{"title":"基于CVSS V3的网联汽车系统安全需求定义方法建议","authors":"Eriko Ando, Makoto Kayashima, Norishita Komoda","doi":"10.1109/IIAI-AAI.2016.95","DOIUrl":null,"url":null,"abstract":"The use of connected cars has been spreading recently. Security for connected cars is very important because an attacker can access connected cars remotely. Security requirements defined based on risk assessment are necessary to protect connected cars from attackers. However, the conventional risk assessment technique mostly depends on the evaluator's security knowledge. Therefore, we propose a security requirement definition methodology for connected car systems. The proposed methodology is based on the security requirements definition methodology in IoT (Internet of Things) systems, which consists of four processes: modelization of target system, definition of security problems, consideration of security requirements, and decision of security function components. We applied the methodology in IoT systems to connected car systems. In particular, the risk assessment, which is executed to define security problems, uses CVSS v3 which was released in 2015. We can assess the risk of connected car systems objectively by using the base metrics of CVSS v3.","PeriodicalId":272739,"journal":{"name":"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)","volume":"119 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"A Proposal of Security Requirements Definition Methodology in Connected Car Systems by CVSS V3\",\"authors\":\"Eriko Ando, Makoto Kayashima, Norishita Komoda\",\"doi\":\"10.1109/IIAI-AAI.2016.95\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The use of connected cars has been spreading recently. Security for connected cars is very important because an attacker can access connected cars remotely. Security requirements defined based on risk assessment are necessary to protect connected cars from attackers. However, the conventional risk assessment technique mostly depends on the evaluator's security knowledge. Therefore, we propose a security requirement definition methodology for connected car systems. The proposed methodology is based on the security requirements definition methodology in IoT (Internet of Things) systems, which consists of four processes: modelization of target system, definition of security problems, consideration of security requirements, and decision of security function components. We applied the methodology in IoT systems to connected car systems. In particular, the risk assessment, which is executed to define security problems, uses CVSS v3 which was released in 2015. We can assess the risk of connected car systems objectively by using the base metrics of CVSS v3.\",\"PeriodicalId\":272739,\"journal\":{\"name\":\"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)\",\"volume\":\"119 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IIAI-AAI.2016.95\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IIAI-AAI.2016.95","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Proposal of Security Requirements Definition Methodology in Connected Car Systems by CVSS V3
The use of connected cars has been spreading recently. Security for connected cars is very important because an attacker can access connected cars remotely. Security requirements defined based on risk assessment are necessary to protect connected cars from attackers. However, the conventional risk assessment technique mostly depends on the evaluator's security knowledge. Therefore, we propose a security requirement definition methodology for connected car systems. The proposed methodology is based on the security requirements definition methodology in IoT (Internet of Things) systems, which consists of four processes: modelization of target system, definition of security problems, consideration of security requirements, and decision of security function components. We applied the methodology in IoT systems to connected car systems. In particular, the risk assessment, which is executed to define security problems, uses CVSS v3 which was released in 2015. We can assess the risk of connected car systems objectively by using the base metrics of CVSS v3.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
