Automotive2Cloud
Background
What are we building:
- Library of attack paths/trees tailored to Cloud Services for Connected and Automated Vehicles (CAV) and mapped to specific damage scenarios.
- Attack paths consistent with inputs required for threat analysis and risk assessment process and in line with ISO/SAE Work Product (WP)-15-05
- Attack paths developed in machine-readable format for potential use in attack simulations; aligned with MITRE attack flow notation.
- Integration of attack path analysis into threat analysis and risk assessment package
- Attack paths developed based on (1) review of known exploits and (2) theoretical exploits
Attack flows will be bundled into various attack categories. Categories include:
- Attacks Against Command and Control. For example, unauthorized access to vehicle control systems through cloud interfaces.
- Attacks Against Software Updates
- Attacks Against Data Security
- Attacks Against Credential Management
- Attacks Against Service Availability
- Attacks Against Interface/API Security
- Attacks Against Cloud Infrastructure