{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T21:14:10Z","timestamp":1780089250989,"version":"3.54.0"},"reference-count":78,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2024,3,14]],"date-time":"2024-03-14T00:00:00Z","timestamp":1710374400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"SecForCARs-SAVE","award":["16KIS0796"],"award-info":[{"award-number":["16KIS0796"]}]},{"name":"German Ministry of Education and Research"},{"name":"GT\u00dc Gesellschaft f\u00fcr technische \u00dcberwachung mbH in Stuttgart, Germany"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2024,5,31]]},"abstract":"<jats:p>Modern vehicles increasingly rely on electronics, software, and communication technologies (cyber space) to perform their driving task. Over-The-Air (OTA) connectivity further extends the cyber space by creating remote access entry points. Accordingly, the vehicle is exposed to security attacks that are able to impact road safety. A profound understanding of security attacks, vulnerabilities, and mitigations is necessary to protect vehicles against cyber threats. While automotive threat descriptions, such as in UN R155, are still abstract, this creates a risk that potential vulnerabilities are overlooked and the vehicle is not secured against them. So far, there is no common understanding of the relationship of automotive attacks, the concrete vulnerabilities they exploit, and security mechanisms that would protect the system against these attacks. In this article, we aim at closing this gap by creating a mapping between UN R155, Microsoft STRIDE classification, Common Attack Pattern Enumeration and Classification (CAPEC), and Common Weakness Enumeration (CWE). In this way, already existing detailed knowledge of attacks, vulnerabilities, and mitigations is combined and linked to the automotive domain. In practice, this refines the list of UN R155 threats and therefore supports vehicle manufacturers, suppliers, and approval authorities to meet and assess the requirements for vehicle development in terms of cybersecurity. Overall, 204 mappings between UN threats, STRIDE, CAPEC attack patterns, and CWE weaknesses were created. We validated these mappings by applying our Automotive Attack Database (AAD) that consists of 361 real-world attacks on vehicles. Furthermore, 25 additional attack patterns were defined based on automotive-related attacks.<\/jats:p>","DOI":"10.1145\/3644075","type":"journal-article","created":{"date-parts":[[2024,2,5]],"date-time":"2024-02-05T12:25:07Z","timestamp":1707135907000},"page":"1-34","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":13,"title":["Combining Cyber Security Intelligence to Refine Automotive Cyber Threats"],"prefix":"10.1145","volume":"27","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4009-7164","authenticated-orcid":false,"given":"Florian","family":"Sommer","sequence":"first","affiliation":[{"name":"Karlsruhe University of Applied Sciences, Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9991-8388","authenticated-orcid":false,"given":"Mona","family":"Gierl","sequence":"additional","affiliation":[{"name":"Karlsruhe University of Applied Sciences, Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8599-5999","authenticated-orcid":false,"given":"Reiner","family":"Kriesten","sequence":"additional","affiliation":[{"name":"Karlsruhe University of Applied Sciences, Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3800-8369","authenticated-orcid":false,"given":"Frank","family":"Kargl","sequence":"additional","affiliation":[{"name":"Ulm University, Ulm, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2567-2340","authenticated-orcid":false,"given":"Eric","family":"Sax","sequence":"additional","affiliation":[{"name":"Karlsruhe Institute of Technology, Karlsruhe, Germany"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2024,3,14]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"Amer Aijaz Bernd Bochow Florian D\u00f6tzer Andreas Festag Matthias Gerlach Rainer Kroh and Tim Leinm\u00fcller. 