No Cover Image

Journal article 101 views 15 downloads

Integrated Attack Tree in Residual Risk Management Framework

Ahmed Nawaz Khan, Jeremy Bryans, Giedre Sabaliauskaite Orcid Logo, Hesamaldin Jadidbonab Orcid Logo

Information, Volume: 14, Issue: 12, Start page: 639

Swansea University Author: Giedre Sabaliauskaite Orcid Logo

  • 65213_GVOR.pdf

    PDF | Version of Record

    © 2023 by the authors. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license.

    Download (1.1MB)

Check full text

DOI (Published version): 10.3390/info14120639

Abstract

Safety-critical cyber-physical systems (CPSs), such as high-tech cars having cyber capabilities, are highly interconnected. Automotive manufacturers are concerned about cyber attacks on vehicles that can lead to catastrophic consequences. There is a need for a new risk management approach to address...

Full description

Published in: Information
ISSN: 2078-2489
Published: MDPI AG 2023
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa65213
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract: Safety-critical cyber-physical systems (CPSs), such as high-tech cars having cyber capabilities, are highly interconnected. Automotive manufacturers are concerned about cyber attacks on vehicles that can lead to catastrophic consequences. There is a need for a new risk management approach to address and investigate cybersecurity risks. Risk management in the automotive domain is challenging due to technological improvements and advances every year. The current standard for automotive security is ISO/SAE 21434, which discusses a framework that includes threats, associated risks, and risk treatment options such as risk reduction by applying appropriate defences. This paper presents a residual cybersecurity risk management framework aligned with the framework presented in ISO/SAE 21434. A methodology is proposed to develop an integrated attack tree that considers multiple sub-systems within the CPS. Integrating attack trees in this way will help the analyst to take a broad perspective of system security. Our previous approach utilises a flow graph to calculate the residual risk to a system before and after applying defences. This paper is an extension of our initial work. It defines the steps for applying the proposed framework and using adaptive cruise control (ACC) and adaptive light control (ALC) to illustrate the applicability of our work. This work is evaluated by comparing it with the requirements of the risk management framework discussed in the literature. Currently, our methodology satisfies more than 75% of their requirements.
Keywords: automotive cybersecurity; risk management framework; risk assessment; attack tree; ISO/SAE 21434
College: Faculty of Science and Engineering
Funders: This research received no external funding.
Issue: 12
Start Page: 639

Similar Items