Information Security Risks Analysis and Assessment
in the Passenger-Autonomous Vehicle Interaction

Mariia Bakhtina⁺ and Raimundas Matulevičius

Institute of Computer Science, University of Tartu, Tartu, 51009, Estonia
{mariia.bakhtina, raimundas.matulevicius}@ut.ee

Abstract

Technological advances, consumer demands for advanced automotive assistant systems, and systems connectivity make cyber-security an essential requirement for ride-hailing service providers. While the final goal of autonomous vehicles (AVs) is to enable driverless rides, ride-hailing companies and their users - passengers - are the main stakeholders of the autonomous vehicles systems. However, to the best of our knowledge, there are no methods that prescribe how to protect passengers’ data and manage security risks in AVs. This paper aims to determine how passenger’s data can be protected in autonomous vehicles. The paper presents an approach to security risk management in the Passenger-AV interaction based on the domain model for information systems security risk management (ISSRM). The research results in the identified protected assets and a threat model. The security risks are detected based on the proposed threat model, and corresponding security requirements are elicited. Finally, we present an approach for the security risks and requirements assessment that facilitate defining a risk reduction strategy. The research is conducted as a case study in the lab settings. The findings are not dependant on the AV hardware architecture and can be generalised to other scenarios of Passenger–AV interaction. They are suitable for AV systems used by ride-hailing service providers that enable supervisory AV control. The presented data protection approach is also appropriate for other autonomous motor vehicle types that transport people.

Keywords: Autonomous Vehicles, Information System Security Risk Management, Risk Assessment, Requirements Prioritisation

+: Corresponding author: Mariia Bakhtina
Institute of Computer Science, University of Tartu, Narva mnt. 18, 51009, Tartu, Estonia, Tel: +372-737-5421,
Web: https://cs.ut.ee/

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA)
Vol. 13, No. 1, pp. 87-111, March 2022 [pdf]