2006. Attacks on inter vehicle communication systems\u2014An analysis. In Proceedings of the 3rd International Workshop on Intelligent Transportation (WIT\u201906). 189\u2013194."},{"issue":"1","key":"e_1_3_1_3_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3431233","article-title":"Cyberattacks and countermeasures for in-vehicle networks","volume":"54","author":"Aliwa Emad","year":"2021","unstructured":"Emad Aliwa, Omer Rana, Charith Perera, and Peter Burnap. 2021. Cyberattacks and countermeasures for in-vehicle networks. ACM Computing Surveys 54, 1 (2021), 1\u201337.","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_1_4_2","doi-asserted-by":"crossref","first-page":"705","DOI":"10.1007\/978-981-16-5689-7_63","volume-title":"Advances in Data and Information Sciences","author":"Ansari Adeeb Mansoor","year":"2022","unstructured":"Adeeb Mansoor Ansari and Mohammed Nazir. 2022. Risk assessment of security vulnerabilities in smart home using CAPEC and defensive goals. In Advances in Data and Information Sciences. Springer, 705\u2013722."},{"key":"e_1_3_1_5_2","unstructured":"AO Kaspersky Lab.2019. On the IoT Road: Perks Benefits and Security of Moving Smartly. Retrieved February 14 2024 from https:\/\/securelist.com\/on-the-iot-road\/91833\/"},{"key":"e_1_3_1_6_2","unstructured":"Harold Booth Doug Rike and Gregory Witte. 2013. The National Vulnerability Database (NVD): Overview. Retrieved February 14 2024 from https:\/\/www.nist.gov\/publications\/national-vulnerability-database-nvd-overview"},{"key":"e_1_3_1_7_2","unstructured":"Thomas Brewster. 2014. Zubie: This Car Safety Tool \u2018Could Have Given Hackers Control Of Your Vehicle.\u2019 Retrieved February 14 2024 from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2014\/11\/07\/car-safety-tool-could-have-given-hackers-control-of-your-vehicle\/#4986296f1481"},{"key":"e_1_3_1_8_2","unstructured":"Ondrej Burkacky Johannes Deichmann Benjamin Klein Klaus Pototzky and Gundbert Scherf. 2020. Cybersecurity in Automotive: Mastering the Challenge. Retrieved February 14 2024 from https:\/\/www.mckinsey.com\/industries\/automotive-and-assembly\/our-insights\/cybersecurity-in-automotive-mastering-the-challenge"},{"key":"e_1_3_1_9_2","volume-title":"Proceedings of the 20th USENIX Security Symposium","author":"Checkoway Stephen","year":"2011","unstructured":"Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium."},{"key":"e_1_3_1_10_2","doi-asserted-by":"crossref","first-page":"207308","DOI":"10.1109\/ACCESS.2020.3037705","article-title":"Attacks on self-driving cars and their countermeasures: A survey","volume":"8","author":"Chowdhury Abdullahi","year":"2020","unstructured":"Abdullahi Chowdhury, Gour Karmakar, Joarder Kamruzzaman, Alireza Jolfaei, and Rajkumar Das. 2020. Attacks on self-driving cars and their countermeasures: A survey. IEEE Access 8 (2020), 207308\u2013207342.","journal-title":"IEEE Access"},{"key":"e_1_3_1_11_2","unstructured":"Catalin Cimpanu. 2015. Cars Exposed to Hacking Inside Car Dealerships. Retrieved February 14 2024 from https:\/\/news.softpedia.com\/news\/cars-exposed-to-hacking-inside-car-dealerships-493572.shtml"},{"key":"e_1_3_1_12_2","article-title":"Tesla car hacked at Pwn2Own contest","author":"Cimpanu Catalin","year":"2019","unstructured":"Catalin Cimpanu. 