Autonomous Vehicle Security: Hybrid Threat Modeling Approach
Autonomous vehicles (AVs) are poised to revolutionize modern transportation, offering enhanced safety, efficiency, and convenience. However, AV architectures' increasing connectivity and complexity have introduced significant cybersecurity risks. This survey provides a comprehensive revie...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Open Journal of Vehicular Technology |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11039067/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849430937500123136 |
|---|---|
| author | Amal Yousseef Yu-Zheng Lin Shalaka Satam Banafsheh Saber Latibari Jesus Pacheco Soheil Salehi Salim Hariri Pratik Satam |
| author_facet | Amal Yousseef Yu-Zheng Lin Shalaka Satam Banafsheh Saber Latibari Jesus Pacheco Soheil Salehi Salim Hariri Pratik Satam |
| author_sort | Amal Yousseef |
| collection | DOAJ |
| description | Autonomous vehicles (AVs) are poised to revolutionize modern transportation, offering enhanced safety, efficiency, and convenience. However, AV architectures' increasing connectivity and complexity have introduced significant cybersecurity risks. This survey provides a comprehensive review of AV security challenges, focusing on widely adopted threat modeling frameworks such as STRIDE, DREAD, andMITRE ATT&CK. By examining common attack vectors and real-world case studies, including the Jeep Cherokee and Tesla Model S exploits, we highlight the urgent need for robust cybersecurity in in-vehicle systems and external interfaces. To complement existing modeling practices, we introduce Hybrid-SCDM, a novel framework that combines STRIDE-based threat classification with CVSS-derived DREAD scoring. This model transforms qualitative threat identification into quantitative risk prioritization by mapping CVSS metrics to DREAD dimensions through normalization. Applied to a generic multi-layered AV architecture, our findings show that intra-vehicle networks, especially CAN bus spoofing and fuzzing attacks, and suspension attacks, represent the most critical vulnerabilities due to their high exploitability and systemic impact. Beyond technical modeling, the survey explores emerging defense mechanisms such as blockchain-enabled Vehicle-to-Everything (V2X) communication, AI-driven anomaly detection, and secure Over-The-Air (OTA) updates. We also examine legal and ethical considerations surrounding data privacy, user safety, and regulatory compliance. By integrating analytical modeling with broad system insights, this work provides actionable recommendations for advancing the cybersecurity posture of autonomous vehicles. |
| format | Article |
| id | doaj-art-07c2fbdd088e45c495340fb4904c4145 |
| institution | Kabale University |
| issn | 2644-1330 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Open Journal of Vehicular Technology |
| spelling | doaj-art-07c2fbdd088e45c495340fb4904c41452025-08-20T03:27:48ZengIEEEIEEE Open Journal of Vehicular Technology2644-13302025-01-0161774179510.1109/OJVT.2025.358053811039067Autonomous Vehicle Security: Hybrid Threat Modeling ApproachAmal Yousseef0Yu-Zheng Lin1https://orcid.org/0000-0001-7975-3694Shalaka Satam2Banafsheh Saber Latibari3https://orcid.org/0000-0003-3735-9191Jesus Pacheco4https://orcid.org/0000-0002-8636-5902Soheil Salehi5https://orcid.org/0000-0001-5998-8795Salim Hariri6https://orcid.org/0000-0003-3956-3401Pratik Satam7Department of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Industrial Engineering, University of Sonora, Hermosillo, MexicoDepartment of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Electrical and Computer Engineering, University of Arizona, Tucson, AZ, USADepartment of Systems and Industrial Engineering, University of Arizona, Tucson, AZ, USAAutonomous vehicles (AVs) are poised to revolutionize modern transportation, offering enhanced safety, efficiency, and convenience. However, AV architectures' increasing connectivity and complexity have introduced significant cybersecurity risks. This survey provides a comprehensive review of AV security challenges, focusing on widely adopted threat modeling frameworks such as STRIDE, DREAD, andMITRE ATT&CK. By examining common attack vectors and real-world case studies, including the Jeep Cherokee and Tesla Model S exploits, we highlight the urgent need for robust cybersecurity in in-vehicle systems and external interfaces. To complement existing modeling practices, we introduce Hybrid-SCDM, a novel framework that combines STRIDE-based threat classification with CVSS-derived DREAD scoring. This model transforms qualitative threat identification into quantitative risk prioritization by mapping CVSS metrics to DREAD dimensions through normalization. Applied to a generic multi-layered AV architecture, our findings show that intra-vehicle networks, especially CAN bus spoofing and fuzzing attacks, and suspension attacks, represent the most critical vulnerabilities due to their high exploitability and systemic impact. Beyond technical modeling, the survey explores emerging defense mechanisms such as blockchain-enabled Vehicle-to-Everything (V2X) communication, AI-driven anomaly detection, and secure Over-The-Air (OTA) updates. We also examine legal and ethical considerations surrounding data privacy, user safety, and regulatory compliance. By integrating analytical modeling with broad system insights, this work provides actionable recommendations for advancing the cybersecurity posture of autonomous vehicles.https://ieeexplore.ieee.org/document/11039067/Autonomous vehiclescybersecuritythreat modelingin-vehicle networkvehicle-to-everything (V2X) security |
| spellingShingle | Amal Yousseef Yu-Zheng Lin Shalaka Satam Banafsheh Saber Latibari Jesus Pacheco Soheil Salehi Salim Hariri Pratik Satam Autonomous Vehicle Security: Hybrid Threat Modeling Approach IEEE Open Journal of Vehicular Technology Autonomous vehicles cybersecurity threat modeling in-vehicle network vehicle-to-everything (V2X) security |
| title | Autonomous Vehicle Security: Hybrid Threat Modeling Approach |
| title_full | Autonomous Vehicle Security: Hybrid Threat Modeling Approach |
| title_fullStr | Autonomous Vehicle Security: Hybrid Threat Modeling Approach |
| title_full_unstemmed | Autonomous Vehicle Security: Hybrid Threat Modeling Approach |
| title_short | Autonomous Vehicle Security: Hybrid Threat Modeling Approach |
| title_sort | autonomous vehicle security hybrid threat modeling approach |
| topic | Autonomous vehicles cybersecurity threat modeling in-vehicle network vehicle-to-everything (V2X) security |
| url | https://ieeexplore.ieee.org/document/11039067/ |
| work_keys_str_mv | AT amalyousseef autonomousvehiclesecurityhybridthreatmodelingapproach AT yuzhenglin autonomousvehiclesecurityhybridthreatmodelingapproach AT shalakasatam autonomousvehiclesecurityhybridthreatmodelingapproach AT banafshehsaberlatibari autonomousvehiclesecurityhybridthreatmodelingapproach AT jesuspacheco autonomousvehiclesecurityhybridthreatmodelingapproach AT soheilsalehi autonomousvehiclesecurityhybridthreatmodelingapproach AT salimhariri autonomousvehiclesecurityhybridthreatmodelingapproach AT pratiksatam autonomousvehiclesecurityhybridthreatmodelingapproach |