Rule-Based Threat Analysis and Mitigation for the Automotive Domain

Cybersecurity is given a prominent role in curbing risks encountered by novel technologies, specifically the case in the automotive domain, where the possibility of cyberattacks impacts vehicle operation and safety. The potential threats must be identified and mitigated to guarantee the flawless operation of the safety-critical systems. This paper presents a novel approach to identify security vulnerabilities in automotive architectures and automatically propose mitigation strategies using rule-based reasoning. The rules, encoded in ontologies, enable establishing clear relationships in the vast combinatorial space of possible security threats and related assets, security measures, and security requirements from the relevant standards. We evaluate our approach on a mixed-criticality platform, typically used to develop Autonomous Driving (AD) features, and provide a generalized threat model that serves as a baseline for threat analysis of proprietary AD architectures.