Table 9.
Overview of TARA methods in automotive domain.
| Method | Brief Description | Application Scope | Threat Model | Co-Analysis |
|---|---|---|---|---|
| EVITA [59] | A method in the E-safety Vehicle Intrusion Protected Applications (EVITA) project which provides four evaluation dimensions: safety, privacy, financial, and operational. | Vehicular IT systems |
Attack tree | Yes |
| HEAVENS [60] | A method in the HEAling vulnerabilities to enhance software (HEAVENS) project, which provides a complete evaluation process to propose a systematic approach so that cybersecurity requirements for automotive electrical and electronic systems can be obtained | Automotive Electrical and electronic systems |
STRIDE | Yes |
| FMVEA [61] | FMVEA (Failure Mode, Vulnerabilities and Effects Analysis) extends the FMEA approach with security threat models | Automotive cyber-physical systems | STRIDE | Yes |
| SAHARA [62] | SAHARA (security-aware hazard analysis and risk assessment) is a method that combines HARA in functional safety and STRIDE threat models | Automotive embedded systems | STRIDE | Yes |
| SARA [63] | SARA is a systematic TARA framework that includes improved threat models, asset maps, new attack methods, attacker participation in the attack tree, and new driving system metrics | Automated driving system | STRIDELC, Attack tree, Attack map |
Yes |
| CHASSIS [64] | CHASSIS (Combined harm assessment of safety and security) is a safety and security co-analysis method for information systems based on HAZOP guidewords | Automotive cyber-physical systems | HAZOP | Yes |
| TVRA [65] | TVRA (Threat, Vulnerabilities, and implementation Risks Analysis) is a process-driven threat analysis and risk assessment method proposed by the European Telecommunications Standards Institute (ETSI) | Automotive data/telecommunications networks | Threat tree | No |
| SINA [66] | SINA (Security in Networked Automotive) is a method to identify security issues for Connected automotive systems | Connected automotive systems | STRIDE, Attack tree |
Yes |
| SGM [67] | SGM (Security Guideword Method) is a safety analysis method using security guide words | Automotive embedded systems | SGM, Attack Tree |
Yes |
STRIDE(LC) = Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (Linkability, Confusion).