threat modeling and simulation for automotive it
TRANSCRIPT
KTH ROYAL INSTITUTE OF TECHNOLOGY
Threat Modeling and Simulation for Automotive IT Associate prof. Robert Lagerström
Contact
Robert Lagerström [email protected] 073-67 67 257 www.kth.se/profile/robertl www.foreseeti.com
Partners
KTH Royal Institute of Technology - Software System Architecture and Security group, School
of Electrical Engineering
Foreseeti AB - KTH spin-off - securiCAD®, a threat modeling and risk management tool
Scania - End-users, R&D
Pre-study
Pre-study just started Requirements specification for a threat modeling and analysis language for vehicle ICT security Project application in June 1) Find the attack paths available for cyber threats in
modern connected vehicles 2) Collect information required to estimate the difficulty of
attack success 3) Design an efficient and accurate modeling language for
digital attack simulations
Why am I here today?
1) Looking for new partners 2) Project scope can change somewhat with new partners
securiCAD® in a nutshell
Probability Mathematics 10 years of research
securiCAD® in a nutshell
Model IT / OT environment Simulate attacks Analyze & Manage
8
Screenshot from new GUI
9
Screenshot from new GUI OBJECTS
10
Screenshot from new GUI ATTACK STEPS
11
DEFENSES
12
Screenshot from new GUI ATTACK PATHS
13
Screenshot from new GUI ATTACK DISTRIBUTION
14
Under the hood - the complete attack tree
15
Risk
securiCAD support to security processes Strategic
Design support / design comparison Risk managment Risk audit and compliance (Asset managment) …
Tactic Risk montoring and control (Prioritize) penetration testing …
Operation Intrusion detection Incident resonse …
Forensics Incident analysis …