A system theoretic approach to cybersecurity risks analysis of passenger autonomous vehicles
Author(s)
Lee, Chee Wei, S.M. Massachusetts Institute of Technology
DownloadFull printable version (25.43Mb)
Other Contributors
Massachusetts Institute of Technology. Integrated Design and Management Program.
Advisor
Stuart Madnick and Allen Moulton.
Terms of use
Metadata
Show full item recordAbstract
Urban Mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, as well as connected and self-driving vehicles. Technological advancements often lead to new hazards and changing nature in how accidents can happen. Coupled with increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as one of the key threats affecting the safety of these vehicles. Traditional methods treat safety and security analysis in isolation, and are limited in the ability to account for interactions among organizational, socio-technical, human, and technical components. In response to these challenges, the System Theoretic Process Analysis (STPA) was developed to meet the growing need for system engineers to analyze such complex socio-technical systems. We applied STPA-Sec, an extension to STPA to include security analysis, to co-analyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service use case, focusing on over-the-air software updates feature. Overall, STPA-Sec identified additional hazards and more effective requirements compared to CHASSIS. In particular, STPA-Sec demonstrated the ability to identify hazards due to unsafe/ unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for STPA-Sec. Finally, results from both methods were back-tested against a past cyber hack on a vehicular system, and we found that recommendations from STPA-Sec were likely to mitigate the risks of the incident.
Description
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2018. Cataloged from PDF version of thesis. Includes bibliographical references (pages 107-109).
Date issued
2018Department
Massachusetts Institute of Technology. Engineering and Management Program; Massachusetts Institute of Technology. Integrated Design and Management Program.Publisher
Massachusetts Institute of Technology
Keywords
Engineering and Management Program., Integrated Design and Management Program.