<![CDATA[ - Chapter 1 - Understanding Threat Models]]> https://hackmyride.com/forum/ Sat, 06 Jun 2026 05:27:38 +0000 MyBB <![CDATA[Enhancement of Automotive Penetration Testing with Threat Analyses Results]]> https://hackmyride.com/forum/showthread.php?tid=2651 Mon, 27 Mar 2023 17:37:16 -0500 HackMaster]]> https://hackmyride.com/forum/showthread.php?tid=2651 Enhancement of Automotive Penetration Testing with Threat Analyses Results




.pdf   Enhancement of Automotive Penetration Testing.pdf (Size: 296.92 KB / Downloads: 7) ]]> Enhancement of Automotive Penetration Testing with Threat Analyses Results




.pdf   Enhancement of Automotive Penetration Testing.pdf (Size: 296.92 KB / Downloads: 7) ]]> <![CDATA[ACEA Principles of Automobile Cybersecurity]]> https://hackmyride.com/forum/showthread.php?tid=2647 Mon, 27 Mar 2023 17:13:08 -0500 HackMaster]]> https://hackmyride.com/forum/showthread.php?tid=2647 ACEA Principles of Automobile Cybersecurity





.pdf   ACEA_Principles_of_Automobile_Cybersecurity.pdf (Size: 632.38 KB / Downloads: 7) ]]> ACEA Principles of Automobile Cybersecurity





.pdf   ACEA_Principles_of_Automobile_Cybersecurity.pdf (Size: 632.38 KB / Downloads: 7) ]]> <![CDATA[The Automotive Threat Modeling Template]]> https://hackmyride.com/forum/showthread.php?tid=2556 Mon, 27 Mar 2023 05:57:23 -0500 HackMaster]]> https://hackmyride.com/forum/showthread.php?tid=2556 The Automotive Threat Modeling Template

Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector.

Considering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems and technologies.

In order to assist with the need to secure automotive vehicles, we developed a customized template for automotive threat modeling activities, tailored to the threats affecting the cyber security posture of connected vehicles.

The Automotive Threat Modeling ™ Template was created using the Microsoft (MS) Threat Modeling Tool 2016 and therefore threat models are created using this product.

Background & Motivations: Why the template?

The STRIDE [1] approach has proved to be an effective way to highlight and categorise threats. With the goal to assist with this approach, the MS Threat Modeling Tool 2016 provides a way to use Data Flow Diagrams (DFDs) to identify threats in the design phase of any software/hardware and understand potential attacks based on the identified threats.

A threat modeling workshop for automotive-related technologies requires DFDs with custom elements, tailored threats and specific recommendations. The lack of a specific template for automotive threat modeling brought about the development of the Automotive TM Template, which takes advantage of a new feature in the MS Threat Modeling Tool 2016 that allows the creation of entirely new customised templates.

The Solution and its Features

The template permits the creation of specific automotive threat models with:
  • Processes and Data Stores related to the components of connected cars.
  • External Interactors tailored to an automotive system.
  • Data Flows that correspond to the messages exchanged over the air or inside the vehicle itself.
  • Trust Boundaries that take into consideration the environment and the vehicle-to-vehicle (V2V) networks.
  • Threat Types and Categories that follow the STRIDE classification, based on known and potential threats to the connected cars’ components.

Tailored Threat Properties including:
  • Priority, based on the risk of every threat applied in its context.
  • Attack Methods to potentially exploit the identified threats and to help further with the creation of Attack Trees.
  • Recommendations that suggest how to mitigate the threats.

The following screenshot provides a view of a sample threat model created using the template:

[Image: th-cc-11.png?resize=1024%2C452&ssl=1]
Figure 1 – Sample threat model using the Automotive TM Template

The following screenshot shows the template itself and a specific threat type that was added:
[Image: thcc2.png?resize=1024%2C306&ssl=1]
Figure 2 – View of the tailored threat types from the template editor


The Results

During a number of automotive threat modeling workshops, the template has been used to provide our clients with a view of the threats and attacks to their automotive systems.

We have created various threat models for different technologies and connected car platforms from SAE [2] Level 1 of Driving Automation (non-autonomous car with some assisted driving modes), up to SAE [2] Level 5 of Driving Automation (full automation with the “system” that monitors the driving environment).

