Contents
Acknowledgements 4
Foreword 5
List of Acronyms 8
1.0. Introduction 9
1.0.1. Automotive Networks 10
1.0.2. Electronic Control Units 12
1.1. Objectives 12
1.2. Methodology 12
1.2.1. Why Threat Modeling? 13
1.2.2. Types of Threat Models 13
A. STRIDE 13
B. Trike 14
C. Application Security Frame 14
2.0. Composite Threat Model 15
2.0.1. Identify Critical Applications/ Systems 15
A. Application/System Decomposition 15
2.0.2. Determination and Analysis of Threats 16
A. Threat Identification 16
B. Threat Analysis 17
Appendix A. Use Case Examples 30
Appendix B. Completed Threat Matrices 33
Brake Disconnect 34
Horn Activation 35
Engine-Halt Airbag 36
Portable Device Injection 37
Dealership Download 38
Cellular Attack 39
Key Fob Cloning 40
Long Distance Keyless Entry Repeater Version 41
Call Center Fleet Attack 42
Car Rental or Lease 43
Malware Onboard 44
Appendix C. Works Cited 45
Table 1. Sample Automotive Networks 11
Table 2. ASF Threat Categories 14
Table 3. Use Case Elements - Potential Entry Points 18
Table 4. Use Case Elements - Potential Access Methods 18
Table 5. Use Case Elements - Types 19
Table 6. Use Case Elements - Potential Outcomes 20
Table 7. Threat Matrix Categories 21
Table 8. Threat Matrix Population Example 25
Figure 1. Typical ECUs 12
Figure 2. STRIDE Threat Categories 13
Figure 3. Composite Threat Model Outline 15
Figure 4. Threat Matrix Working Layout 28
Figure 5. Threat Matrix Report Layout 29