{"title":"汽车移动接入系统通用多级风险评估方法","authors":"Thomas Termin, D. Lichte, K. Wolf","doi":"10.3850/978-981-14-8593-0_5778-CD","DOIUrl":null,"url":null,"abstract":"Nowadays mobility companies have to deal with the digitization of analog products and services. A central scope of interest is the design of mobile access systems, intended to replace the physical key. However, these systems do not only involve new use cases but also risks that place safety and security issues in the foreground of the system design. To ensure protection against safety and security risks, a procedure that allows multilevel system evaluation is necessary. Practical experience in risk assessment (SRA) shows field-specific approaches widely used. In order to facilitate an embedded safe and secure system design, this paper introduces a generic assessment method, which considers different system configurations and multilevel safety and security risks. Within this procedure, previously identified technical requirements are mapped in a Morphological Box (MB) to describe the configuration space (CS) of the system. In order to evaluate the system, use cases and sequences as well as misuse cases are mapped using UML. Identified threats and attack paths are transferred into fault and attack trees. The results of the fault tree analysis (FTA) and attack tree analysis (ATA) allows the definition of security requirements. Additionally, the process reveals non-standard scenarios that demand further detailed analysis. The proposed approach is applied to the example of an automotive mobile access system.","PeriodicalId":201963,"journal":{"name":"Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference","volume":"52 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Approach to Generic Multilevel Risk Assessment of Automotive Mobile Access Systems\",\"authors\":\"Thomas Termin, D. Lichte, K. Wolf\",\"doi\":\"10.3850/978-981-14-8593-0_5778-CD\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays mobility companies have to deal with the digitization of analog products and services. A central scope of interest is the design of mobile access systems, intended to replace the physical key. However, these systems do not only involve new use cases but also risks that place safety and security issues in the foreground of the system design. To ensure protection against safety and security risks, a procedure that allows multilevel system evaluation is necessary. Practical experience in risk assessment (SRA) shows field-specific approaches widely used. In order to facilitate an embedded safe and secure system design, this paper introduces a generic assessment method, which considers different system configurations and multilevel safety and security risks. Within this procedure, previously identified technical requirements are mapped in a Morphological Box (MB) to describe the configuration space (CS) of the system. In order to evaluate the system, use cases and sequences as well as misuse cases are mapped using UML. Identified threats and attack paths are transferred into fault and attack trees. The results of the fault tree analysis (FTA) and attack tree analysis (ATA) allows the definition of security requirements. Additionally, the process reveals non-standard scenarios that demand further detailed analysis. The proposed approach is applied to the example of an automotive mobile access system.\",\"PeriodicalId\":201963,\"journal\":{\"name\":\"Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference\",\"volume\":\"52 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3850/978-981-14-8593-0_5778-CD\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 30th European Safety and Reliability Conference and 15th Probabilistic Safety Assessment and Management Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3850/978-981-14-8593-0_5778-CD","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Approach to Generic Multilevel Risk Assessment of Automotive Mobile Access Systems
Nowadays mobility companies have to deal with the digitization of analog products and services. A central scope of interest is the design of mobile access systems, intended to replace the physical key. However, these systems do not only involve new use cases but also risks that place safety and security issues in the foreground of the system design. To ensure protection against safety and security risks, a procedure that allows multilevel system evaluation is necessary. Practical experience in risk assessment (SRA) shows field-specific approaches widely used. In order to facilitate an embedded safe and secure system design, this paper introduces a generic assessment method, which considers different system configurations and multilevel safety and security risks. Within this procedure, previously identified technical requirements are mapped in a Morphological Box (MB) to describe the configuration space (CS) of the system. In order to evaluate the system, use cases and sequences as well as misuse cases are mapped using UML. Identified threats and attack paths are transferred into fault and attack trees. The results of the fault tree analysis (FTA) and attack tree analysis (ATA) allows the definition of security requirements. Additionally, the process reveals non-standard scenarios that demand further detailed analysis. The proposed approach is applied to the example of an automotive mobile access system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