The threat modeling, in conjunction with our security assessment activities (for both software and hardware), have proven an effective way to increase the security assurance of automotive technologies, architectures and products.

Download the Template

The Automotive Threat Modeling Template can be downloaded from:

https://github.com/nccgroup/The_Automoti...g_Template

Further Developments

The benefits we have gained from creating automotive threat models using our customized template have highlighted the need for new templates such as one for Internet of Things (IoT) products and technologies, which we are currently developing.


Written by Christiano Corradini
First published on 20/07/16]]> The Automotive Threat Modeling Template

Threat mitigation is an important part of the security development lifecycle (SDL) and at NCC Group we have been performing a number of threat modeling workshops focused specifically on the automotive sector.

Considering the increasing research and media attention in relation to connected cars, it is fundamental to understand the threats affecting these new emerging systems and technologies.

In order to assist with the need to secure automotive vehicles, we developed a customized template for automotive threat modeling activities, tailored to the threats affecting the cyber security posture of connected vehicles.

The Automotive Threat Modeling ™ Template was created using the Microsoft (MS) Threat Modeling Tool 2016 and therefore threat models are created using this product.

Background & Motivations: Why the template?

The STRIDE [1] approach has proved to be an effective way to highlight and categorise threats. With the goal to assist with this approach, the MS Threat Modeling Tool 2016 provides a way to use Data Flow Diagrams (DFDs) to identify threats in the design phase of any software/hardware and understand potential attacks based on the identified threats.

A threat modeling workshop for automotive-related technologies requires DFDs with custom elements, tailored threats and specific recommendations. The lack of a specific template for automotive threat modeling brought about the development of the Automotive TM Template, which takes advantage of a new feature in the MS Threat Modeling Tool 2016 that allows the creation of entirely new customised templates.

The Solution and its Features

The template permits the creation of specific automotive threat models with:
  • Processes and Data Stores related to the components of connected cars.
  • External Interactors tailored to an automotive system.
  • Data Flows that correspond to the messages exchanged over the air or inside the vehicle itself.
  • Trust Boundaries that take into consideration the environment and the vehicle-to-vehicle (V2V) networks.
  • Threat Types and Categories that follow the STRIDE classification, based on known and potential threats to the connected cars’ components.

Tailored Threat Properties including:
  • Priority, based on the risk of every threat applied in its context.
  • Attack Methods to potentially exploit the identified threats and to help further with the creation of Attack Trees.
  • Recommendations that suggest how to mitigate the threats.

The following screenshot provides a view of a sample threat model created using the template:

[Image: th-cc-11.png?resize=1024%2C452&ssl=1]
Figure 1 – Sample threat model using the Automotive TM Template

The following screenshot shows the template itself and a specific threat type that was added:
[Image: thcc2.png?resize=1024%2C306&ssl=1]
Figure 2 – View of the tailored threat types from the template editor


The Results

During a number of automotive threat modeling workshops, the template has been used to provide our clients with a view of the threats and attacks to their automotive systems.

We have created various threat models for different technologies and connected car platforms from SAE [2] Level 1 of Driving Automation (non-autonomous car with some assisted driving modes), up to SAE [2] Level 5 of Driving Automation (full automation with the “system” that monitors the driving environment).

The threat modeling, in conjunction with our security assessment activities (for both software and hardware), have proven an effective way to increase the security assurance of automotive technologies, architectures and products.

Download the Template

The Automotive Threat Modeling Template can be downloaded from:

https://github.com/nccgroup/The_Automoti...g_Template

Further Developments

The benefits we have gained from creating automotive threat models using our customized template have highlighted the need for new templates such as one for Internet of Things (IoT) products and technologies, which we are currently developing.


Written by Christiano Corradini
First published on 20/07/16]]> <![CDATA[Chapter 1 - Understanding Threat Models]]> https://hackmyride.com/forum/showthread.php?tid=414 Sat, 25 Feb 2023 04:13:25 -0600 HackMaster]]> https://hackmyride.com/forum/showthread.php?tid=414 Chapter 1 - Understanding Threat Models





.pdf   Chapter 1 - Understanding Threat Models.pdf (Size: 259.57 KB / Downloads: 14) ]]> Chapter 1 - Understanding Threat Models





.pdf   Chapter 1 - Understanding Threat Models.pdf (Size: 259.57 KB / Downloads: 14) ]]>