The contents considered in the autonomous vehicle security model are as follows.
• Self-driving car service security perspective(자율주행차 서비스 보안 관점)
– In-vehicle communication(차량 내부 통신)
– Communication outside the vehicle (including backend infrastructure)(차량 외부 통신 (백엔드 인프라 포함)
• UN regulatory compliance perspective
– Vehicle Cyber Security Regulations (UNR No.155)
차량 사이버보안 규정 (UNR No.155)
– Vehicle software update regulations (UNR No.156)
차량 소프트웨어 업데이트 규정 (UNR No.156)
 |
| Purpose of Autonomous Vehicle Security Model |
⃞ Self-driving car service perspective
Purpose : To ensure that users of self-driving car service can receive the intended service at the time they want
Composition : vehicle internal/external security, communication channel security, back-end infrastructure security law compliance perspective
목적 : 자율주행차서비스이용자가원하는시점에의도한서비스를제공받을수있도록보장함
구성 :차량내부/외부보안, 통신채널보안, 백엔드인프라보안법규준수관점
⃞ Legal Compliance Perspective
Purpose: To provide application plans to comply with cyber security requirements specified in UN Regulation No.155
Composition: Corporate operation, R&D, production, product operation, partner management
목적: UN Regulation No.155에서명시한사이버보안요구사항을준수할수있도록적용방안을제공함
구성: 기업운영, 연구개발, 생산, 제품운영, 협력사관리
⃞ The self-driving car service perspective
The self-driving car service perspective is a security model to mitigate threats that may occur to self-driving car services so that self-driving car service users can receive the intended service at a desired time.
The self-driving car service user requests the desired service through the back-end infrastructure that provides the self-driving car service, and the back-end infrastructure selects the most suitable self-driving car for service provision and sends control commands to the self-driving car through a communication channel. send. After that, the self-driving car provides the service to the service user and periodically reports the service provision status to the backend infrastructure.
This form is a general operation method of self-driving car service confirmed through this study. Therefore, the security model from the perspective of self-driving car service targets the three elements (vehicle, back-end infrastructure, and communication channel) that make up the self-driving service, and provides security measures for each element.
⃞ Security Model from the UN Compliance Perspective
The security model from the UN compliance point of view is based on the requirements of UNR No.155 and UNR No.156. UNR No.155 covers all the policies, processes, and outputs required to prove cybersecurity application for vehicle cybersecurity throughout the vehicle lifecycle, from the design/development/operation/disposal of autonomous vehicles. No.156 deals with policies, processes, and deliverables related to software update campaigns required to perform wired/wireless updates. UNR No.155 and No.156 are different in that the topics covered are cybersecurity and software updates, but they require a company-wide response, and requirements, documents/documents/ The requirements at the quality control level can be seen as the same.
⃞ What UNR No.155 and UNR No.156 have in common(UNR No.155와 UNR No.156의 공통점)
• Requires an organization-level management system(조직 차원의 관리체계를 요구함)
– UNR No.155 → Cybersecurity Management System (CSMS)
– UNR No.156 → Software Update Management System (SUMS)
• Require vehicle specific approval(차량 별 승인을 요구함)
– Cybersecurity engineering or software updates applied to vehicles
Implementation deliverables (outputs) basis for engineering
• Each mapped with ISO International Standard(각각 ISO 국제표준과 매핑됨)
– UNR No.155 → ISO/SAE 21434
– UNR No.156 → ISO 24089
⃞ Composition of security model parts(보안모델 파트 구성)
• Part I : Security model from the perspective of self-driving car service
– Target: 9 types of self-driving vehicle representative services
• Part II : Security model for compliance with UNR No.155
– Target: Cyber Security Management System (CSMS) :
• Part III : Security model for compliance with UNR No.156
– Target: Software update management system (SUMS)
Source : Ministry of Science and ICT Korea Internet & Security Agency
