Security Models

A security model is an abstract, often formal, framework for defining, analyzing, and implementing information security policies. Its core purpose is to provide a systematic and verifiable method for reasoning about a system's security properties, such as confidentiality, integrity, and availability. In automotive cybersecurity, security models are fundamental to conducting Threat Analysis and Risk Assessment (TARA). For instance, the standard ISO/SAE 21434 "Road vehicles — Cybersecurity engineering" requires a systematic identification of threat scenarios in Clause 8, which in practice necessitates the use of threat models like STRIDE, HEAVENS, or EVITA. A security model differs from a "security architecture" (the model describes 'what' rules are enforced, while the architecture describes 'how' they are implemented) and a "security policy" (the policy is a high-level statement of rules, while the model provides the logical structure to enforce them).

In the automotive industry's risk management, applying security models typically follows these steps: 1. **System Definition and Decomposition**: In accordance with ISO/SAE 21434 Clause 8.4, the process begins by defining the item and decomposing its Electrical/Electronic (E/E) architecture into functions, components, data flows, and trust boundaries to create a system model. 2. **Threat Analysis and Risk Assessment (TARA)**: A threat modeling methodology like STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) is applied to systematically identify threats for each element of the system model. For example, identifying a potential tampering threat to the over-the-air (OTA) update data flow of a Telematics Control Unit (TCU). 3. **Security Goal and Control Definition**: Based on the TARA results, specific cybersecurity goals are defined, such as "protect the integrity of firmware updates." Corresponding security controls, like digital signatures and encrypted channels, are then designed and implemented. A European Tier-1 supplier reported a 40% reduction in high-risk vulnerabilities discovered in late-stage development after adopting this process.

Taiwanese automotive supply chain enterprises face three main challenges when implementing security models: 1. **Complex Supply Chain Collaboration**: The highly segmented supply chain means Tier 1 and Tier 2 suppliers have varying levels of cybersecurity maturity, making it difficult to enforce a consistent security model and exchange threat data (e.g., using CVSF) across all parties. 2. **Talent Shortage**: There is a scarcity of engineers who are both familiar with the ISO/SAE 21434 standard and have practical experience in threat modeling, leading to superficial model application. 3. **Cost-Benefit Pressure**: A high proportion of small and medium-sized enterprises (SMEs) find the cost of specialized modeling tools and dedicated personnel prohibitive, with the return on investment not being immediately quantifiable. **Solutions**: Establish a cross-supplier cybersecurity working group to create TARA implementation guidelines, partner with research institutions for practical training, and adopt a phased implementation starting with critical components, utilizing open-source tools to lower the initial barrier.

Winners Consulting specializes in Security models for Taiwan enterprises, delivering compliant management systems within 90 days. Free consultation: https://winners.com.tw/contact