Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network

Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: sh...

Full description

Saved in:
Bibliographic Details
Published in:Reliability engineering & system safety 2025-01, Vol.253, p.110528, Article 110528
Main Authors: Liu, Qi, Sun, Ke, Liu, Wenqi, Li, Yufeng, Zheng, Xiangyu, Cao, Chenhong, Li, Jiangtao, Qin, Wutao
Format: Article
Language:English
Subjects:
CAVs
Quantification
Risk assessment
Safety
Security
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.
ISSN:0951-8320
DOI:10.1016/j.ress.2024.110528