Professional Documents
Culture Documents
Wajid File PDF
Wajid File PDF
results and your engineering judgment. Below is the task and instructions. Every candidate goes through
the same example so that we can compare fairly. Look forward to your results!
connected vehicles use 802.11p protocol to communicate with other vehicles, which could be
intercepted/disrupted within 100-200 meters. These messages sent between vehicles are subject to
Black Hole Attack.
Based on your research, I’ll need you to rate this potential threat with the following five factors:
Elapsed Time
Expertise
Knowledge
Window of Opportunity
Equipment
Here are the options for each factor (Ignore the numeric value, just use the Enumerate rating):
Enumerate Value Enumerate Value Enumerate Value Enumerate Value Enumerate Value
> 6 months 19
Here are some more instructions for each:
Elapsed Time:
This shall include both preparation time and exploitation time. If a particular
vulnerability is not available, it should include the estimated time to exploit a new
vulnerability.
If preparation takes time x and exploitation takes time y, the elapsed time should
be x+y.
Expertise:
If this attack requires multiple steps, and some steps require Proficient, and other
steps require Expert, the Expertise of this attack shall be Expert. Proficient and
Expert do not add up to make it Multiple Experts.
Layman:
Knowledgeable in that they are familiar with the security behaviour of the product
or system type.
Different fields of expertise are required at an expert level for distinct steps of an
attack.
Knowledge:
Knowledge usually means knowledge of the system under attack (design data,
engineering data, vulnerability disclosure, user manual, etc.). The exception is that
if a threat is assuming the password is known to the attacker, the knowledge should
include the password.
Public:
Public information concerning the item or component (e.g. as gained from the
Internet).
controlled within the developer organization and shared with other organizations
under a non-disclosure agreement).
Example: internal documentation shared between manufacturer and supplier,
requirements and design specifications
Confidential:
Strictly confidential information about the item or component (e.g. knowledge that
is known by only a few individuals, access to which is very tightly controlled on a
strict need to know basis and individual undertaking).
Window:
If one part of the attack has a window Easy, and another part has a window
Moderate, the window for the whole attack might be added up to Difficult.
When ownership of the item is relevant in this case, assume the attacker doesn't
own the item when giving the score. But also provide in the rationale the score if
the attacker owns the item. For example, if the attacker owns the target vehicle, the
attacker has unlimited access to JTAG access to a particular module on the vehicle.
But if the attacker doesn't own the target vehicle, the window of accessing JTAG
of a particular module is Moderate.
Unlimited:
High availability and limited access time. Remote access without physical
presence to the item or component.
Example: pairing time of Bluetooth, remote software update, remote attack that
requires the vehicle standing still.
Moderate:
Low availability of the item or component. Limited physical and/or logical access.
Physical access to the vehicle interior or exterior without using any special tools.
Example: attacker enters an unlocked car and got access to exposed physical
interface, e.g., physical access via on-board diagnostic port.
Difficult:
Very low availability of the item or component. Impractical level of access to the
item or component to perform the attack.
Equipment:
The equipment parameter is related to the tools the attacker has available to
discover the vulnerability and/or to execute the attack.
If one part of the attack requires a Specialized tool, and another part of the attack
requires a different Specialized tool, the Equipment for this attack can be Bespoke
- the two different Specialized tools may add up.
Standard:
Equipment is readily available to the attacker. This equipment may be a part of the
product itself (e.g. a debugger in an operating system), or can be readily obtained
(e.g. internet sources, protocol analyser or simple attack scripts).
Example: laptop, CAN adapter, on-board diagnostic dongle, ordinary tools
(screwdriver, soldering iron, pliers)
Specialized:
Equipment is not readily available to the attacker but can be acquired without
undue effort. This can include purchase of moderate amounts of equipment
(e.g. power analysis tools, use of hundreds of PCs linked across the internet would
fall into this category), or development of more extensive attack scripts or
programs. If clearly different test benches consisting of specialized equipment are
required for distinct steps of an attack this would be rated as bespoke.
Equipment is not readily available to the public (e.g. black market) as it may need
to be specially produced (e.g. very sophisticated software), or because the
equipment is so specialized that its distribution is controlled, possibly even
restricted. Alternatively, the equipment may be very expensive.
Your Task is to fill the blanks in this following table (give a rating for each factor, and then explain why
you chose this rating):
Elapsed Rationale
Time
Expertise Rationale
Knowledge Rationale
Window of Rationale
Opportunity
Equipment Rationale