With the introduction of software components that allow them to interact with each other, modern vehicles can make decisions and make driving safer. Nevertheless, the use of communication technologies between vehicles and infrastructure, known as Vehicle-to-Everything (V2X), is a reality and is expected to be implemented in the near future. Although these sophisticated technologies bring great opportunities in the automotive field, they could introduce cybersecurity threats and security risks if compromised. For this reason, the International Organization for Standardization (ISO) has released ISO/SAE 21434 to introduce the cybersecurity process in developing hardware components for upcoming vehicles. However, it only defines requirements rather than a practical approach. In addition, methodologies must also be defined in order to respond to threats up to the components design phase. For these reasons, this paper proposes a preliminary approach by defining a security pattern called MARISMA-CAR in the automotive environment to manage and control the risk of threats in modern vehicles and future Smart Cars by combining the ENISA report and the ISO/SAE 21434. This work can help the automotive industry to set up security controls to identify, protect, and respond to automotive threats. Finally, the proposed models align with the ISO/SAE 21434 standard for the proposal of risk assessment methodologies.
MARISMA-CAR: A Preliminary Approach to Risk Assessment in Automotive Security
Barletta V. S.
;Caivano D.;De Vincentiis M.
;
2024-01-01
Abstract
With the introduction of software components that allow them to interact with each other, modern vehicles can make decisions and make driving safer. Nevertheless, the use of communication technologies between vehicles and infrastructure, known as Vehicle-to-Everything (V2X), is a reality and is expected to be implemented in the near future. Although these sophisticated technologies bring great opportunities in the automotive field, they could introduce cybersecurity threats and security risks if compromised. For this reason, the International Organization for Standardization (ISO) has released ISO/SAE 21434 to introduce the cybersecurity process in developing hardware components for upcoming vehicles. However, it only defines requirements rather than a practical approach. In addition, methodologies must also be defined in order to respond to threats up to the components design phase. For these reasons, this paper proposes a preliminary approach by defining a security pattern called MARISMA-CAR in the automotive environment to manage and control the risk of threats in modern vehicles and future Smart Cars by combining the ENISA report and the ISO/SAE 21434. This work can help the automotive industry to set up security controls to identify, protect, and respond to automotive threats. Finally, the proposed models align with the ISO/SAE 21434 standard for the proposal of risk assessment methodologies.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
