2017年12月15日
脅威モデリング連携型アタックテストによる車載ネットワーク脅威分析手法
情報処理学会論文誌
- ,
- ,
- 巻
- 58
- 号
- 12
- 開始ページ
- 1943
- 終了ページ
- 1953
- 記述言語
- 日本語
- 掲載種別
- 研究論文(学術雑誌)
自動車のハッキング事例が国内外で報告される等,車載システムの情報セキュリティの確保が重要な課題となっている.その課題の解決のためには,車載システムに存在する脅威を明らかにし,システムの堅牢性を検証するセキュリティテストが必要となってくる.セキュリティテストでは,脅威分析から導出したアタックサーフェスに基づいたテストが行われることが多く,その作業要素には脅威モデリングとアタックテストという要素が存在する.しかしながら,脅威モデリングとアタックテストは一連の流れで行われるにもかかわらず,従来研究では独立して議論されるケースが見受けられる.本論文では,脅威モデリングとアタックテストを連携させた脅威モデリング連携型アタックテストを提案し,車載システム,特に車載ネットワークの脅威を分析する手法について述べる.本手法の利用ケースは,自動車メーカからアタックテストを依頼された技術者が,依頼元に車載ネットワークの脅威をレポートするまでを想定しており,依頼元メーカにとって提案手法が有効であることを示す.有効性の検証は,一般に行われる脅威分析からアタックテストまでの手順の流れの中で,どの手順に有効かという点で示す.また,技術者が脅威モデリングを行うことなくアタックテストを実施した場合と比較した考察も同時に行う.最終的に,提案手法を用いることで依頼元メーカにとってより有用なレポートを提供できること,脅威モデリングを行わない技術者のアタックテスト結果と同等もしくはそれ以上のアタックテストの効率を維持できること,加えて技術者同士で脅威を共有できるようなテスト手法となることを示す.
Recently, several incidents of car hacking have been reported worldwide. Therefore, it is important to ensure automotive system security. To ensure the integrity of these systems, we need to identify the system threats and to examine security testing to verify the system's robustness. Testing based on an attack surface derived from a threat analysis is generally used in security testing process. This process is characterized by two factors, threat modeling and attack testing. A series of these factors is employed in security testing; however, in past studies, the survey of both threat modeling and attack testing is independent. In this paper, we propose an attack testing method coupled with threat modeling and show the application of our method in automotive network threat analysis. The use case of our method is in an attack testing phase examined by attack testers. Further, in this case, they have to report the attack testing results. We show the effectiveness of our method in the phases between threat analysis and attack testing. Furthermore, we evaluate our method quantitatively using a new metric called attack testing efficiency. Finally, we show that attack testers can provide stakeholders with useful reports about automotive network threats by using our method, and they can perform attack testing as efficiently as an expert attack tester. We can share our results with any attack testing engineers.
Recently, several incidents of car hacking have been reported worldwide. Therefore, it is important to ensure automotive system security. To ensure the integrity of these systems, we need to identify the system threats and to examine security testing to verify the system's robustness. Testing based on an attack surface derived from a threat analysis is generally used in security testing process. This process is characterized by two factors, threat modeling and attack testing. A series of these factors is employed in security testing; however, in past studies, the survey of both threat modeling and attack testing is independent. In this paper, we propose an attack testing method coupled with threat modeling and show the application of our method in automotive network threat analysis. The use case of our method is in an attack testing phase examined by attack testers. Further, in this case, they have to report the attack testing results. We show the effectiveness of our method in the phases between threat analysis and attack testing. Furthermore, we evaluate our method quantitatively using a new metric called attack testing efficiency. Finally, we show that attack testers can provide stakeholders with useful reports about automotive network threats by using our method, and they can perform attack testing as efficiently as an expert attack tester. We can share our results with any attack testing engineers.
- リンク情報
- ID情報
-
- ISSN : 1882-7764
- CiNii Articles ID : 170000149116
- CiNii Books ID : AN00116647
- CiNii Research ID : 1050282812885230976