Publications – AUTOPSY

AUTOMOTIVE Autonomous Vehicle AUTOPSY cloud computing Connected Cyber-Physical Systems (CPS) GDPR IoT PETs Privacy Privacy engineering framework Security Threat Analysis 
Show all
2022
 Chah, Badreddine;  Lombard, Alexandre;  Bkakria, Anis;  Yaich, Reda;  Abbas-Turki, Abdeljalil;  Galland, Stéphane
Privacy Threat Analysis for connected and autonomous vehicles Journal Article 
In: Procedia Computer Science, vol. 210, pp. 36-44, 2022, ISSN: 1877-0509, (The 13th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN) / The 12th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare (ICTH-2022) / Affiliated Workshops).
Abstract | Links | BibTeX | Tags: Autonomous Vehicle, Connected, Cyber-Physical Systems (CPS), Privacy, Privacy engineering framework, Security, Threat Analysis
@article{CHAH202236,

title = {Privacy Threat Analysis for connected and autonomous vehicles},

author = {Badreddine Chah and Alexandre Lombard and Anis Bkakria and Reda Yaich and Abdeljalil Abbas-Turki and Stéphane Galland},

url = {https://www.sciencedirect.com/science/article/pii/S1877050922015733},

doi = {https://doi.org/10.1016/j.procs.2022.10.117},

issn = {1877-0509},

year  = {2022},

date = {2022-01-01},

journal = {Procedia Computer Science},

volume = {210},

pages = {36-44},

abstract = {Connected and autonomous vehicles produce, store and communicate a large amount of personal data (the route taken, the stop points, home and work addresses, etc.). The development of this type of vehicles brings the opportunity to offer new services to road users, with more software and hardware components on the vehicle. Many of these components suffer from weaknesses that can be exploited. The issue is that a single vulnerability in one element of the system will threaten the privacy of the vehicle's users (The weakest link principle of IT security). In this paper, we present a privacy threat analysis on the general architecture of connected and autonomous vehicles, to point out privacy risks according to formal privacy requirements. We present a use case modularization and its analysis that helps us to discern the privacy requirements of this use case, which can be enabled by manufacturers. To meet the previous objectives, we follow a LINDDUN methodology of privacy threat analysis},

note = {The 13th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN) / The 12th International Conference on Current and Future Trends of Information and Communication Technologies in Healthcare (ICTH-2022) / Affiliated Workshops},

keywords = {Autonomous Vehicle, Connected, Cyber-Physical Systems (CPS), Privacy, Privacy engineering framework, Security, Threat Analysis},

pubstate = {published},

tppubtype = {article}

}

Close
Connected and autonomous vehicles produce, store and communicate a large amount of personal data (the route taken, the stop points, home and work addresses, etc.). The development of this type of vehicles brings the opportunity to offer new services to road users, with more software and hardware components on the vehicle. Many of these components suffer from weaknesses that can be exploited. The issue is that a single vulnerability in one element of the system will threaten the privacy of the vehicle's users (The weakest link principle of IT security). In this paper, we present a privacy threat analysis on the general architecture of connected and autonomous vehicles, to point out privacy risks according to formal privacy requirements. We present a use case modularization and its analysis that helps us to discern the privacy requirements of this use case, which can be enabled by manufacturers. To meet the previous objectives, we follow a LINDDUN methodology of privacy threat analysis
Close
https://www.sciencedirect.com/science/article/pii/S1877050922015733
doi:https://doi.org/10.1016/j.procs.2022.10.117
Close