| dc.contributor.advisor | Stuart Madnick and Allen Moulton. | en_US |
| dc.contributor.author | Lee, Chee Wei, S.M. Massachusetts Institute of Technology | en_US |
| dc.contributor.other | Massachusetts Institute of Technology. Integrated Design and Management Program. | en_US |
| dc.date.accessioned | 2018-10-15T20:24:28Z | |
| dc.date.available | 2018-10-15T20:24:28Z | |
| dc.date.copyright | 2018 | en_US |
| dc.date.issued | 2018 | en_US |
| dc.identifier.uri | http://hdl.handle.net/1721.1/118541 | |
| dc.description | Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2018. | en_US |
| dc.description | Cataloged from PDF version of thesis. | en_US |
| dc.description | Includes bibliographical references (pages 107-109). | en_US |
| dc.description.abstract | Urban Mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, as well as connected and self-driving vehicles. Technological advancements often lead to new hazards and changing nature in how accidents can happen. Coupled with increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as one of the key threats affecting the safety of these vehicles. Traditional methods treat safety and security analysis in isolation, and are limited in the ability to account for interactions among organizational, socio-technical, human, and technical components. In response to these challenges, the System Theoretic Process Analysis (STPA) was developed to meet the growing need for system engineers to analyze such complex socio-technical systems. We applied STPA-Sec, an extension to STPA to include security analysis, to co-analyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service use case, focusing on over-the-air software updates feature. Overall, STPA-Sec identified additional hazards and more effective requirements compared to CHASSIS. In particular, STPA-Sec demonstrated the ability to identify hazards due to unsafe/ unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for STPA-Sec. Finally, results from both methods were back-tested against a past cyber hack on a vehicular system, and we found that recommendations from STPA-Sec were likely to mitigate the risks of the incident. | en_US |
| dc.description.statementofresponsibility | by Chee Wei Lee. | en_US |
| dc.format.extent | 109 pages | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Massachusetts Institute of Technology | en_US |
| dc.rights | MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. | en_US |
| dc.rights.uri | http://dspace.mit.edu/handle/1721.1/7582 | en_US |
| dc.subject | Engineering and Management Program. | en_US |
| dc.subject | Integrated Design and Management Program. | en_US |
| dc.title | A system theoretic approach to cybersecurity risks analysis of passenger autonomous vehicles | en_US |
| dc.type | Thesis | en_US |
| dc.description.degree | S.M. in Engineering and Management | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Engineering and Management Program | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Integrated Design and Management Program. | en_US |
| dc.identifier.oclc | 1055161652 | en_US |
