JoWUA

Abstract

Technological advances, consumer demands for advanced automotive assistant systems, and systems connectivity make cyber-security an essential requirement for ride-hailing service providers. While the final goal of autonomous vehicles (AVs) is to enable driverless rides, ride-hailing companies and their users - passengers - are the main stakeholders of the autonomous vehicles systems. However, to the best of our knowledge, there are no methods that prescribe how to protect passengers’ data and manage security risks in AVs. This paper aims to determine how passenger’s data can be protected in autonomous vehicles. The paper presents an approach to security risk management in the Passenger-AV interaction based on the domain model for information systems security risk management (ISSRM). The research results in the identified protected assets and a threat model. The security risks are detected based on the proposed threat model, and corresponding security requirements are elicited. Finally, we present an approach for the security risks and requirements assessment that facilitate defining a risk reduction strategy. The research is conducted as a case study in the lab settings. The findings are not dependant on the AV hardware architecture and can be generalised to other scenarios of Passenger–AV interaction. They are suitable for AV systems used by ride-hailing service providers that enable supervisory AV control. The presented data protection approach is also appropriate for other autonomous motor vehicle types that transport people.