网络安全批准标准:UN R155 的应用

Mona Hellstern, Stefan Langhanki, Florian Grün, Reiner Kriesten, Eric Sax
{"title":"网络安全批准标准:UN R155 的应用","authors":"Mona Hellstern, Stefan Langhanki, Florian Grün, Reiner Kriesten, Eric Sax","doi":"10.4271/2024-01-2983","DOIUrl":null,"url":null,"abstract":"The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval, presenting a challenge for manufacturers and suppliers to demonstrate compliance throughout the product life cycle. An issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient. Independent accredited assessors assess the security engineering results during type approval. Considering the risk-based approach of ISO/SAE 21434 to security engineering, assessing whether threats have been appropriately addressed is a challenge. While there are currently no uniform assessment criteria at product level, the question arises as to which development artifacts serve as indicators for determining the efficacy of mitigation strategies. In response to this challenge, the paper conducts an analysis of existing security concepts of the automotive security standard ISO/SAE 21434 and the Information Technology Security Evaluation Standard ISO 15408 (Common Criteria) and therefore provides an insight into the state-of-the-art of security evaluation methods. The overall objective is to derive applicable assessment criteria and recommendations for the UN R155 approval while taking into account relevant security properties that help to decide on the sufficiency of security measures. These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cybersecurity in the context of vehicle type approvals.","PeriodicalId":510086,"journal":{"name":"SAE Technical Paper Series","volume":"22 7","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cybersecurity Approval Criteria: Application of UN R155\",\"authors\":\"Mona Hellstern, Stefan Langhanki, Florian Grün, Reiner Kriesten, Eric Sax\",\"doi\":\"10.4271/2024-01-2983\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval, presenting a challenge for manufacturers and suppliers to demonstrate compliance throughout the product life cycle. An issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient. Independent accredited assessors assess the security engineering results during type approval. Considering the risk-based approach of ISO/SAE 21434 to security engineering, assessing whether threats have been appropriately addressed is a challenge. While there are currently no uniform assessment criteria at product level, the question arises as to which development artifacts serve as indicators for determining the efficacy of mitigation strategies. In response to this challenge, the paper conducts an analysis of existing security concepts of the automotive security standard ISO/SAE 21434 and the Information Technology Security Evaluation Standard ISO 15408 (Common Criteria) and therefore provides an insight into the state-of-the-art of security evaluation methods. The overall objective is to derive applicable assessment criteria and recommendations for the UN R155 approval while taking into account relevant security properties that help to decide on the sufficiency of security measures. These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cybersecurity in the context of vehicle type approvals.\",\"PeriodicalId\":510086,\"journal\":{\"name\":\"SAE Technical Paper Series\",\"volume\":\"22 7\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"SAE Technical Paper Series\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4271/2024-01-2983\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"SAE Technical Paper Series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4271/2024-01-2983","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

UN R155 法规是首个汽车网络安全法规,并将安全性作为新车型的强制性审批标准。这为市场审批确立了国际统一的安全要求,为制造商和供应商在整个产品生命周期内证明合规性提出了挑战。已签发的型式批准书在国际上得到联合国 1958 年协议成员国的承认。国际认可意味着要采用统一的评估标准来证明合规性,并决定安全措施是否充分。在型式批准过程中,独立的认证评估人员会对安全工程结果进行评估。考虑到 ISO/SAE 21434 对安全工程采用基于风险的方法,评估威胁是否已得到适当处理是一项挑战。虽然目前在产品层面没有统一的评估标准,但问题是哪些开发工件可作为确定缓解策略有效性的指标。为应对这一挑战,本文对汽车安全标准 ISO/SAE 21434 和信息技术安全评估标准 ISO 15408(通用标准)的现有安全概念进行了分析,从而深入了解了安全评估方法的最新进展。总体目标是为 UN R155 批准制定适用的评估标准和建议,同时考虑到有助于决定安全措施是否充分的相关安全属性。这些建议旨在提高与 UN R155 相关的安全评估的全面性,促进在车辆类型批准方面采用更加统一的网络安全评估方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Cybersecurity Approval Criteria: Application of UN R155
The UN R155 regulation is the first automotive cybersecurity regulation and has made security a mandatory approval criterion for new vehicle types. This establishes internationally harmonized security requirements for market approval, presenting a challenge for manufacturers and suppliers to demonstrate compliance throughout the product life cycle. An issued type approval is internationally recognized by the member states of the UN 1958 Agreement. International recognition implies that uniform assessment criteria are applied to demonstrate compliance and to decide whether security efforts are sufficient. Independent accredited assessors assess the security engineering results during type approval. Considering the risk-based approach of ISO/SAE 21434 to security engineering, assessing whether threats have been appropriately addressed is a challenge. While there are currently no uniform assessment criteria at product level, the question arises as to which development artifacts serve as indicators for determining the efficacy of mitigation strategies. In response to this challenge, the paper conducts an analysis of existing security concepts of the automotive security standard ISO/SAE 21434 and the Information Technology Security Evaluation Standard ISO 15408 (Common Criteria) and therefore provides an insight into the state-of-the-art of security evaluation methods. The overall objective is to derive applicable assessment criteria and recommendations for the UN R155 approval while taking into account relevant security properties that help to decide on the sufficiency of security measures. These recommendations aim to enhance the comprehensiveness of the security assessment associated with UN R155, fostering a more uniform approach to evaluating cybersecurity in the context of vehicle type approvals.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信