联网自动驾驶汽车的定量风险评估：整合改进的 STPA-SafeSec 和贝叶斯网络

IF 9.4 1区工程技术 Q1 ENGINEERING, INDUSTRIAL

Reliability Engineering & System Safety Pub Date : 2024-10-05 DOI:10.1016/j.ress.2024.110528

Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin

{"title":"联网自动驾驶汽车的定量风险评估：整合改进的 STPA-SafeSec 和贝叶斯网络","authors":"Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin","doi":"10.1016/j.ress.2024.110528","DOIUrl":null,"url":null,"abstract":"<div><div>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"253 ","pages":"Article 110528"},"PeriodicalIF":9.4000,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network\",\"authors\":\"Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin\",\"doi\":\"10.1016/j.ress.2024.110528\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</div></div>\",\"PeriodicalId\":54500,\"journal\":{\"name\":\"Reliability Engineering & System Safety\",\"volume\":\"253 \",\"pages\":\"Article 110528\"},\"PeriodicalIF\":9.4000,\"publicationDate\":\"2024-10-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Reliability Engineering & System Safety\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0951832024006008\",\"RegionNum\":1,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, INDUSTRIAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832024006008","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}

引用次数: 0

摘要

互联自动驾驶汽车（CAVs）的风险评估至关重要，因为它综合了安全和安保因素，可在有效降低潜在危险和脆弱性的同时确保可靠运行。然而，现有的风险评估方法存在两个缺陷：回避量化和未充分考虑威胁。为此，我们提出了一种可量化的风险评估方法，该方法结合了 STRIDE 威胁模型，以解决 CAV 中的网络安全问题。具体来说，我们首先提出了改进的 STPA-SafeSec 危险分析方法，使用通用因果关系图和 STRIDE 来识别因果关系、安全和安保要求以及相应的缓解措施。然后，我们提出了一种用于全面量化系统风险的贝叶斯网络。通过这种方法，可以进行定量风险评估、敏感性分析、风险控制措施优先级排序以及收益成本分析，并通过设计的贪婪优化算法进行辅助。对一辆真实的开源测试车辆进行的案例研究表明，所提出的方法不仅能对危险和漏洞进行全面分析，还能提供定量风险评估。比较评估表明，与现有方法相比，拟议方法在分析结果（实用性）、分析步骤（可用性）和分析过程（效率）方面都具有显著优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network

Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Reliability Engineering & System Safety 管理科学-工程：工业

CiteScore

15.20

自引率

39.50%

发文量

621

审稿时长

67 days

期刊介绍： Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.