2019. Tesla car hacked at Pwn2Own contest. ZDNet. Retrieved February 14, 2024 from https:\/\/www.zdnet.com\/article\/tesla-car-hacked-at-pwn2own-contest\/","journal-title":"ZDNet."},{"key":"e_1_3_1_13_2","unstructured":"Computest. 2018. The Connected Car\u2014Ways to Get Unauthorized Access and Potential Implications. Retrieved February 14 2024 from https:\/\/www.computest.nl\/documents\/9\/The_Connected_Car._Research_Rapport_Computest_april_2018.pdf"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/MCOMSTD.0001.2100080"},{"key":"e_1_3_1_15_2","first-page":"1","volume-title":"Proceedings of the 2018 IEEE 87th Vehicular Technology Conference (VTC Spring\u201918)","author":"Costantino Gianpiero","year":"2018","unstructured":"Gianpiero Costantino, Antonio La Marra, Fabio Martinelli, and Ilaria Matteucci. 2018. CANDY: A social engineering attack to leak information from infotainment system. In Proceedings of the 2018 IEEE 87th Vehicular Technology Conference (VTC Spring\u201918). 1\u20135."},{"key":"e_1_3_1_16_2","unstructured":"Sam Curry. 2019. Cracking My Windshield and Earning 10 000 on the Tesla Bug Bounty Program. Retrieved February 14 2024 from https:\/\/samcurry.net\/cracking-my-windshield-and-earning-10000-on-the-tesla-bug-bounty-program\/"},{"key":"e_1_3_1_17_2","doi-asserted-by":"crossref","unstructured":"Cybersecurity and Infrastructure Security Agency. 2017. ICS Advisory (ICSA-17-208-01): Continental AG Infineon S-Gold 2 (PMB 8876). Retrieved February 14 2024 from https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/ICSA-17-208-01","DOI":"10.70315\/uloap.ulmdi.2024.0101003"},{"key":"e_1_3_1_18_2","doi-asserted-by":"crossref","first-page":"660","DOI":"10.1145\/3359789.3359847","volume-title":"Proceedings of the 35th Annual Computer Security Applications Conference","author":"Dash Pritam","year":"2019","unstructured":"Pritam Dash, Mehdi Karimibiuki, and Karthik Pattabiraman. 2019. Out of control: Stealthy attacks against robotic vehicles protected by control-based techniques. In Proceedings of the 35th Annual Computer Security Applications Conference. 660\u2013672."},{"key":"e_1_3_1_19_2","unstructured":"Matt de Prez. 2018. Dark Web Identity Theft Used to Steal Accident Replacement Hire Cars. Retrieved February 14 2024 from https:\/\/www.fleetnews.co.uk\/news\/car-industry-news\/2018\/09\/06\/dark-web-identity-theft-used-to-steal-accident-replacement-hire-cars?utm_source=Adestra&utm_term=&utm_content=Dark+web+identity+theft+used"},{"key":"e_1_3_1_20_2","unstructured":"Nitesh Dhanjani. 2014. Cursory Evaluation of the Tesla Model S: We Can\u2019t Protect Our Cars Like We Protect Our Workstations. Retrieved February 14 2024 from https:\/\/www.dhanjani.com\/blog\/2014\/03\/curosry-evaluation-of-the-tesla-model-s-we-cant-protect-our-cars-like-we-protect-our-workstations.html"},{"key":"e_1_3_1_21_2","unstructured":"Evan R. Sparks and Sean W. Smith. 2007. A Security Assessment of Trusted Platform Modules. Retrieved February 14 2024 from https:\/\/digitalcommons.dartmouth.edu\/cgi\/viewcontent.cgi?article=1052&context=senior_theses"},{"key":"e_1_3_1_22_2","article-title":"Hackers can steal a Tesla model S in seconds by cloning its key fob","author":"Greenberg Andy","year":"2018","unstructured":"Andy Greenberg. 2018. Hackers can steal a Tesla model S in seconds by cloning its key fob. WIRED. Retrieved February 14, 2024 from https:\/\/www.wired.com\/story\/hackers-steal-tesla-model-s-seconds-key-fob\/","journal-title":"WIRED."