[go: up one dir, main page]
Skip to main content
SpringerLink
Log in

C-TAR: A Compositional Threat Analysis and Risk Assessment Method for Infrastructure-Based Autonomous Driving

  • Conference paper
  • First Online:
Computer Security. ESORICS 2023 International Workshops (ESORICS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14399))

Included in the following conference series:

  • 534 Accesses

Abstract

Autonomous Vehicles rely heavily on their sensors’ information to navigate correctly. Autonomous driving requires the support of infrastructure-based systems to provide extra sensor information, which cannot be collected by vehicles. We expect that such infrastructure-based systems are typically not provided by the same manufacturer as the vehicle using them. In this paper, we propose a first of its kind, compositional threat analysis and risk assessment method, called C-TAR, and illustrate the method using a simplified example from an autonomous driving context. The proposed method extends a common threat and risk analysis method by statements of dependency on interfacing systems and provides a compatibility check of two systems working together. C-TAR allows the user to identify whether two independently developed systems can interact together securely based on the extended threat and risk analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ISO/SAE 21434:2021 (Aug 2021). https://www.iso.org/standard/70918.html

  2. Adler, R., Reich, J., Kaypmaz, C.: Dependable autonomous commercial vehicles. ATZheavy duty worldwide 14, 50–54 (2021)

    Article  Google Scholar 

  3. Alnasser, A., Sun, H., Jiang, J.: Cyber security challenges and solutions for v2x communications: a survey. Comput. Netw. 151, 52–67 (2019)

    Article  Google Scholar 

  4. Armengaud, E., et al.: DDI: a novel technology and innovation model for dependable, collaborative and autonomous systems. In: 2021 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1626–1631. IEEE (2021)

    Google Scholar 

  5. Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7, 100056 (2019). https://doi.org/10.1016/j.iot.2019.100056

    Article  Google Scholar 

  6. CYBER, ETSI: Methods and protocols; part 1: Method and pro forma for threat, vulnerability. Risk Analysis (TVRA). Technical Specification TS 102, 165–1

    Google Scholar 

  7. Eichler, J., Angermeier, D.: Modular risk assessment for the development of secure automotive systems. In: Proceedings of the 31st VDI/VW Joint Conference Automotive Security, Wolfsburg, Germany, pp. 21–22 (2015)

    Google Scholar 

  8. Hammi, B., Monteuuis, J.P., Petit, J.: PKIS in C-ITS: security functions, architectures and projects: a survey. Veh. Commun. 38, 100531 (2022)

    Google Scholar 

  9. Huang, J., Fang, D., Qian, Y., Hu, R.Q.: Recent advances and challenges in security and privacy for v2x communications. IEEE Open J. Veh. Technol. 1, 244–266 (2020)

    Article  Google Scholar 

  10. Japs, S., Anacker, H., Dumitrescu, R.: Save: security & safety by model-based systems engineering on the example of automotive industry. Procedia CIRP 100, 187–192 (2021)

    Article  Google Scholar 

  11. Kiening, A., Angermeier, D.: Trade-threat and risk assessment for automotive distributed engineering (2021)

    Google Scholar 

  12. Kim, S., Shrestha, R.: Security and privacy in intelligent autonomous vehicles. In: Automotive Cyber Security, pp. 35–66. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_3

  13. Kim, S., Shrestha, R.: AUTOSAR embedded security in vehicles. In: Automotive Cyber Security, pp. 97–120. Springer, Singapore (2020). https://doi.org/10.1007/978-981-15-8053-6_5

  14. Lamssaggad, A., Benamar, N., Hafid, A.S., Msahli, M.: A survey on the current security landscape of intelligent transportation systems. IEEE Access 9, 9180–9208 (2021)

    Article  Google Scholar 

  15. Lu, Z., Qu, G., Liu, Z.: A survey on recent advances in vehicular network security, trust, and privacy. IEEE Trans. Intell. Transp. Syst. 20(2), 760–776 (2018)

    Article  Google Scholar 

  16. Luo, F., Jiang, Y., Zhang, Z., Ren, Y., Hou, S.: Threat analysis and risk assessment for connected vehicles: a survey. Secur. Commun. Networks 2021, 1–19 (2021)

    Google Scholar 

  17. Rak, M., Casola, V., De Benedictis, A., Villano, U.: Automated risk analysis for IoT systems. In: Xhafa, F., Leu, F.-Y., Ficco, M., Yang, C.-T. (eds.) 3PGCIC 2018. LNDECT, vol. 24, pp. 265–275. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-02607-3_24

    Chapter  Google Scholar 

  18. Schneider, D., Trapp, M., Papadopoulos, Y., Armengaud, E., Zeller, M., Höfig, K.: WAP: digital dependability identities. In: 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE), pp. 324–329. IEEE (2015)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank all partners within the Hi-Drive project for their cooperation and valuable contribution. [This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101006664. The sole responsibility of this publication lies with the authors. Neither the European Commission nor CINEA - in its capacity of Granting Authority - can be made responsible for any use that may be made of the information this document contains.]

Author information

Authors and Affiliations

  1. Robert Bosch GmbH, Abstatt Robert-Bosch-Allee 1, Gerlingen, Germany

    Mohamed Abdelsalam & Simon Greiner

  2. Grenoble University, 621 Avenue Centrale, Grenoble, France

    Mohamed Abdelsalam, Oum-El-Kheir Aktouf & Annabelle Mercier

Authors
  1. Mohamed Abdelsalam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Simon Greiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Oum-El-Kheir Aktouf
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Annabelle Mercier
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohamed Abdelsalam .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  3. University of Trento, Trento, Italy

    Silvio Ranise

  4. University of Genoa, Genoa, Italy

    Luca Verderame

  5. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  6. SINTEF A.S., Oslo, Norway

    Rita Ugarelli

  7. Instituto Superior de Engenharia do Porto, Porto, Portugal

    Isabel Praça

  8. Hong Kong Polytechnic University, Hong Kong, China

    Wenjuan Li

  9. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  10. University of Nottingham, Nottingham, UK

    Steven Furnell

  11. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  12. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  13. Institute for Energy Technology (IFE), Halden, Norway

    Ankur Shukla

  14. University of Calabria, Rende, Italy

    Michele Ianni

  15. University of Verona, Verona, Italy

    Mila Dalla Preda

  16. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  17. University of Lisbon, Lisbon, Portugal

    Miguel Pupo Correia

  18. University of Twente, Enschede, The Netherlands

    Abhishta Abhishta

  19. University of Amsterdam, Amsterdam, The Netherlands

    Giovanni Sileno

  20. Open University in the Netherlands, Heerlen, The Netherlands

    Mina Alishahi

  21. Robert Gordon University, Aberdeen, UK

    Harsha Kalutarage

  22. Osaka University, Osaka, Japan

    Naoto Yanai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abdelsalam, M., Greiner, S., Aktouf, OEK., Mercier, A. (2024). C-TAR: A Compositional Threat Analysis and Risk Assessment Method for Infrastructure-Based Autonomous Driving. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54129-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54128-5

  • Online ISBN: 978-3-031-54129-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation