Towards Effective Identification and Rating of Automotive Vulnerabilities

Towards Effective Identification and Rating of Automotive Vulnerabilities

연구 분야: Strategies

학회: AutoSec '20: Proceedings of the Second ACM Workshop on Automotive and Aerial Vehicle Security

Cybersecurity is a paramount concern in automobiles since deficiencies in security controls put human lives at risk. Some security vulnerabilities are more critical than others and demand immediate attention. Therefore, it is imperative to quantify associated risks by means of rating security vulnerabilities on a scale of severity which has proven to be a useful tool for traditional IT security in comprehending the real risk associated with a vulnerability. In this paper, we present a methodology for adapting the proven CVSS scoring system to automobiles and illustrate the notion with several examples of real-world automotive security vulnerabilities. We also propose a CVV naming system, that is based on the existing CVE system by MITRE, to assign unique identifiers to these vulnerabilities which permits efficient tracking and analysis of automotive vulnerabilities.