联网自动驾驶汽车的定量风险评估:整合改进的 STPA-SafeSec 和贝叶斯网络

IF 9.4 1区 工程技术 Q1 ENGINEERING, INDUSTRIAL
Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin
{"title":"联网自动驾驶汽车的定量风险评估:整合改进的 STPA-SafeSec 和贝叶斯网络","authors":"Qi Liu ,&nbsp;Ke Sun ,&nbsp;Wenqi Liu ,&nbsp;Yufeng Li ,&nbsp;Xiangyu Zheng ,&nbsp;Chenhong Cao ,&nbsp;Jiangtao Li ,&nbsp;Wutao Qin","doi":"10.1016/j.ress.2024.110528","DOIUrl":null,"url":null,"abstract":"<div><div>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":"253 ","pages":"Article 110528"},"PeriodicalIF":9.4000,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network\",\"authors\":\"Qi Liu ,&nbsp;Ke Sun ,&nbsp;Wenqi Liu ,&nbsp;Yufeng Li ,&nbsp;Xiangyu Zheng ,&nbsp;Chenhong Cao ,&nbsp;Jiangtao Li ,&nbsp;Wutao Qin\",\"doi\":\"10.1016/j.ress.2024.110528\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</div></div>\",\"PeriodicalId\":54500,\"journal\":{\"name\":\"Reliability Engineering & System Safety\",\"volume\":\"253 \",\"pages\":\"Article 110528\"},\"PeriodicalIF\":9.4000,\"publicationDate\":\"2024-10-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Reliability Engineering & System Safety\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0951832024006008\",\"RegionNum\":1,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, INDUSTRIAL\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832024006008","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
引用次数: 0

摘要

互联自动驾驶汽车(CAVs)的风险评估至关重要,因为它综合了安全和安保因素,可在有效降低潜在危险和脆弱性的同时确保可靠运行。然而,现有的风险评估方法存在两个缺陷:回避量化和未充分考虑威胁。为此,我们提出了一种可量化的风险评估方法,该方法结合了 STRIDE 威胁模型,以解决 CAV 中的网络安全问题。具体来说,我们首先提出了改进的 STPA-SafeSec 危险分析方法,使用通用因果关系图和 STRIDE 来识别因果关系、安全和安保要求以及相应的缓解措施。然后,我们提出了一种用于全面量化系统风险的贝叶斯网络。通过这种方法,可以进行定量风险评估、敏感性分析、风险控制措施优先级排序以及收益成本分析,并通过设计的贪婪优化算法进行辅助。对一辆真实的开源测试车辆进行的案例研究表明,所提出的方法不仅能对危险和漏洞进行全面分析,还能提供定量风险评估。比较评估表明,与现有方法相比,拟议方法在分析结果(实用性)、分析步骤(可用性)和分析过程(效率)方面都具有显著优势。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network
Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Reliability Engineering & System Safety
Reliability Engineering & System Safety 管理科学-工程:工业
CiteScore
15.20
自引率
39.50%
发文量
621
审稿时长
67 days
期刊介绍: Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信