},{"key":"e_1_3_1_23_2","doi-asserted-by":"crossref","first-page":"1118","DOI":"10.1109\/MILCOM.2002.1179634","volume-title":"Proceedings of MILCOM 2002","author":"Gupta Vikram","year":"2002","unstructured":"Vikram Gupta, Srikanth Krishnamurthy, and Michalis Faloutsos. 2002. Denial of service attacks at the MAC layer in wireless ad hoc networks. In Proceedings of MILCOM 2002. IEEE, 1118\u20131123. 10.1109\/MILCOM.2002.1179634"},{"key":"e_1_3_1_24_2","doi-asserted-by":"crossref","first-page":"150","DOI":"10.23919\/FRUCT52173.2021.9435453","volume-title":"Proceedings of the 2021 29th Conference of the Open Innovations Association (FRUCT\u201921)","author":"Honkaranta Anne","year":"2021","unstructured":"Anne Honkaranta, Tiina Lepp\u00e4nen, and Andrei Costin. 2021. Towards practical cybersecurity mapping of stride and CWE\u2014A multi-perspective approach. In Proceedings of the 2021 29th Conference of the Open Innovations Association (FRUCT\u201921). 150\u2013159."},{"key":"e_1_3_1_25_2","first-page":"1","volume-title":"Proceedings of the 2018 15th IEEE Annual Consumer Communications and Networking Conference (CCNC\u201918)","author":"Iehira Kazuki","year":"2018","unstructured":"Kazuki Iehira, Hiroyuki Inoue, and Kenji Ishida. 2018. Spoofing attack using bus-off attacks against a specific ECU of the CAN bus. In Proceedings of the 2018 15th IEEE Annual Consumer Communications and Networking Conference (CCNC\u201918). 1\u20134."},{"key":"e_1_3_1_26_2","article-title":"Zingbox identifies cybersecurity threat for cars and drivers; reveals SMS-commanded malware infection to car \u2018infotainment\u2019 system","author":"Innovator IoT","year":"2018","unstructured":"IoT Innovator. 2018. Zingbox identifies cybersecurity threat for cars and drivers; reveals SMS-commanded malware infection to car \u2018infotainment\u2019 system. IoT Innovator. Retrieved February 14, 2024 from https:\/\/www.iotinnovator.com\/zingbox-identifies-cybersecurity-threat-for-cars-and-drivers-reveals-sms-commanded-malware-infection-to-car-infotainment-system\/","journal-title":"IoT Innovator."},{"key":"e_1_3_1_27_2","unstructured":"ISO. 2006. ISO 14229:2006: Road Vehicles\u2014Unified Diagnostic Services (UDS)\u2014Specification and Requirements. ISO."},{"key":"e_1_3_1_28_2","unstructured":"ISO. 2018. ISO. 2018. ISO 26262-1:2018: Road Vehicles\u2014Functional Safety: Part 1: Vocabulary. ISO."},{"key":"e_1_3_1_29_2","unstructured":"ISO. 2021. ISO\/SAE 21434:2021: Road Vehicles\u2014Cybersecurity Engineering. ISO"},{"key":"e_1_3_1_30_2","unstructured":"Keen Security Lab. 2017. Experimental Security Assessment of BMW Cars: A Summary Report. Retrieved February 14 2024 from https:\/\/keenlab.tencent.com\/en\/whitepapers\/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf"},{"key":"e_1_3_1_31_2","unstructured":"Keen Security Lab. 2019. Experimental Security Research of Tesla Autopilot. Retrieved February 14 2024 from https:\/\/keenlab.tencent.com\/en\/whitepapers\/Experimental_Security_Research_of_Tesla_Autopilot.pdf"},{"key":"e_1_3_1_32_2","unstructured":"Keen Security Lab. 2020. Exploiting Wi-Fi Stack on Tesla Model S. Retrieved February 14 2024 from https:\/\/keenlab.tencent.com\/en\/2020\/01\/02\/exploiting-wifi-stack-on-tesla-model-s\/"},{"key":"e_1_3_1_33_2","unstructured":"Loren Kohnfelder and Praerit Garg. 2009. The STRIDE Threat Model. Retrieved February 14 2024 from https:\/\/docs.microsoft.com\/en-us\/previous-versions\/commerce-server\/ee823878(v=cs.20)"},{"key":"e_1_3_1_34_2","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1109\/SP.2010.34","volume-title":"Proceedings of the 2010 IEEE Symposium on Security and Privacy","author":"Koscher Karl","year":"2010","unstructured":"Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, and Stefan Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the 2010 IEEE Symposium on Security and Privacy. IEEE, 447\u2013462. 