p. 235-247 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13285 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

Khan, A , Bryans, J & Sabaliauskaite, G 2022, Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434. in J Zhou, S Adepu, C Alcaraz, L Batina, E Casalicchio, S Chattopadhyay, C Jin, J Lin, E Losiouk, S Majumdar, W Meng, S Picek, J Shao, C Su, C Wang, Y Zhauniarovich & S Zonouz (eds), Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13285 LNCS, Springer, Cham , pp. 235-247, International Conference on Applied Cryptography and Network Security, ACNS 2022, Rome, Italy, 20/06/22. https://doi.org/10.1007/978-3-031-16815-4_14

Khan A , Bryans J , Sabaliauskaite G. Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434. In Zhou J, Adepu S, Alcaraz C, Batina L, Casalicchio E, Chattopadhyay S, Jin C, Lin J, Losiouk E, Majumdar S, Meng W, Picek S, Shao J, Su C, Wang C, Zhauniarovich Y, Zonouz S, editors, Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. Springer, Cham . 2022. p. 235-247. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-16815-4_14

Khan, Ahmed ; Bryans, Jeremy ; Sabaliauskaite, Giedre. / Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434. Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings. editor / Jianying Zhou ; Sridhar Adepu ; Cristina Alcaraz ; Lejla Batina ; Emiliano Casalicchio ; Sudipta Chattopadhyay ; Chenglu Jin ; Jingqiang Lin ; Eleonora Losiouk ; Suryadipta Majumdar ; Weizhi Meng ; Stjepan Picek ; Jun Shao ; Chunhua Su ; Cong Wang ; Yury Zhauniarovich ; Saman Zonouz. Springer, Cham , 2022. pp. 235-247 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{96a35d215cc54ed586abf1dc22e5bf0e,

title = "Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434",

abstract = "Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.",

keywords = "Attack tree, Cybersecurity, Flow graph, ISO/SAE 21434, Residual risk, Risk management framework",

author = "Ahmed Khan and Jeremy Bryans and Giedre Sabaliauskaite",

note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.; International Conference on Applied Cryptography and Network Security, ACNS 2022 : ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA ; Conference date: 20-06-2022 Through 23-06-2022",

year = "2022",

month = sep,

day = "24",

doi = "10.1007/978-3-031-16815-4_14",

language = "English",

isbn = "978-3-031-16814-7",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer, Cham ",

pages = "235--247",

editor = "Jianying Zhou and Sridhar Adepu and Cristina Alcaraz and Lejla Batina and Emiliano Casalicchio and Sudipta Chattopadhyay and Chenglu Jin and Jingqiang Lin and Eleonora Losiouk and Suryadipta Majumdar and Weizhi Meng and Stjepan Picek and Jun Shao and Chunhua Su and Cong Wang and Yury Zhauniarovich and Saman Zonouz",

booktitle = "Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings",

address = "Switzerland",

url = "https://sites.google.com/di.uniroma1.it/acns2022",

}

TY - GEN

T1 - Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

AU - Khan, Ahmed

AU - Bryans, Jeremy

AU - Sabaliauskaite, Giedre

N1 - Conference code: 20

PY - 2022/9/24

Y1 - 2022/9/24

N2 - Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.

AB - Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.

KW - Attack tree

KW - Cybersecurity

KW - Flow graph

KW - ISO/SAE 21434

KW - Residual risk

KW - Risk management framework

UR - http://www.scopus.com/inward/record.url?scp=85140448868&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-16815-4_14

DO - 10.1007/978-3-031-16815-4_14

M3 - Conference proceeding

AN - SCOPUS:85140448868

SN - 978-3-031-16814-7

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 235

EP - 247

BT - Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings

A2 - Zhou, Jianying

A2 - Adepu, Sridhar

A2 - Alcaraz, Cristina

A2 - Batina, Lejla

A2 - Casalicchio, Emiliano

A2 - Chattopadhyay, Sudipta

A2 - Jin, Chenglu

A2 - Lin, Jingqiang

A2 - Losiouk, Eleonora

A2 - Majumdar, Suryadipta

A2 - Meng, Weizhi

A2 - Picek, Stjepan

A2 - Shao, Jun

A2 - Su, Chunhua

A2 - Wang, Cong

A2 - Zhauniarovich, Yury

A2 - Zonouz, Saman

PB - Springer, Cham

T2 - International Conference on Applied Cryptography and Network Security, ACNS 2022

Y2 - 20 June 2022 through 23 June 2022

ER -

Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Embargoed Document

Fingerprint

Cite this