A System Theoretic Approach to Cybersecurity Risk Analysis and Mitigation for Autonomous Passenger Vehicles

IRPN: Innovation & Information Management (Topic) Pub Date : 2018-02-01 DOI:10.2139/ssrn.3370555

Lee Sian Wei, S. Madnick

{"title":"A System Theoretic Approach to Cybersecurity Risk Analysis and Mitigation for Autonomous Passenger Vehicles","authors":"Lee Sian Wei, S. Madnick","doi":"10.2139/ssrn.3370555","DOIUrl":null,"url":null,"abstract":"Urban Mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, as well as connected and self-driving vehicles. Technological advancements often lead to new hazards and changing nature in how accidents can happen. Coupled with the increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as one of the key threats affecting the safety of these vehicles. Traditional hazards analysis methods treat safety and security in isolation, and are limited in their ability to account for interactions among organizational, socio-technical, human, and technical components. In response to these challenges, the System Theoretic Process Analysis (STPA) was developed to meet the growing need for system engineers to holistically analyze complex socio-technical systems. We applied STPA-Sec, an extension to STPA to include security analysis, to co-analyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service use case, focusing on over-the-air software updates feature. Overall, STPA-Sec identified additional hazards and more effective requirements compared to CHASSIS. In particular, STPA-Sec demonstrated the ability to identify hazards due to unsafe/ unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for STPA-Sec. Finally, results from both methods were back-tested against a past cyber hack on a vehicular system, and we found that recommendations from STPA-Sec were likely to mitigate the risks of the incident.","PeriodicalId":285194,"journal":{"name":"IRPN: Innovation & Information Management (Topic)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IRPN: Innovation & Information Management (Topic)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/ssrn.3370555","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Urban Mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, as well as connected and self-driving vehicles. Technological advancements often lead to new hazards and changing nature in how accidents can happen. Coupled with the increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as one of the key threats affecting the safety of these vehicles. Traditional hazards analysis methods treat safety and security in isolation, and are limited in their ability to account for interactions among organizational, socio-technical, human, and technical components. In response to these challenges, the System Theoretic Process Analysis (STPA) was developed to meet the growing need for system engineers to holistically analyze complex socio-technical systems. We applied STPA-Sec, an extension to STPA to include security analysis, to co-analyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service use case, focusing on over-the-air software updates feature. Overall, STPA-Sec identified additional hazards and more effective requirements compared to CHASSIS. In particular, STPA-Sec demonstrated the ability to identify hazards due to unsafe/ unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for STPA-Sec. Finally, results from both methods were back-tested against a past cyber hack on a vehicular system, and we found that recommendations from STPA-Sec were likely to mitigate the risks of the incident.

查看原文本刊更多论文

自动驾驶乘用车网络安全风险分析与缓解的系统理论方法

在人工智能、按需乘车服务以及联网和自动驾驶汽车等技术融合的推动下，城市交通正处于一场革命之中。技术进步经常导致新的危险和改变事故发生的性质。再加上新一代自动驾驶汽车的自动化和连接水平不断提高，网络安全正成为影响这些车辆安全的主要威胁之一。传统的危害分析方法孤立地对待安全和安保，并且在解释组织、社会技术、人员和技术组成部分之间的相互作用方面能力有限。为了应对这些挑战，系统理论过程分析(STPA)的发展是为了满足系统工程师对复杂社会技术系统的整体分析日益增长的需求。我们应用了STPA- sec，这是STPA的扩展，包括安全分析，共同分析安全和安全隐患，以及确定缓解需求。结果与另一种被称为信息系统安全和安保综合危害分析(CHASSIS)的有前途的方法进行了比较。这两种方法都应用于移动即服务用例，重点关注无线软件更新功能。总的来说，与底盘相比，STPA-Sec确定了额外的危害和更有效的要求。特别是，stp - sec展示了识别社会技术组件之间不安全/不安全交互造成的危害的能力。本研究还建议使用CHASSIS方法进行信息生命周期分析，以补充并产生STPA-Sec的额外考虑。最后，我们对这两种方法的结果进行了反向测试，以对抗过去对车辆系统的网络攻击，我们发现，来自STPA-Sec的建议可能会降低事件的风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IRPN: Innovation & Information Management (Topic)

自引率

0.00%

发文量