Abstract
Autonomous Vehicles rely heavily on their sensors’ information to navigate correctly. Autonomous driving requires the support of infrastructure-based systems to provide extra sensor information, which cannot be collected by vehicles. We expect that such infrastructure-based systems are typically not provided by the same manufacturer as the vehicle using them. In this paper, we propose a first of its kind, compositional threat analysis and risk assessment method, called C-TAR, and illustrate the method using a simplified example from an autonomous driving context. The proposed method extends a common threat and risk analysis method by statements of dependency on interfacing systems and provides a compatibility check of two systems working together. C-TAR allows the user to identify whether two independently developed systems can interact together securely based on the extended threat and risk analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ISO/SAE 21434:2021 (Aug 2021). https://www.iso.org/standard/70918.html
Adler, R., Reich, J., Kaypmaz, C.: Dependable autonomous commercial vehicles. ATZheavy duty worldwide 14, 50–54 (2021)
Alnasser, A., Sun, H., Jiang, J.: Cyber security challenges and solutions for v2x communications: a survey. Comput. Netw. 151, 52–67 (2019)
Armengaud, E., et al.: DDI: a novel technology and innovation model for dependable, collaborative and autonomous systems. In: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1626–1631. IEEE (2021)
Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7, 100056 (2019). https://doi.org/10.1016/j.iot.2019.100056
CYBER, ETSI: Methods and protocols; part 1: Method and pro forma for threat, vulnerability. Risk Analysis (TVRA). Technical Specification TS 102, 165–1
Eichler, J., Angermeier, D.: Modular risk assessment for the development of secure automotive systems. In: Proceedings of the 31st VDI/VW Joint Conference Automotive Security, Wolfsburg, Germany, pp. 21–22 (2015)
Hammi, B., Monteuuis, J.P., Petit, J.: PKIS in C-ITS: security functions, architectures and projects: a survey. Veh. Commun. 38, 100531 (2022)
Huang, J., Fang, D., Qian, Y., Hu, R.Q.: Recent advances and challenges in security and privacy for v2x communications. IEEE Open J. Veh. Technol. 1, 244–266 (2020)
Japs, S., Anacker, H., Dumitrescu, R.: Save: security & safety by model-based systems engineering on the example of automotive industry. Procedia CIRP 100, 187–192 (2021)
Kiening, A., Angermeier, D.: Trade-threat and risk assessment for automotive distributed engineering (2021)
Kim, S., Shrestha, R.: Security and privacy in intelligent autonomous vehicles. In: Automotive Cyber Security, pp. 35–66. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_3
Kim, S., Shrestha, R.: AUTOSAR embedded security in vehicles. In: Automotive Cyber Security, pp. 97–120. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_5
Lamssaggad, A., Benamar, N., Hafid, A.S., Msahli, M.: A survey on the current security landscape of intelligent transportation systems. IEEE Access 9, 9180–9208 (2021)
Lu, Z., Qu, G., Liu, Z.: A survey on recent advances in vehicular network security, trust, and privacy. IEEE Trans. Intell. Transp. Syst. 20(2), 760–776 (2018)
Luo, F., Jiang, Y., Zhang, Z., Ren, Y., Hou, S.: Threat analysis and risk assessment for connected vehicles: a survey. Secur. Commun. Networks 2021, 1–19 (2021)
Rak, M., Casola, V., De Benedictis, A., Villano, U.: Automated risk analysis for IoT systems. In: Xhafa, F., Leu, F.-Y., Ficco, M., Yang, C.-T. (eds.) 3PGCIC 2018. LNDECT, vol. 24, pp. 265–275. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02607-3_24
Schneider, D., Trapp, M., Papadopoulos, Y., Armengaud, E., Zeller, M., Höfig, K.: WAP: digital dependability identities. In: 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE), pp. 324–329. IEEE (2015)
Acknowledgements
The authors would like to thank all partners within the Hi-Drive project for their cooperation and valuable contribution. [This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101006664. The sole responsibility of this publication lies with the authors. Neither the European Commission nor CINEA - in its capacity of Granting Authority - can be made responsible for any use that may be made of the information this document contains.]
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Abdelsalam, M., Greiner, S., Aktouf, OEK., Mercier, A. (2024). C-TAR: A Compositional Threat Analysis and Risk Assessment Method for Infrastructure-Based Autonomous Driving. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-54129-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54128-5
Online ISBN: 978-3-031-54129-2
eBook Packages: Computer ScienceComputer Science (R0)