Automotive Security Analyzer for Exploitability Risks: An Automated and Attack Graph-Based Evaluation of On-Board Networks

Our lives depend on automotive cybersecurity, protecting us inside and near vehicles. If vehicles go rogue, they can operate against the driver’s will and potentially drive off a cliff or into a crowd. The “Automotive Security Analyzer for Exploitability Risks” (AutoSAlfER) evaluates the exploitability risks of automotive on-board networks by attack graphs. AutoSAlfER’s Multi-Path Attack Graph algorithm is 40 to 200 times smaller in RAM and 200 to 5 000 times faster than a comparable implementation using Bayesian networks, and the Single-Path Attack Graph algorithm constructs the most reasonable attack path per asset with a computational, asymptotic complexity of only O(n * log(n)), instead of O(n²). AutoSAlfER runs on a self-written graph database, heuristics, pruning, and homogenized Gaussian distributions and boosts people’s productivity for a more sustainable and secure automotive on-board network. Ultimately, we enjoy more safety and security in and around autonomous, connected, electrified, and shared vehicles.