10.1109\/SP.2010.34"},{"key":"e_1_3_1_35_2","unstructured":"John Leyden. 2018. Connected car data handover headache: There\u2019s no quick fix . . . and it\u2019s NOT just Land Rovers. The Register. Retrieved February 14 2024 from https:\/\/www.theregister.com\/2018\/08\/21\/connected_car_data_handover_mess\/"},{"key":"e_1_3_1_36_2","article-title":"Shock Land Rover discovery: Sellers could meddle with connected cars if not unbound","author":"Leyden John","year":"2018","unstructured":"John Leyden. 2018. Shock Land Rover discovery: Sellers could meddle with connected cars if not unbound. The Register. Retrieved February 14, 2024 from https:\/\/www.theregister.com\/2018\/07\/27\/jaguar_land_rover_connected_car_privacy\/","journal-title":"The Register."},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/1263820"},{"key":"e_1_3_1_38_2","series-title":"Springer eBook Collection","doi-asserted-by":"crossref","first-page":"123","DOI":"10.1007\/978-3-030-55583-2_9","volume-title":"Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops","author":"Macher Georg","year":"2020","unstructured":"Georg Macher, Christoph Schmittner, Omar Veledar, and Eugen Brenner. 2020. ISO\/SAE DIS 21434 automotive cybersecurity standard\u2014In a nutshell. In Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops, Ant\u00f3nio Casimiro, Frank Ortmeier, Erwin Schoitsch, Friedemann Bitsch, and Pedro Ferreira (Eds.). Springer eBook Collection, Vol. 12235. Springer International Publishing, Cham, 123\u2013135. 10.1007\/978-3-030-55583-2_9"},{"key":"e_1_3_1_39_2","unstructured":"Kevin Mahaffey. 2015. Hacking a Tesla Model S: What We Found and What We Learned. Retrieved February 14 2024 from https:\/\/blog.lookout.com\/hacking-a-tesla"},{"key":"e_1_3_1_40_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-12157-0_16"},{"key":"e_1_3_1_41_2","first-page":"260","article-title":"Adventures in automotive networks and control units","volume":"21","author":"Miller Charlie","year":"2013","unstructured":"Charlie Miller and Chris Valasek. 2013. Adventures in automotive networks and control units. DEF CON 21 (2013), 260\u2013264.","journal-title":"DEF CON"},{"key":"e_1_3_1_42_2","unstructured":"Charlie Miller and Chris Valasek. 2014. A survey of remote automotive attack surfaces. In Proceedings of the 2014 Black Hat USA Conference."},{"key":"e_1_3_1_43_2","unstructured":"Charlie Miller and Chris Valasek. 2015. Remote exploitation of an unaltered passenger vehicle. In Proceedings of the 2015 Black Hat USA Conference."},{"key":"e_1_3_1_44_2","unstructured":"Charlie Miller and Chris Valasek. 2016. CAN Message Injection. Retrieved February 14 2024 from https:\/\/dl.packetstormsecurity.net\/papers\/attack\/remote-attack-surfaces.pdf"},{"key":"e_1_3_1_45_2","unstructured":"Ashcon Mohseninia. 2019. Made My Old Merc Put on a Small Lights Show Using an Arduino. Retrieved February 14 2024 from https:\/\/github.com\/rnd-ash\/W203-canbus"},{"key":"e_1_3_1_46_2","unstructured":"Victor Murray. 2019. Legal GNSS spoofing and its effects on autonomous vehicles. In Proceedings of the 2019 Black Hat USA Conference."},{"key":"e_1_3_1_47_2","unstructured":"National Vulnerability Database. 2019. CVE-2019-14951. Retrieved February 14 2024 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-14951"},{"key":"e_1_3_1_48_2","unstructured":"Alfred Ng. 2019. Smart alarms left 3 million cars vulnerable to hackers who could turn off motors. CNET. Retrieved February 14 2024 from https:\/\/www.cnet.com\/news\/privacy\/smart-alarms-left-3m-cars-vulnerable-to-hackers-who-could-turn-off-motors\/"},{"key":"e_1_3_1_49_2","unstructured":"Sen Nie Ling Liu Yuefeng Du and Wenkai Zhang. 