An Attack Tree is a threat analysis tool that assists in measures to protect autonomous vehicles from threats such as hacking.
With the increasing interest in autonomous driving, the complexity of onboard systems is expected to rise, necessitating not only safety requirements but also security assessments. In Europe, security evaluations are already being conducted in parallel with safety assessments, and the attack tree method exists as a means to carry out security evaluations.
The security threat analysis tool Attack Tree provided by Isograph Ltd. (UK) is designed to assist in assessing security vulnerabilities in software. For example, the following representations are possible:
- Visual representation of how an attack can succeed
- Representation of which attacks have the highest likelihood of success using probability distributions
Furthermore, it is also possible to express indicators such as:
- The method that has the lowest cost and highest probability of success for an attacker
- The difficulty of executing the attack and whether special equipment is required
Security assessment is a factor directly related to the safety of vehicles. By referencing the probabilities of threats identified using the Attack Tree within the functional safety Fault Tree, it becomes possible to conduct evaluations that consider both safety and threats.
