Abstract
Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.
Original language | English |
---|---|
Title of host publication | Applied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings |
Editors | Jianying Zhou, Sridhar Adepu, Cristina Alcaraz, Lejla Batina, Emiliano Casalicchio, Sudipta Chattopadhyay, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Suryadipta Majumdar, Weizhi Meng, Stjepan Picek, Jun Shao, Chunhua Su, Cong Wang, Yury Zhauniarovich, Saman Zonouz |
Publisher | Springer, Cham |
Pages | 235-247 |
Number of pages | 13 |
ISBN (Electronic) | 978-3-031-16815-4 |
ISBN (Print) | 978-3-031-16814-7 |
DOIs | |
Publication status | Published - 24 Sept 2022 |
Event | International Conference on Applied Cryptography and Network Security, ACNS 2022: ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA - Rome, Italy Duration: 20 Jun 2022 → 23 Jun 2022 Conference number: 20 https://sites.google.com/di.uniroma1.it/acns2022 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13285 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | International Conference on Applied Cryptography and Network Security, ACNS 2022 |
---|---|
Country/Territory | Italy |
City | Rome |
Period | 20/06/22 → 23/06/22 |
Internet address |
Bibliographical note
The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-031-16815-4_14Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.
This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.
Keywords
- Attack tree
- Cybersecurity
- Flow graph
- ISO/SAE 21434
- Residual risk
- Risk management framework
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)