Loading…
Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network
Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: sh...
Saved in:
| Published in: | Reliability engineering & system safety 2025-01, Vol.253, p.110528, Article 110528 |
|---|---|
| Main Authors: | , , , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | cdi_FETCH-LOGICAL-c181t-800892475a5eadd11291c26c0a0658b63fc114adebfbc495c018f64e1019ff0f3 |
| container_end_page | |
| container_issue | |
| container_start_page | 110528 |
| container_title | Reliability engineering & system safety |
| container_volume | 253 |
| creator | Liu, Qi Sun, Ke Liu, Wenqi Li, Yufeng Zheng, Xiangyu Cao, Chenhong Li, Jiangtao Qin, Wutao |
| description | Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches. |
| doi_str_mv | 10.1016/j.ress.2024.110528 |
| format | article |
| fullrecord | <record><control><sourceid>elsevier_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1016_j_ress_2024_110528</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0951832024006008</els_id><sourcerecordid>S0951832024006008</sourcerecordid><originalsourceid>FETCH-LOGICAL-c181t-800892475a5eadd11291c26c0a0658b63fc114adebfbc495c018f64e1019ff0f3</originalsourceid><addsrcrecordid>eNp9kMtOwzAQRb0AifL4AVb-gYSxm6QOYlMqHpUqAWpha7nOuLhtnMp2i_r3OCprVjPS6IzuPYTcMsgZsOpunXsMIefAi5wxKLk4IwOoS5aJIYcLchnCGgCKuhwNyP5jr1y0UUV7QOpt2FAVQuJbdJGazlPdOYc6YkPVPnat6rcv_LZ6i-GeTl3ElU-0W1Hb7nx3SOf54n2czZXBOWqqXEMf1RGDVY46jD-d31yTc6O2AW_-5hX5fH5aTF6z2dvLdDKeZZoJFjMBIGpejEpVomoaxnjNNK80KKhKsayGRjNWqAaXZqlTHw1MmKrApKE2BszwivDTX-27EDwaufO2Vf4oGchellzLXpbsZcmTrAQ9nCBMyQ4WvQzaotPYWJ9EyKaz_-G_y2N3jA</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network</title><source>ScienceDirect Freedom Collection</source><creator>Liu, Qi ; Sun, Ke ; Liu, Wenqi ; Li, Yufeng ; Zheng, Xiangyu ; Cao, Chenhong ; Li, Jiangtao ; Qin, Wutao</creator><creatorcontrib>Liu, Qi ; Sun, Ke ; Liu, Wenqi ; Li, Yufeng ; Zheng, Xiangyu ; Cao, Chenhong ; Li, Jiangtao ; Qin, Wutao</creatorcontrib><description>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</description><identifier>ISSN: 0951-8320</identifier><identifier>DOI: 10.1016/j.ress.2024.110528</identifier><language>eng</language><publisher>Elsevier Ltd</publisher><subject>CAVs ; Quantification ; Risk assessment ; Safety ; Security</subject><ispartof>Reliability engineering & system safety, 2025-01, Vol.253, p.110528, Article 110528</ispartof><rights>2024</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c181t-800892475a5eadd11291c26c0a0658b63fc114adebfbc495c018f64e1019ff0f3</cites><orcidid>0000-0003-3893-7731</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Liu, Qi</creatorcontrib><creatorcontrib>Sun, Ke</creatorcontrib><creatorcontrib>Liu, Wenqi</creatorcontrib><creatorcontrib>Li, Yufeng</creatorcontrib><creatorcontrib>Zheng, Xiangyu</creatorcontrib><creatorcontrib>Cao, Chenhong</creatorcontrib><creatorcontrib>Li, Jiangtao</creatorcontrib><creatorcontrib>Qin, Wutao</creatorcontrib><title>Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network</title><title>Reliability engineering & system safety</title><description>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</description><subject>CAVs</subject><subject>Quantification</subject><subject>Risk assessment</subject><subject>Safety</subject><subject>Security</subject><issn>0951-8320</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><recordid>eNp9kMtOwzAQRb0AifL4AVb-gYSxm6QOYlMqHpUqAWpha7nOuLhtnMp2i_r3OCprVjPS6IzuPYTcMsgZsOpunXsMIefAi5wxKLk4IwOoS5aJIYcLchnCGgCKuhwNyP5jr1y0UUV7QOpt2FAVQuJbdJGazlPdOYc6YkPVPnat6rcv_LZ6i-GeTl3ElU-0W1Hb7nx3SOf54n2czZXBOWqqXEMf1RGDVY46jD-d31yTc6O2AW_-5hX5fH5aTF6z2dvLdDKeZZoJFjMBIGpejEpVomoaxnjNNK80KKhKsayGRjNWqAaXZqlTHw1MmKrApKE2BszwivDTX-27EDwaufO2Vf4oGchellzLXpbsZcmTrAQ9nCBMyQ4WvQzaotPYWJ9EyKaz_-G_y2N3jA</recordid><startdate>202501</startdate><enddate>202501</enddate><creator>Liu, Qi</creator><creator>Sun, Ke</creator><creator>Liu, Wenqi</creator><creator>Li, Yufeng</creator><creator>Zheng, Xiangyu</creator><creator>Cao, Chenhong</creator><creator>Li, Jiangtao</creator><creator>Qin, Wutao</creator><general>Elsevier Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-3893-7731</orcidid></search><sort><creationdate>202501</creationdate><title>Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network</title><author>Liu, Qi ; Sun, Ke ; Liu, Wenqi ; Li, Yufeng ; Zheng, Xiangyu ; Cao, Chenhong ; Li, Jiangtao ; Qin, Wutao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c181t-800892475a5eadd11291c26c0a0658b63fc114adebfbc495c018f64e1019ff0f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><topic>CAVs</topic><topic>Quantification</topic><topic>Risk assessment</topic><topic>Safety</topic><topic>Security</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Liu, Qi</creatorcontrib><creatorcontrib>Sun, Ke</creatorcontrib><creatorcontrib>Liu, Wenqi</creatorcontrib><creatorcontrib>Li, Yufeng</creatorcontrib><creatorcontrib>Zheng, Xiangyu</creatorcontrib><creatorcontrib>Cao, Chenhong</creatorcontrib><creatorcontrib>Li, Jiangtao</creatorcontrib><creatorcontrib>Qin, Wutao</creatorcontrib><collection>CrossRef</collection><jtitle>Reliability engineering & system safety</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Liu, Qi</au><au>Sun, Ke</au><au>Liu, Wenqi</au><au>Li, Yufeng</au><au>Zheng, Xiangyu</au><au>Cao, Chenhong</au><au>Li, Jiangtao</au><au>Qin, Wutao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network</atitle><jtitle>Reliability engineering & system safety</jtitle><date>2025-01</date><risdate>2025</risdate><volume>253</volume><spage>110528</spage><pages>110528-</pages><artnum>110528</artnum><issn>0951-8320</issn><abstract>Connected automated vehicles (CAVs) risk assessment is of paramount significance, as it integrates safety and security factors to ensure dependable operation while effectively mitigating potential hazards and vulnerabilities. However, existing risk assessment methods suffer from two shortcomings: shying away from quantification and insufficiently considering threats. To this end, we propose a quantifiable risk assessment method, which incorporates the STRIDE threat model to address cybersecurity concerns within the context of CAVs. Specifically, we first present improved STPA-SafeSec for hazard analysis, using a generic causal factor diagram and STRIDE to identify causal factors, safety and security requirements, and the corresponding mitigations. Then, we propose a Bayesian Network for comprehensive quantification of system risk. This approach enables quantitative risk assessment, sensitivity analysis, prioritization of risk control measures, and benefit cost analysis that aided by a designed greedy optimization algorithm. A case study on a real open-source test vehicle demonstrates that the proposed method not only offers a comprehensive analysis of hazards and vulnerabilities, but also provides a quantitative risk assessment. Comparative assessments suggest that the proposed method exhibits a notable advantage in terms of analysis results (utility), analysis steps (usability), and the analysis process (efficiency) when compared to existing approaches.</abstract><pub>Elsevier Ltd</pub><doi>10.1016/j.ress.2024.110528</doi><orcidid>https://orcid.org/0000-0003-3893-7731</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0951-8320 |
| ispartof | Reliability engineering & system safety, 2025-01, Vol.253, p.110528, Article 110528 |
| issn | 0951-8320 |
| language | eng |
| recordid | cdi_crossref_primary_10_1016_j_ress_2024_110528 |
| source | ScienceDirect Freedom Collection |
| subjects | CAVs Quantification Risk assessment Safety Security |
| title | Quantitative risk assessment for connected automated Vehicles: Integrating improved STPA-SafeSec and Bayesian network |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T05%3A32%3A20IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-elsevier_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Quantitative%20risk%20assessment%20for%20connected%20automated%20Vehicles:%20Integrating%20improved%20STPA-SafeSec%20and%20Bayesian%20network&rft.jtitle=Reliability%20engineering%20&%20system%20safety&rft.au=Liu,%20Qi&rft.date=2025-01&rft.volume=253&rft.spage=110528&rft.pages=110528-&rft.artnum=110528&rft.issn=0951-8320&rft_id=info:doi/10.1016/j.ress.2024.110528&rft_dat=%3Celsevier_cross%3ES0951832024006008%3C/elsevier_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c181t-800892475a5eadd11291c26c0a0658b63fc114adebfbc495c018f64e1019ff0f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |