Events

27.09.2017

VDI Automotive Security | Nürtingen

September 27th – 28th K3N – City Hall Nürtingen, Lecture “The Valley of Tears According to Risk Analysis: An Overview of the Security Kit” and “Divide&Conquer: More Efficiency and a Better Overview of Risk Analysis”

Come listen to our lecture at the VDI Automotive Security in Nürtingen regarding the topic “The Valley of Tears According to Risk Analysis: An Overview of the Security kit” and “Divide&Conquer: More Efficiency and a Better Overview of Risk Analysis”

The Valley of Tears According to Risk Analysis: An Overview of the Security Kit

On their way to architectures and protocols that ensure an appropriate level of security, the risks that have been determined by risk analysis must be processed with suitable security measures. These measurements start mostly at the weak points that are the reason for the risk. In our presentation, “The Valley of Tears According to Risk Analysis: An Overview of the Security Kit,” a taxonomy on the localization of weak points and security measurements will be presented and concrete measurements ordered within that. The taxonomy produces the relationship between weak points and measurements and therefore it can be used by security engineers in the development of security concepts as well as for a basis of decision-making in management.

Divide&Conquer: More Efficiency and a Better Overview of Risk Analysis

For the development of a security concept that should ensure an adequate level of security, a threat and risk analysis would firstly be created as a usual basis for adequate security requirements of a system architecture as well as applied communications protocols. In the automobile industry, analysis methods are currently established that differ in detail, but often still follow similar approaches. With one of these approaches – on the basis of the use case to defined and imaginable attacker types - potential risks are identified and rated. You experience in our presentation how, through an approach centered on attacker abilities, a modularization of risk analyses is made possible. Along with that, factors are first analyzed that are considered within the established methods and which lead to no existing ability for modularization of analyses. Finally, an approach is presented that, instead of focusing on attacker types and their motivation, focuses on attacker abilities and produces efficient, application-independent, and reusable partial results.

The convention VDI Automotive Security makes modern requirements of data protection and IT security in the vehicle the theme and puts the question of how automobile manufacturers can meet their clients demands with compliance to legal and technical circumstances.

We look forward to seeing you!