Abstract
In response to the recent Jeep hacking and recalls based on information security vulnerability in 2015, the significance of secure system design has become increasingly important in the automotive industry. From this perspective, security guidelines such as JASO TP 15002 and SAE J3061 have been published. To realize future connected-car systems or the future autonomous driving in line with these guidelines, many automotive Original Equipment Manufacturers (OEMs) and their major suppliers are now developing key components such as central gateways (CGW), telematics, or end Electronic Control Units (ECUs), with theses security concerns in mind. In this paper, we focus on a security evaluation that consists of model definition, threat identification, and the risk analysis in JASO TP 15002. To do so we first identify gaps between an understanding of JASO TP15002 and implementation of secure system design based on it. We then present a detailed analysis which includes new methods to fill this gap using illustrative examples such as CGW. As a result, we provide a solution with an improvement in terms of work efficiency over typical methods according to the JASO TP 15002.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Algirdas, A., et al.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1(1), 11–33 (2004)
Dobbing, B., Lautieri, S.: SafSec Methodology: Standard (Issue 3.1), S.P1199.50.2, Praxis High Integrity Systems (2006)
Firesmith, D.G.: Common Concepts Underlying Safety, Security, and Survivability Engineering, CMU/SEI-2003-TN-033, Software Engineering Institute (2003)
Hatzivasilis, G., Papaefstathiou, I., Manifavas, C.: Software security, privacy, and dependability: metrics and measurement. IEEE Softw. 33(4), 46–54 (2016)
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy (2010)
ISO 26262: Road vehicles - Functional safety (2011)
ISO/IEC 15408: Information technology - Security techniques - Evaluation criteria for IT security (2009)
ITU-T X.1524: Cybersecurity information exchange - Vulnerability/state exchange, Common weakness enumeration (2012)
JASO TP15002: Guideline for Automotive Information Security Analysis (2015)
JASO TP15002: Guideline concerning automotive information security (2015). (in Japanese)
Leveson, N.: Safeware: System Safety and Computers. Addison-Wesley, Reading (1995)
Miyashita, Y., et al.: On-vehicle compact and lightweight multi-channel central gateway unit. SEI Techn. Rev. 83, 5–9 (2016)
Prasad, K.V., Giuli, T.J., Watson, D.: The case for modeling security, privacy, usability and reliability (SPUR) in automotive software. In: Broy, M., Krüger, I.H., Meisinger, M. (eds.) ASWSD 2006. LNCS, vol. 4922, pp. 1–14. Springer, Heidelberg (2008). doi:10.1007/978-3-540-70930-5_1
Richard, C., et al.: Introducing OCTAVE allegro: improving the information security risk assessment process. CMU/SEI-2007-TR-012 (2007)
RTCA: DO-326A Airworthiness Security Process Specification (2014)
Ruddle, A., et al.: Security requirements for automotive on-board networks based on dark-side scenarios. E-safety vehicle intrusion protected applications (EVITA) Deliverable D2.3 (2009)
SAE J3061: Cybersecurity Guidebook for Cyber-Physical Vehicle Systems (2016)
Schmittner, C., Ma, Z.: Towards a framework for alignment between automotive safety and security standards. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 133–143. Springer, Cham (2015). doi:10.1007/978-3-319-24249-1_12
Valasek, C., Miller, C.: Adventures in Automotive Networks and Control Units. DEFCON 21 (2013). http://illmatics.com/car_hacking.pdf
World Forum for Harmonization of Vehicle Regulations (WP.29): UN Task Force on Cyber security and OTA issues (CS/OTA): Draft Recommendation on “Secure software update capability for intelligent transportation system communication devices” (2016). CS/OTA 1st session https://www2.unece.org/wiki/pages/viewpage.action?pageId=40829523
Acknowledgements
The authors would like to thank the anonymous reviewers for their helpful comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Kawanishi, Y., Nishihara, H., Souma, D., Yoshida, H. (2017). Detailed Analysis of Security Evaluation of Automotive Systems Based on JASO TP15002. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds) Computer Safety, Reliability, and Security . SAFECOMP 2017. Lecture Notes in Computer Science(), vol 10489. Springer, Cham. https://doi.org/10.1007/978-3-319-66284-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-66284-8_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-66283-1
Online ISBN: 978-3-319-66284-8
eBook Packages: Computer ScienceComputer Science (R0)