2018. Over-the-Air: How we remotely compromised the gateway BCM and autopilot ECUs of Tesla cars. In Proceedings of the 2018 Black Hat USA Conference."},{"key":"e_1_3_1_50_2","first-page":"1","volume-title":"Proceedings of the 2019 IEEE\/ACS 16th International Conference on Computer Systems and Applications (AICCSA\u201919)","author":"Ouchani Samir","year":"2019","unstructured":"Samir Ouchani and Abdelaziz Khaled. 2019. A meta language for cyber-physical systems and threats: Application on autonomous vehicle. In Proceedings of the 2019 IEEE\/ACS 16th International Conference on Computer Systems and Applications (AICCSA\u201919). 1\u20138."},{"key":"e_1_3_1_51_2","doi-asserted-by":"crossref","first-page":"506","DOI":"10.1145\/3052973.3053009","volume-title":"Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security","author":"Papernot Nicolas","year":"2017","unstructured":"Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 506\u2013519. 10.1145\/3052973.3053009"},{"key":"e_1_3_1_52_2","doi-asserted-by":"crossref","DOI":"10.1016\/j.csi.2021.103539","article-title":"A taxonomy of attack mechanisms in the automotive domain","author":"Pekaric Irdin","year":"2021","unstructured":"Irdin Pekaric, Clemens Sauerwein, Stefan Haselwanter, and Michael Felderer. 2021. A taxonomy of attack mechanisms in the automotive domain. Computer Standards & Interfaces 78 (2021), 103539.","journal-title":"Computer Standards & Interfaces"},{"key":"e_1_3_1_53_2","unstructured":"Jonathan Petit Bas Stottelaar Michael Feiri and Frank Kargl. 2015. Remote attacks on automated vehicles sensors: Experiments on camera and LiDAR. In Proceedings of the 2015 Black Hat Europe Conference."},{"key":"e_1_3_1_54_2","doi-asserted-by":"crossref","unstructured":"Daniel Rekawek. 2019. How I hacked Volkswagen and Skoda. A story about Volkswagen Group Car Remote Hacking. Vensis Cyber Security. Retrieved February 14 2024 from https:\/\/blog.vensis.pl\/2019\/11\/vw-hacking\/","DOI":"10.1016\/S1353-4858(19)30085-6"},{"key":"e_1_3_1_55_2","first-page":"208","volume-title":"Proceedings of the 2015 IEEE International Conference on Vehicular Electronics and Safety (ICVES\u201915)","author":"Ring Martin","year":"2015","unstructured":"Martin Ring, J\u00fcrgen D\u00fcrrwang, Florian Sommer, and Reiner Kriesten. 2015. Survey on vehicular attacks\u2014Building a vulnerability database. In Proceedings of the 2015 IEEE International Conference on Vehicular Electronics and Safety (ICVES\u201915). IEEE, 208\u2013212. 10.1109\/ICVES.2015.7396919"},{"key":"e_1_3_1_56_2","unstructured":"Marc Ruef. 2018. Daimler Mercedes Me App 2.11.0-846 on iOS Certificate Pinning Information Disclosure. Retrieved February 14 2024 from https:\/\/vuldb.com\/?id.125081"},{"key":"e_1_3_1_57_2","doi-asserted-by":"crossref","first-page":"221852","DOI":"10.1109\/ACCESS.2020.3043070","article-title":"An overview of automotive service-oriented architectures and implications for security countermeasures","volume":"8","author":"Rumez Marcel","year":"2020","unstructured":"Marcel Rumez, Daniel Grimm, Reiner Kriesten, and Eric Sax. 2020. An overview of automotive service-oriented architectures and implications for security countermeasures. IEEE Access 8 (2020), 221852\u2013221870.","journal-title":"IEEE Access"},{"key":"e_1_3_1_58_2","unstructured":"Kai R\u00fcsberg. 