Graph-Based Automation of Threat Analysis and Risk Assessment for Automotive Security
Saulaiman, M N-E and Kozlovszky, Miklós and Csilling, A (2025) Graph-Based Automation of Threat Analysis and Risk Assessment for Automotive Security. INFORMATION (BASEL), 16 (6). ISSN 2078-2489 10.3390/info16060449
|
Text
Saulaiman_1_36228019_ny.pdf Download (1MB) | Preview |
Abstract
The proliferation of cyber–physical systems in modern vehicles, characterized by densely interconnected Electronic Control Units (ECUs) and heterogeneous communication networks, has significantly expanded the automotive attack surface. Traditional Threat Analysis and Risk Assessment (TARA) methodologies remain predominantly manual processes that exhibit limitations in scalability, and comprehensive threat identification. This research addresses these limitations by developing a formalized framework for automating attack path analysis within the automotive architecture. While attack graph methodologies have demonstrated efficacy in conventional information technology domains, their application within automotive cybersecurity contexts presents unique challenges stemming from domain-specific architectural constraints. We propose a novel Graph-based Attack Path Prioritization (GAPP) methodology that integrates Extended Finite State Machine (EFSM) modeling. Our implementation employs the Neo4j property graph database architecture to establish the mappings between architectural components, security states, and exploitation vectors. This research contributes a systematic approach to automotive security assessment, enhancing vulnerability identification capabilities while reducing analytical complexity. © 2025 by the authors.
| Item Type: | Article |
|---|---|
| Uncontrolled Keywords: | risk assessment; ARCHITECTURE; Control systems; Embedded systems; Network architecture; Heterogeneous networks; Risk analysis; Graph model; Network security; cybersecurity; Vehicle to vehicle communications; Cyber security; Graph Database; Graph Database; Neo4j; Neo4j; Graph databases; attack graph; Automotive cybersecurity; Automotive cybersecurity; Risks assessments; Automotives; ISO/SAE 21434; ISO/SAE 21434; Threats analysis; attack graph modeling; threat analysis and risk assessment (TARA); Attack graph modeling; Threat analyze and risk assessment; |
| Subjects: | Q Science > QA Mathematics and Computer Science > QA75 Electronic computers. Computer science / számítástechnika, számítógéptudomány |
| Divisions: | Laboratory of Parallel and Distributed Systems |
| SWORD Depositor: | MTMT Injector |
| Depositing User: | MTMT Injector |
| Date Deposited: | 07 Jul 2025 04:51 |
| Last Modified: | 07 Jul 2025 04:51 |
| URI: | https://eprints.sztaki.hu/id/eprint/10925 |
 |
Update Item |
