A Proposal of Security Requirements Definition Methodology in Connected Car Systems by CVSS V3

2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI) Pub Date : 2016-07-01 DOI:10.1109/IIAI-AAI.2016.95

Eriko Ando, Makoto Kayashima, Norishita Komoda

{"title":"A Proposal of Security Requirements Definition Methodology in Connected Car Systems by CVSS V3","authors":"Eriko Ando, Makoto Kayashima, Norishita Komoda","doi":"10.1109/IIAI-AAI.2016.95","DOIUrl":null,"url":null,"abstract":"The use of connected cars has been spreading recently. Security for connected cars is very important because an attacker can access connected cars remotely. Security requirements defined based on risk assessment are necessary to protect connected cars from attackers. However, the conventional risk assessment technique mostly depends on the evaluator's security knowledge. Therefore, we propose a security requirement definition methodology for connected car systems. The proposed methodology is based on the security requirements definition methodology in IoT (Internet of Things) systems, which consists of four processes: modelization of target system, definition of security problems, consideration of security requirements, and decision of security function components. We applied the methodology in IoT systems to connected car systems. In particular, the risk assessment, which is executed to define security problems, uses CVSS v3 which was released in 2015. We can assess the risk of connected car systems objectively by using the base metrics of CVSS v3.","PeriodicalId":272739,"journal":{"name":"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)","volume":"119 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IIAI-AAI.2016.95","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

The use of connected cars has been spreading recently. Security for connected cars is very important because an attacker can access connected cars remotely. Security requirements defined based on risk assessment are necessary to protect connected cars from attackers. However, the conventional risk assessment technique mostly depends on the evaluator's security knowledge. Therefore, we propose a security requirement definition methodology for connected car systems. The proposed methodology is based on the security requirements definition methodology in IoT (Internet of Things) systems, which consists of four processes: modelization of target system, definition of security problems, consideration of security requirements, and decision of security function components. We applied the methodology in IoT systems to connected car systems. In particular, the risk assessment, which is executed to define security problems, uses CVSS v3 which was released in 2015. We can assess the risk of connected car systems objectively by using the base metrics of CVSS v3.

查看原文本刊更多论文

基于CVSS V3的网联汽车系统安全需求定义方法建议

联网汽车的使用最近一直在普及。联网汽车的安全性非常重要，因为攻击者可以远程访问联网汽车。基于风险评估定义的安全需求是保护联网汽车免受攻击者攻击的必要条件。然而，传统的风险评估技术大多依赖于评估者的安全知识。因此，我们提出一种网联汽车系统的安全需求定义方法。该方法以物联网系统安全需求定义方法为基础，包括目标系统建模、安全问题定义、安全需求考虑和安全功能组件决策四个过程。我们将物联网系统中的方法应用于联网汽车系统。特别是，用于定义安全问题的风险评估使用了2015年发布的CVSS v3。我们可以使用CVSS v3的基本指标客观地评估联网汽车系统的风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)

自引率

0.00%

发文量