JUCS - Journal of Universal Computer Science 27(8): 830-849, doi: 10.3897/jucs.72367
Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study
Jürgen Dobaj‡, Damjan Ekert§, Jakub Stolfa|, Svatopluk Stolfa|, Georg Macher‡, Richard Messnarz¶‡ Graz University of Technology, Graz, Austria§ ISCN GesmbH, Graz, Austria| VSB TUO, Ostrava, Czech Republic¶ ISCN GesmbH Entwicklung, Graz, Austria
Corresponding author: Jürgen Dobaj ( juergen.dobaj@tugraz.at ) © Jürgen Dobaj, Damjan Ekert, Jakub Stolfa, Svatopluk Stolfa, Georg Macher, Richard Messnarz. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Dobaj J, Ekert D, Stolfa J, Stolfa S, Macher G, Messnarz R (2021) Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study. JUCS - Journal of Universal Computer Science 27(8): 830-849. https://doi.org/10.3897/jucs.72367 |  |
Abstract
Cybersecurity has become a crucial challenge in the automotive sector. At the current stage, the framework described by the ISO/SAE 21434 is insufficient to derive concrete methods for the design of secure automotive networked embedded systems on the supplier level. This article describes a case study with actionable steps for designing secure systems and systematically eliciting traceable cybersecurity requirements to address this gap. The case study is aligned with the ISO/SAE 21434 standard and can provide the basis for integrating cybersecurity engineering into company-specific processes and practice specifications.
Keywords
Cybersecurity, Threat Modeling, Risk Assessment, Verification, Validation, Design Patterns