Cybersecurity Threat Analysis and Risk Assessment for Intelligent Connected Vehicles
Downloads
With the rapid development of intelligent connected vehicles, cybersecurity issues have become increasingly prominent, posing significant challenges to vehicle safety and user privacy. This paper conducts a study on threat analysis and risk assessment (TARA) for intelligent connected vehicles based on the ISO/SAE 21434 standard. The research analyses and examines the practical methodologies of the standard from systematic and practical perspectives, constructing a comprehensive risk assessment framework that covers risk identification, analysis, assessment and response strategies. The rationality and effectiveness of the framework are validated through case studies. This study not only provides systematic security guidance for automotive manufacturers and technology developers but also offers empirical evidence for regulatory compliance reviews, thereby promoting the secure development of intelligent connected vehicles.
Downloads
Li J, Liu H, Wang H. Editorial for the special issue on safety for intelligent and connected vehicles. Engineering. 2024;33(2):1-2. DOI: 10.1016/j.eng.2024.01.005
Yang DG, et al. Intelligent and connected vehicles: Current status and future perspectives. Science China (Technological Sciences). 2018;61(10):1446-1471. DOI: 10.1007/s11431-017-9338-1
International Organization for Standardization. ISO 21434: Road vehicles—Cybersecurity engineering, 2021.
Bergler M, Tavakoli-Kolagari R. Automotive software security engineering based on the ISO 21434. In: Proceedings of the 2023 5th World Symposium on Software Engineering (WSSE '23). Association for Computing Machinery. 2023:17-26. DOI: 10.1145/3631991.3631994
Vielberth M, et al. Elevating TARA: A maturity model for automotive threat analysis and risk assessment. In: Proceedings of the 19th International Conference on Availability, Reliability and Security (ARES '24). Association for Computing Machinery. 2024:1-9. DOI: 10.1145/3664476.3670888
Macher G, et al. A review of threat analysis and risk assessment methods in the automotive context. Lect Notes Comput Sci. 2016;9556:130-141. DOI: 10.1007/978-3-319-45477-1_11
Schmittner C, et al. Using SAE J3061 for automotive security requirement engineering. Lect Notes Comput Sci. 2016;9556:157-170. DOI: 10.1007/978-3-319-45480-1_13
Zhang Y, et al. Information securityrisk assessment of DCS based on STRIDE threat model. Journal of Shanghai Jiaotong University. 2018;52(S1):142-146.
Li F. Android application security testing method based on STRIDE. Shanghai: Donghua University, 2017.
Lautenbach A, Almgren M, Olovsson T. Proposing HEAVENS 2.0—an automotive risk assessment model. In: Proceedings of the 2021 ACM SIGCOMM Conference on Data Communication. Association for Computing Machinery; 2021:1-10. DOI: 10.1145/3488904.3493378
Costantino G, De Vincenzi M, Matteucci I. A Comparative Analysis of UNECE WP.29 R155 and ISO/SAE 21434. 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, 2022, pp. 340-347. DOI: 10.1109/EuroSPW55150.2022.00041
Ward D, Wooderson P. Automotive cybersecurity: An introduction to ISO/SAE 21434. Warrendale, PA, USA: SAE International; 2021.
C. Ebert. Security requirements engineering: From TARA to PenTest, 2019 IEEE 27th International Requirements Engineering Conference (RE). Jeju, Korea (South), 2019, pp. 500-501. DOI: 10.1109/RE.2019.00074
Japs S, et al. Model-based systems engineering using security design patterns in the context of ISO/SAE 21434. Proceedings of the Design Society. 2023;3:2675-2684. DOI: 10.1017/pds.2023.268
Baotian L, et al. Research on multi-layer cybersecurity protection system of intelligent and connected vehicles. China Automotive Technology and Research Center. 2023. DOI: 10.1117/12.2684504
Copyright (c) 2026 Huasheng Xie, Lie Wang
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
