Streamlining Security Relevance Analysis According to ISO 21434

2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS) Pub Date : 2022-03-30 DOI:10.1109/NISS55057.2022.10085633

Christine Jakobs, Billy Naumann, Matthias Werner, Karsten Schmidt, Jörn Eichler, Holger Heskamp

{"title":"Streamlining Security Relevance Analysis According to ISO 21434","authors":"Christine Jakobs, Billy Naumann, Matthias Werner, Karsten Schmidt, Jörn Eichler, Holger Heskamp","doi":"10.1109/NISS55057.2022.10085633","DOIUrl":null,"url":null,"abstract":"ISO 21434, as the cybersecurity standard for automotive systems, was released not long ago. Nevertheless, the automotive industry needed to adhere to the standard since its draft release due to long development times. Therefore, most automotive companies accomplished the first development cycle according to ISO 21434. The biggest problem still is the efficiency of the cybersecurity process. In order to enable a continuous, traceable, and efficient cybersecurity process, each step needs to be evaluated and integrated into a common framework. As a first step, we analyze ISO 21434s concept of security relevance evaluation (SRE). We evaluate the suggested method of ISO 21434 and extend it to the notion of criticality. The initial criticality rating allows prioritization of the subsequent security process and accomplishment of the assessment requirement in ISO 21434. Additionally, we propose the idea of clustered SREs to raise efficiency.","PeriodicalId":138637,"journal":{"name":"2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NISS55057.2022.10085633","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

ISO 21434, as the cybersecurity standard for automotive systems, was released not long ago. Nevertheless, the automotive industry needed to adhere to the standard since its draft release due to long development times. Therefore, most automotive companies accomplished the first development cycle according to ISO 21434. The biggest problem still is the efficiency of the cybersecurity process. In order to enable a continuous, traceable, and efficient cybersecurity process, each step needs to be evaluated and integrated into a common framework. As a first step, we analyze ISO 21434s concept of security relevance evaluation (SRE). We evaluate the suggested method of ISO 21434 and extend it to the notion of criticality. The initial criticality rating allows prioritization of the subsequent security process and accomplishment of the assessment requirement in ISO 21434. Additionally, we propose the idea of clustered SREs to raise efficiency.

查看原文本刊更多论文

根据ISO 21434简化安全相关性分析

ISO 21434作为汽车系统的网络安全标准，不久前刚刚发布。然而，由于开发时间较长，汽车行业从草案发布开始就需要遵守该标准。因此，大多数汽车公司根据ISO 21434完成了第一个开发周期。最大的问题仍然是网络安全流程的效率。为了实现持续、可追踪和高效的网络安全流程，每个步骤都需要进行评估并集成到一个通用框架中。作为第一步，我们分析了ISO 21434安全相关性评估(SRE)的概念。我们评估了ISO 21434建议的方法，并将其扩展到临界性的概念。初始临界等级允许对后续安全过程进行优先排序，并完成ISO 21434中的评估要求。此外，我们提出了集群SREs的思想，以提高效率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 5th International Conference on Networking, Information Systems and Security: Envisage Intelligent Systems in 5g//6G-based Interconnected Digital Worlds (NISS)

自引率

0.00%

发文量