Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434

Ahmed Khan, Jeremy Bryans, Giedre Sabaliauskaite

Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

1 Citation (Scopus)
67 Downloads (Pure)

Abstract

Safety-critical Cyber-Physical Systems, such as high-tech cars, require new risk management approaches to investigate and address their cybersecurity risks. The current standard for automotive security ISO/SAE 21434 presents such a framework, which discusses the threats, the associated risk, and the chosen treatment, which can be risk reduction through the implementation of a countermeasure or defense. This paper presents a residual cybersecurity risk management framework aligned with the ISO/SAE 21434 framework. The proposed approach audits the applied defenses over the generated attack paths for the identified threats and associated system components. Flow networks are used to calculate the reduced or mitigated risk and the remaining risk of the threat in the presence of the selected countermeasure. The feasibility of the method is explained using a simple automotive system example.

Original languageEnglish
Title of host publicationApplied Cryptography and Network Security Workshops - ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S and P, SCI, SecMT, SiMLA, Proceedings
EditorsJianying Zhou, Sridhar Adepu, Cristina Alcaraz, Lejla Batina, Emiliano Casalicchio, Sudipta Chattopadhyay, Chenglu Jin, Jingqiang Lin, Eleonora Losiouk, Suryadipta Majumdar, Weizhi Meng, Stjepan Picek, Jun Shao, Chunhua Su, Cong Wang, Yury Zhauniarovich, Saman Zonouz
PublisherSpringer, Cham
Pages235-247
Number of pages13
ISBN (Electronic)978-3-031-16815-4
ISBN (Print)978-3-031-16814-7
DOIs
Publication statusPublished - 24 Sept 2022
EventInternational Conference on Applied Cryptography and Network Security, ACNS 2022: ACNS 2022 Satellite Workshops, AIBlock, AIHWS, AIoTS, CIMSS, Cloud S&P, SCI, SecMT, SiMLA - Rome, Italy
Duration: 20 Jun 202223 Jun 2022
Conference number: 20
https://sites.google.com/di.uniroma1.it/acns2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13285 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceInternational Conference on Applied Cryptography and Network Security, ACNS 2022
Country/TerritoryItaly
CityRome
Period20/06/2223/06/22
Internet address

Bibliographical note

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-031-16815-4_14


Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.

This document is the author’s post-print version, incorporating any revisions agreed during the peer-review process. Some differences between the published version and this version may remain and you are advised to consult the published version if you wish to cite from it.

Keywords

  • Attack tree
  • Cybersecurity
  • Flow graph
  • ISO/SAE 21434
  • Residual risk
  • Risk management framework

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO/SAE 21434'. Together they form a unique fingerprint.

Cite this