Advancing Threat and Risk Analysis with a Combined Approach: Asset Container Method and CWSS Integration-Reference-Cited by-同舟云学术

Advancing Threat and Risk Analysis with a Combined Approach: Asset Container Method and CWSS Integration

Published:2024-09-06 Issue: Volume: Page:77-84
ISSN:2581-9429
Container-title:International Journal of Advanced Research in Science, Communication and Technology
language:en
Short-container-title:IJARSCT

Author:

Mr. Mounesh A ¹,Ms. Shikha Shetty ¹,Ms. Shilpa ¹,Ms. Shilpa A ¹,Mr. Showrya Shetty ¹

Affiliation:

1. Alva’s Institute of Engineering and Technology, Mijar, Karnataka, India

Abstract

In recent years, the development of cybersecurity standards for cyber-physical systems, such as automotive systems, has seen significant progress. One key development is ISO/SAE 21434, released in 2021, which provides a framework for managing and analyzing cybersecurity in the electrical systems of road vehicles. This standard also introduces methods for the Threat Analysis and Risk Assessment (TARA) process. However, current security analysis techniques face two notable challenges: first, the conventional CVSS-based approach is inadequate for assessing attack feasibility in cyber-physical systems. Second, the relationship between damage factors and their impact on assets remains unclear. This paper addresses these issues by enhancing the TARA process through the use of the "asset container" method for threat classification, as proposed at DECSoS 2017, alongside a CWSS-based risk quantification approach. Furthermore, the paper suggests improvements to risk evaluation methods specifically tailored for automotive systems, focusing on direct access attacks on in-vehicle networks.

Publisher

Naksh Solutions

Reference16 articles.

1. [1] Kawanishi, Y., Nishihara, H., Yamamoto, H., Yoshida, H., & Inoue, H. (2022). ‘‘A study of the risk quantification method of cyber-physical systems focusing on direct-access attacks to in-vehicle networks,’’ IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2022. doi:10.1587/transfun.2022CIP0004.

2. [2] Common Weakness Enumeration. (2023). Common Weakness Scoring System (CWSS). [Online]. Available: https://cwe.mitre.org/cwss/cwss_v1.0.1.html

3. [3] FORUM OF INCIDENT RESPONSE AND SECURITY TEAMS (FIRST). (2023). Common Vulnerability Scoring System V3.1: Specification Document. [Online]. Available: https://www.first.org/cvss/v3.1/specification- document

4. [4] ISO/SAE. (2021). Road Vehicles—Cybersecurity Engineering, Standard ISO/SAE 21434. International Organization for Standardization.

5. [5] Kawanishi, Y., Nishihara, H., Souma, D., & Yoshida, H. (2019). ‘‘A comparative study of JASO TP15002-based security risk assessment methods for connected vehicle system design,’’ Security and Privacy, vol. 2019, pp. 1–35, Feb. 2019. doi: 10.1155/2019/4614721.