Processes and Data Stores related to the components of connected cars.
The template permits the creation of specific automotive threat models with: The lack of a specific template for automotive threat modeling brought about the development of the Automotive TM Template, which takes advantage of a new feature in the MS Threat Modeling Tool 2016 that allows the creation of entirely new customised templates. With the goal to assist with this approach, the MS Threat Modeling Tool 2016 provides a way to use Data Flow Diagrams (DFDs) to identify threats in the design phase of any software/hardware and understand potential attacks based on the identified threats.Ī threat modeling workshop for automotive-related technologies requires DFDs with custom elements, tailored threats and specific recommendations. The STRIDE approach has proved to be an effective way to highlight and categorise threats. The Automotive Threat Modeling (TM) Template was created using the Microsoft (MS) Threat Modeling Tool 2016 and therefore threat models are created using this product.īackground & Motivations: Why the template? In order to assist with the need to secure automotive vehicles, we developed a customised template for automotive threat modeling activities, tailored to the threats affecting the cyber security posture of connected vehicles. Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector.Ĭonsidering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems and technologies.
0 kommentar(er)