2015. Keyless Gone: Autodiebe Tricksen Kontaktlose Schlie\u00dfsysteme aus. Retrieved February 14 2024 from https:\/\/www.heise.de\/select\/ct\/archiv\/2015\/26\/seite-80"},{"key":"e_1_3_1_59_2","unstructured":"SAE Vehicle Electrical System Security Committee. 2016. SAE J3061: Cybersecurity Guidebook for Cyber-Physical Automotive Systems. SAE."},{"key":"e_1_3_1_60_2","doi-asserted-by":"crossref","first-page":"187","DOI":"10.1007\/3-540-28428-1_11","volume-title":"Embedded Security in Cars","author":"Schramm Kai","year":"2006","unstructured":"Kai Schramm, Kerstin Lemke, and Christof Paar. 2006. Embedded cryptography: Side channel attacks. In Embedded Security in Cars. Springer, 187\u2013206."},{"key":"e_1_3_1_61_2","unstructured":"Florian Sommer and J\u00fcrgen D\u00fcrrwang. 2019. IEEM-HsKA\/AAD: Automotive Attack Database (AAD) V3.0. Retrieved February 14 2024 from https:\/\/github.com\/IEEM-HsKA\/AAD\/blob\/master\/Automotive_Attack_Database_(AAD)_V3.0.db"},{"issue":"4","key":"e_1_3_1_62_2","article-title":"Survey and classification of automotive security attacks","volume":"10","author":"Sommer Florian","year":"2019","unstructured":"Florian Sommer, J\u00fcrgen D\u00fcrrwang, and Reiner Kriesten. 2019. Survey and classification of automotive security attacks. Information 10, 4 (2019), 148.","journal-title":"Information"},{"key":"e_1_3_1_63_2","first-page":"36","volume-title":"Proceedings of the 7th International Conference on Cyber-Technologies and Cyber-Systems","author":"Sommer Florian","year":"2022","unstructured":"Florian Sommer and Reiner Kriesten. 2022. Attack path generation based on attack and penetration testing knowledge. In Proceedings of the 7th International Conference on Cyber-Technologies and Cyber-Systems. 36\u201341."},{"key":"e_1_3_1_64_2","unstructured":"Vangelis Stykas. 2018. Remote smart car hacking with just a phone. Medium. Retrieved February 14 2024 from https:\/\/medium.com\/@evstykas\/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162"},{"key":"e_1_3_1_65_2","unstructured":"Vangelis Stykas. 2019. Lojack\u2019d: Pwning smart vehicle trackers. Pen Test Partners. Retrieved February 14 2024 from https:\/\/www.pentestpartners.com\/security-blog\/lojackd-pwning-smart-vehicle-trackers\/"},{"key":"e_1_3_1_66_2","unstructured":"The MITRE Corporation. 2022. Common Attack Pattern Enumeration and Classification (CAPEC). Retrieved February 14 2024 from https:\/\/capec.mitre.org\/index.html"},{"key":"e_1_3_1_67_2","unstructured":"The MITRE Corporation. 2022. Common Weakness Enumeration (CWE). Retrieved February 14 2024 from https:\/\/cwe.mitre.org\/"},{"key":"e_1_3_1_68_2","unstructured":"The MITRE Corporation. 2022. MITRE ATT&CK\u00ae. Retrieved February 14 2024 from https:\/\/attack.mitre.org\/"},{"key":"e_1_3_1_69_2","first-page":"164","volume-title":"Proceedings of the 2016 IEEE International Conference on Internet of Things (iThings), IEEE Green Computing and Communications (GreenCom), IEEE Cyber, Physical, and Social Computing (CPSCom), and IEEE Smart Data (SmartData)","author":"Thing Vrizlynn L. L.","year":"2016","unstructured":"Vrizlynn L. L. Thing and Jiaxi Wu. 2016. Autonomous vehicle security: A taxonomy of attacks and defences. In Proceedings of the 2016 IEEE International Conference on Internet of Things (iThings), IEEE Green Computing and Communications (GreenCom), IEEE Cyber, Physical, and Social Computing (CPSCom), and IEEE Smart Data (SmartData). 164\u2013170."},{"key":"e_1_3_1_70_2","unstructured":"UNECE. 2021. UN Regulation No. 155\u2014Uniform Provisions Concerning the Approval of Vehicles with Regards to Cyber Security and Cyber Security Management System: E\/ECE\/TRANS\/505\/Rev.3\/Add.154. Retrieved February 14 2024 from https:\/\/unece.org\/sites\/default\/files\/2021-03\/R155e.pdf"},{"key":"e_1_3_1_71_2","unstructured":"UNECE. 