Approach to Generic Multilevel Risk Assessment of Automotive Mobile Access Systems

Kurzfassung

Nowadays mobility companies have to deal with the digitization of analog products and services. A central scope of interest is the design of mobile access systems, intended to replace the physical key. However, these systems do not only involve new use cases but also risks that place safety and security issues in the foreground of the system design. To ensure protection against safety and security risks, a procedure that allows multilevel system evaluation is necessary. Practical experience in risk assessment (SRA) shows field-specific approaches widely used. In order to facilitate an embedded safe and secure system design, this paper introduces a generic assessment method, which considers different system configurations and multilevel safety and security risks. Within this procedure, previously identified technical requirements are mapped in a Morphological Box (MB) to describe the configuration space (CS) of the system. In order to evaluate the system, use cases and sequences as well as misuse cases are mapped using UML. Identified threats and attack paths are transferred into fault and attack trees. The results of the fault tree analysis (FTA) and attack tree analysis (ATA) allows the definition of security requirements. Additionally, the process reveals non-standard scenarios that demand further detailed analysis. The proposed approach is applied to the example of an automotive mobile access system.