Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis

Lee, Yousik; Woo, Samuel; Song, Yunkeun; Lee, Jungho; Lee, Dong Hoon · 2020 · DOAJ

DOI: 10.1109/ACCESS.2020.3004661

archive: archived pipeline: cataloged verified

Get this paper ↗ (DOI — opens at the source; we link to it, we don't host it)

Summary

This paper addresses the growing cybersecurity risks in the automotive industry, driven by the convergence of vehicles with Internet of Things (IoT) technologies and 5G networks. As automobiles evolve into connected, automated systems, they become susceptible to cyberattacks similar to those in traditional ICT environments. The authors argue that current automotive manufacturers often treat vehicles as closed mechanical systems, lacking the systematic security risk assessment (SRA) processes required for hyper-connected devices. To mitigate these risks, the study aims to formalize vulnerability analysis and propose a practical architecture for sharing automotive security information. The methodology involves analyzing 11 major automotive hacking studies using the Cyber Kill Chain framework, which categorizes attacks into seven stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. The authors provide detailed analyses of three representative use cases: an Android app-repackaging attack on in-vehicle networks, a ransomware attack path via connected services, and a wireless attack on the Controller Area Network (CAN) using malicious smartphone apps. By mapping these real-world attack vectors to the kill chain stages, the study identifies common characteristics and attack patterns. Additionally, the authors evaluate existing vulnerability sharing systems, such as CVE, NVD, CWE, and Auto-ISAC, noting their limitations in accessibility and automotive-specific relevance. The findings reveal that many automotive attacks follow predictable patterns within the Cyber Kill Chain, particularly exploiting vulnerabilities during the installation and command-and-control phases. The analysis highlights that implementing a "secure platform"—encompassing secure boot, secure flash, and secure access—is a critical defense measure capable of preventing nearly all analyzed hacking attempts. Consequently, the authors propose a new course of action matrix tailored for vehicle environments, emphasizing supply chain security and supplier responsibility. Furthermore, the study introduces the Automotive Common Vulnerabilities and Exposures (Automotive CVE) system. This platform is designed to overcome the restricted access of Auto-ISAC and the generic nature of standard CVEs, providing an open, easily accessible database for automotive engineers and researchers to share and identify vehicle-specific vulnerabilities. The significance of this work lies in its contribution to standardized automotive cybersecurity practices. By formalizing attack analysis through the Cyber Kill Chain, the paper provides a structured approach for security risk assessment and countermeasure planning. The proposed Automotive CVE system facilitates broader information sharing, enabling non-expert automotive engineers to effectively identify and mitigate threats. This supports regulatory compliance, such as UNECE guidelines, and helps minimize economic losses and safety risks associated with vehicle cyberattacks. The study underscores the necessity of integrating systematic security management throughout the vehicle lifecycle, from development to post-production.

Provenance

The full processing record for this entry. Every stage of this paper's journey through the pipeline is logged — what ran, with which tool and model, how many attempts it took, and when it last completed.

StageOutcomeToolModelPromptAttemptsCompleted
discover success DOAJ 1 2026-06-18
archive success unpaywall 1 2026-06-25
extract success cached 2 2026-06-26
clean success clean 1 2026-06-18
chunk success chunk 1 2026-06-18
embed success embed Qwen/Qwen3-Embedding-8B 1 2026-06-18
promote success 1 2026-06-18
summarize success llm qwen3.6-27b-prismaquant summ-v5 1 2026-06-26
tag success vector_similarity 6 2026-06-18
verify success 1 2026-06-26

Summary generated by qwen3.6-27b-prismaquant on 2026-06-26; verification: verified.

Topics

Ranked by relevance to this paper. Hover a topic for its definition.