Language:

A Study on Threat Analysis and Risk Assessment Based on the "Asset Container" Method and CWSS

IEEE access, 2023, Vol.11, p.18148-18156 [Peer Reviewed Journal]

Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 ;ISSN: 2169-3536 ;EISSN: 2169-3536 ;DOI: 10.1109/ACCESS.2023.3246497 ;CODEN: IAECCG

Full text available

Citations Cited by

Actions
1. Add to My Research
2. Remove from My Research
3. E-mail
4. Print
5. Permalink
6. Citation
7. EasyBib
8. EndNote
9. RefWorks
10. Delicious
11. Export RIS
12. Export BibTeX

Title:
A Study on Threat Analysis and Risk Assessment Based on the "Asset Container" Method and CWSS
Author: Kawanishi, Yasuyuki ; Nishihara, Hideaki ; Yoshida, Hirotaka ; Yamamoto, Hideki ; Inoue, Hiroyuki
Subjects: Automobiles ; Automotive engineering ; Computer security ; Containers ; CWSS ; Cyber-physical systems ; Guidelines ; Impact analysis ; Impact damage ; In-vehicle security ; ISO/SAE 21434 ; Legislation ; Measurement ; Risk analysis ; Risk assessment ; Safety ; security design ; Security management ; TARA ; Threat evaluation
Is Part Of: IEEE access, 2023, Vol.11, p.18148-18156
Description: In recent years, legislation and standardization of cyber security management for cyber-physical systems such as automotive systems have been progressing steadily. ISO/SAE 21434, published in 2021, addresses the management and analysis of electrical systems within road vehicles from a cybersecurity perspective. It also recommends some methods for the threat analysis and risk assessment (TARA) process. However, there are two problems in the evaluation methods derived from conventional security analysis approaches. One problem is related to the insufficient evaluation of attack feasibilities for cyber-physical systems by the CVSS-based approach. Another problem is the unclear relationship between damage factors in analyzing the impact of damage to each asset. In this paper, we focus on the TARA process, and apply an "asset container" method for threat classification, proposed by the authors at DECSoS 2017, and a CWSS-based risk quantification method. Moreover, we can also add some perspective to improve risk evaluation suitable for automotive systems. Following our past studies on methodologies to evaluate the risk of such special cyber-physical systems, we can quantify risks limited to some cyber-physical systems, such as direct access attacks to in-vehicle networks.
Publisher: Piscataway: IEEE
Language: English
Identifier: ISSN: 2169-3536
EISSN: 2169-3536
DOI: 10.1109/ACCESS.2023.3246497
CODEN: IAECCG
Source: DOAJ, Directory of Open Access Journals
IEEE Xplore Open Access Journals

Back to results list


INSPIRE LIBRARY - TON DUC THANG UNIVERSITY	(84-028) 37 755 057	Feedback
19 Nguyen Huu Tho St. Dist.7, HCM	thuvien@tdtu.edu.vn	Feedback

A Study on Threat Analysis and Risk Assessment Based on the "Asset Container" Method and CWSS

Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023 ;ISSN: 2169-3536 ;EISSN: 2169-3536 ;DOI: 10.1109/ACCESS.2023.3246497 ;CODEN: IAECCG

Searching Remote Databases, Please Wait