VeRA: A Simplified Security Risk Analysis Method for Autonomous Vehicles

Risk analysis/assessment is an indispensable process during the design and development of Autonomous Vehicles (AVs), which is in charge of evaluating whether the risk of an attack is critical or minor. However, current risk analysis methods either are time-consuming or not suitable for Connected and Autonomous Vehicles (CAVs). In this paper, an efficient security risk analysis method, Vehicles Risk Analysis (VeRA), is proposed, fitting for evaluating the risks of attacks in the context of AV and CAVs. VeRA firstly considers the human capabilities and vehicle automation level to conduct a security risk analysis. Meanwhile, compared to the benchmark (i.e., SAE J3061), VeRA uses a simplified analysis process and fewer factors, significantly reducing the required analysis time without affecting analysis accuracy. Moreover, based on VeRA, a simple but efficient mathematical model is established to assess the risk value by considering the attack probability, severity and human control, avoiding the tedious process of looking up tables in previous methods. A case study on a general AV model shows that VeRA not only captures the critical attacks as accurate as other methods, but also analyzes the changes of human controllability with the vehicle's automation level. The performance compared to other available methods shows that VeRA can obtain the same analysis results by using around 43\% less time than the benchmark.