Assessment of attack surface for vehicle electronic control units in CAN network

The subject of the paper is the approach to the quantitative assessment of information security of the vehicle computer network and electronic control units (ECUs) that exchange data via this network. The goal is to provide a quantitative assessment of the attack surface for vehicle ECUs that use the CAN data protocol. The terms and general methodology for assessing the attack surface were adapted for use concerning the vehicle's ECUs to achieve the goal, the efforts of the attacker to gain access to resources within the framework of the attack were analyzed. A description of the general types of attacks was presented, and attack trees were built for them. A method for assessing the attack surface using diagnostic functions and attacks using normal packets is proposed. The method is based on the use of estimates of the potential damage magnitude from attacks and assessments of efforts to access the channels, data, and methods of the ECU. The result is an assessment of the attack surface for the ECU, which characterizes the degree the ECU is vulnerable to the attack. This information is essential for vehicle manufacturers for implementing measures to improve the level of information security.