Security Risk Management in Autonomous Driving Vehicles: Architecture Perspective



Journal Title

Journal ISSN

Volume Title


Tartu Ülikool


Security risk management is an essential part of any system development, including auton-omous driving vehicles. For autonomous driving service providers, it is necessary to know what risks exist in the system and how they could be mitigated. Security risk management methods allow system stakeholders to manage the security risks within their systems. Un-fortunately, an accepted standard to carry out security risk management, specifically for autonomous vehicles, is not presented in the reviewed literature. In this thesis, we propose a method for security risk management in the autonomous driving field, with a focus on the architecture of the car. The proposed method combines two well-known methods: the security risk management (SRM) method to define the asset, risk and risk-treatment related concepts, and the OCTAVE Allegro method for risk impact assess-ment. Asset, risk and countermeasure findings from reviewed literature were first used to illustrate the proposed security risk management approach. Then, a case study -- a Bolt au-tonomous vehicle prototype -- was introduced to demonstrate a practical security risk man-agement scenario, validated by experts in autonomous vehicles and security risk manage-ment. The study finds that the combination of SRM and OCTAVE Allegro combines the strong suits of both methods to provide a systematic approach for security risk management in autonomous driving vehicles, useful to the system stakeholders.



Security risk management, SRM, Autonomous driving, OCTAVE Allegro