Research Article
A Comparative Study of JASO TP15002-Based Security Risk Assessment Methods for Connected Vehicle System Design
Table 2
: Occurrence Possibility for RSMA.
| | Metric | Rank | Value | Definition |
| | Time required | Practical(P) | 0 | The time required for the attacker to identify and exploit a vulnerability is practical. | | (T) | Unrealistic(U) | 19 | The time required for the attacker to identify and exploit a vulnerability is unrealistic. |
| | Expert knowledge | Nonprofessional(N) | 0 | Technical expertise is not needed. | | (E) | Professional(P) | 3 | Technical expertise is needed. |
| | TOE knowledge | Open information(O) | 0 | TOE knowledge is open information. | | (TOE) | Limited(L) | 3 | TOE knowledge is the information that dealers, developers, and manufacturers can obtain. | | | Closed(C) | 7 | TOE knowledge is the information that only a limited number of persons can obtain. |
| | Opportunity | Always(A) | 0 | The attacker can access TOE unrestricted or the access is not needed. | | (O) | Limited(L) | 4 | The attacker can access TOE but the frequency is limited. | | | Impossible(I) | 19 | The attacker cannot access TOE. |
| | Device | Off-the-shelf(OS) | 0 | Hardware and software used for attacks are the off-the-shelf products. | | (D) | Special(S) | 4 | Hardware and software used for attacks are the special products. | | | Ordered(O) | 8 | Hardware and software used for attacks are the specially ordered products. |
|
|