2021. UN Regulation No. 156\u2014Software Update and Software Update Management System: E\/ECE\/TRANS\/ 505\/Rev.3\/Add.155. Retrieved February 14 2024 from https:\/\/unece.org\/sites\/default\/files\/2021-03\/R156e.pdf"},{"key":"e_1_3_1_72_2","doi-asserted-by":"crossref","first-page":"146057","DOI":"10.1109\/ACCESS.2019.2943837","article-title":"Cyber-security internals of a Skoda Octavia vRS: A hands on approach","volume":"7","author":"Urquhart Colin","year":"2019","unstructured":"Colin Urquhart, Xavier Bellekens, Christos Tachtatzis, Robert Atkinson, Hanan Hindy, and Amar Seeam. 2019. Cyber-security internals of a Skoda Octavia vRS: A hands on approach. IEEE Access 7 (2019), 146057\u2013146069.","journal-title":"IEEE Access"},{"key":"e_1_3_1_73_2","first-page":"703","volume-title":"Proceedings of the USENIX Security Symposium","author":"Verdult Roel","year":"2013","unstructured":"Roel Verdult, Flavio D. Garcia, and Baris Ege. 2013. Dismantling Megamos Crypto: Wirelessly lockpicking a vehicle immobilizer. In Proceedings of the USENIX Security Symposium. 703\u2013718."},{"key":"e_1_3_1_74_2","unstructured":"WMC. 2018. Used cars increase identity theft chances BBB finds. Action News. Retrieved February 14 2024 from https:\/\/www.actionnews5.com\/story\/39022826\/used-cars-increase-identity-theft-chances-bbb-finds\/"},{"key":"e_1_3_1_75_2","unstructured":"Working Party on Automated\/Autonomous and Connected Vehicles. 2020. Proposals for Interpretation Documents for UN Regulation No. 155 (Cyber Security and Cyber Security Management System). Retrieved February 14 2024 from https:\/\/unece.org\/sites\/default\/files\/2021-02\/ECE-TRANS-WP29-2021-059e_0.pdf"},{"key":"e_1_3_1_76_2","doi-asserted-by":"publisher","DOI":"10.13154\/tches.v2019.i3.66-85"},{"key":"e_1_3_1_77_2","first-page":"370","volume-title":"Proceedings of the 2012 6th International Conference on Complex, Intelligent, and Software Intensive Systems","author":"Yan Gongjun","year":"2012","unstructured":"Gongjun Yan, Danda B. Rawat, and Bhed B. Bista. 2012. Towards secure vehicular clouds. In Proceedings of the 2012 6th International Conference on Complex, Intelligent, and Software Intensive Systems. 370\u2013375."},{"key":"e_1_3_1_78_2","volume-title":"Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISR\u201914).","author":"Yuan Xiaohong","year":"2014","unstructured":"Xiaohong Yuan, Emmanuel Borkor Nuakoh, Jodria S. Beal, and Huiming Yu. 2014. Retrieving relevant CAPEC attack patterns for secure software development. In Proceedings of the 9th Annual Cyber and Information Security Research Conference (CISR\u201914). ACM, 33\u201336. 10.1145\/2602087.2602092"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.micpro.2022.104461"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3644075","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3644075","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:56:58Z","timestamp":1750291018000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3644075"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,14]]},"references-count":78,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2024,5,31]]}},"alternative-id":["10.1145\/3644075"],"URL":"https:\/\/doi.org\/10.1145\/3644075","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,14]]},"assertion":[{"value":"2023-01-26","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-01-20","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-03-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}