Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin
{"title":"Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network","authors":"Qi Liu , Ke Sun , Wenqi Liu , Yufeng Li , Xiangyu Zheng , Chenhong Cao , Jiangtao Li , Wutao Qin","doi":"10.1016/j.ress.2024.110528","DOIUrl":null,"url":null,"abstract":"<div><div>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</div></div>","PeriodicalId":54500,"journal":{"name":"Reliability Engineering & System Safety","volume":null,"pages":null},"PeriodicalIF":9.4000,"publicationDate":"2024-10-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Reliability Engineering & System Safety","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0951832024006008","RegionNum":1,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, INDUSTRIAL","Score":null,"Total":0}
引用次数: 0
Abstract
Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.
期刊介绍:
Elsevier publishes Reliability Engineering & System Safety in association with the European Safety and Reliability Association and the Safety Engineering and Risk Analysis Division. The international journal is devoted to developing and applying methods to enhance the safety and reliability of complex technological systems, like nuclear power plants, chemical plants, hazardous waste facilities, space systems, offshore and maritime systems, transportation systems, constructed infrastructure, and manufacturing plants. The journal normally publishes only articles that involve the analysis of substantive problems related to the reliability of complex systems or present techniques and/or theoretical results that have a discernable relationship to the solution of such problems. An important aim is to balance academic material and practical applications.