Threat ID
| Context
| Cybersecurity requirement
|
001 | Nonstandard threat to describe user specific condition | Asset: tbd
Damage Scenario:
tbd Description: tbd Justification: tbd |
002
| Nonstandard threat to describe user specific conditions | tbd
|
003
| Spoofing of Source Data Store Application | Asset: call from application to CAL Damage scenario:
Wrong calling or wrong execution from application
Justification:
using a standard authentication mechanism to identify the source data store. Real Practise: CAL Basic cryptography can be in support, Hash plus MAC can be in effect
|
004
| Potential Data Repudiation by CAL | Asset: Received data from application to CAL
Damage scenario:
CAL claims that it did not receive data from a source outside the trust boundary. Justification:
Consider using logging or auditing to record the source, time, and summary of the received data. Using SymEncryptService or timer add up in the message for counter/ |
005
| Weak Access Control for a Resourc | Asset: Application data
Damage scenario: Improper data protection of Application can allow an attacker to read information not intended for disclosure. Justification: Review authorization settings. Best practise:
Access right whitelist application
|
006
| Potential Process Crash or Stop for CAL | Asset: CAL availability Damage scenario: CAL crashes, halts, stops or runs slowly; Justification: AutoSAR shall send out diagnosis trouble code and reset, record abnormal behavior logs if CAL suffer from damage scenarios |
007
| Data Flow Call Is Potentially Interrupted | Asset: Accessibility of data stored in the trust boundary around CAL Damage scenario: Unavailability of access to data near CAL |
008
| Data Store Inaccessible | Asset: Accessibility of data stored in the trust boundary around CAL Damage scenario: Unavailability of access to data near CA Justification:
Authorization mechanism based on assymmetric cryptography |
009
| CAL May be Subject to Elevation of Privilege Using Remote Code Execution | Asset: Code in CAL
Damage scenario: Unauthorization right access to CAL data Justification:
Visit access right authentication mechanism urgently needed
|
010
| Elevation by Changing the Execution Flow in CA | Asset: Code in CAL
Damage scenario: Unauthorization right access to CAL data Justification:
Visit access right authentication mechanism urgently neede |
011
| Spoofing of Source Data Store CSM | Asset: Data storing in CSM
Damage Scenario: Erroneous data sent to SHE driver from CSM
Justification:
Secoc will be used to authenticate messages, or key + MAC will be used ensuring communication
|
012
| Spoofing of Destination Data Store SHE Drive | Not Applicable |
013
| Data Store Denies SHE Driver Potentially Writing Data | Not Applicable
|
014
| Data Flow Communication Is Potentially Interrupted | Not Applicable |
015
| Data Store Inaccessible | Not Applicable |
016
| Data Store Inaccessible | Asset: data store in CSM
Damage scenario:
Service halt, application cannot access CSM
Justification:
Sending diagnostic trouble code and reset
|
017
| Data Flow Interlink Is Potentially Interrupted | Asset: Data in interlink Damage scenario: Erroneous links or messages between application and CSM Justification: Key and MAC can be used to authenticate the message
|
018
| Data Store Denies Application Potentially Writing Data | Asset: data in application Damage scenario: Application denies writing data Justification: Consider using logging or auditing to record the source, time, and summary of the received data. |
019
| Spoofing of Destination Data Store Application | Asset: data writing to destination application modules
Damage scenario: Undesired destination for data writing Justification: Standard authentication mechanisms to identify the writing destination, based on storing ID
|
020
| Spoofing of Source Data Store CSM | Asset: CSM Damage scenario: Erroneous CSM data to application Justification: Consider using a standard authentication mechanism to identify the source data store. MAC and symmetric key used |
021 | Nonstandard threat to describe user specific conditions | tbd
|
022
| Spoofing of Source Data Store SHE Driver | SHE driver no such threat
|
023
| Spoofing of Destination Data Store SHE | SHE using the authentication mechanism enough for this threat
|
024
| Data Store Denies SHE Potentially Writing Data | Asset: SHE damage scenario: SHE claims that it did not write data received from an entity on the other side of the trust boundary Justification: Consider using logging or auditing to record the source, time, and summary of the received data. |
025
| Data Flow Triggering signal Is Potentially Interrupted | Asset: triggering signals Damage scenario: An external agent interrupts data flowing across a trust boundary in either direction. Justification: logging, DTC sent out, and then reset or stop the operating for checking
|
026
| Data Store Inaccessible | Asset: SHE data Damage: An external agent prevents access to a data store on the other side of the trust boundary in SHE SHE: HSM or SHE needed
|
|
|
|
