Use Cases of Attack Graph in Threat Analysis And Risk Assessment for The Automotive Domain

Attack graph is a commonly used methodology in IT security to represent all paths in the system that can lead to a successful attack. It is used to visually represent and automatically analyze security vulnerabilities in the system, as well as to analyze potential defense strategies. Nevertheless, attack graphs are not widely used in the automotive domain. Cognitive mobility systems rely on autonomous decision making by its participants. In order to enable trust in vehicles to make correct decisions, we must ensure that they are immune to failure and malicious manipulation. This trust requires a high level of safety and security. For a smart car, with multiple external connections, the complexity of the attack surface increases dramatically. Ensuring the security of the vehicle depends on a large number of interrelated factors. Thus we need methods, tools and know-how for evaluating the security postures of vehicles. The new ISO/SAE 21434 standard specifies the technical requirements for cyber-security management of road vehicles. It defines the Threat Analysis and Risk Assessment (TARA) for the analysis and assessment of cyber-security risks to a given automotive system. We propose a generic model to automate the attack path generation and analysis in the TARA. We also discuss several use cases for this model, including the enumeration of possible attack paths, the automatic evaluation of the feasibility and risk of each path, and the construction of a defence graph to ensure the security of the system.