{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,25]],"date-time":"2025-09-25T14:05:31Z","timestamp":1758809131757,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":51,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,24]],"date-time":"2022-10-24T00:00:00Z","timestamp":1666569600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["DGE-1934279"],"award-info":[{"award-number":["DGE-1934279"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Toyota InfoTech Labs"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,24]]},"DOI":"10.1145\/3584318.3584325","type":"proceedings-article","created":{"date-parts":[[2023,6,26]],"date-time":"2023-06-26T22:06:15Z","timestamp":1687817175000},"page":"90-103","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Autonomous Vehicle Security: Composing Attack, Defense, and Policy Surfaces"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8316-4929","authenticated-orcid":false,"given":"Michael","family":"Clifford","sequence":"first","affiliation":[{"name":"Toyota InfoTech Labs, Toyota Motor North America, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6736-7347","authenticated-orcid":false,"given":"Miriam","family":"Heller","sequence":"additional","affiliation":[{"name":"MHITech Systems, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1464-2966","authenticated-orcid":false,"given":"Karl","family":"Levitt","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Davis, United States"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7301-7060","authenticated-orcid":false,"given":"Matt","family":"Bishop","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of California, Davis, United States"}]}],"member":"320","published-online":{"date-parts":[[2023,6,26]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389","author":"Biggio Battista","year":"2012","unstructured":"Battista Biggio , Blaine Nelson , and Pavel Laskov . 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 ( 2012 ). Battista Biggio, Blaine Nelson, and Pavel Laskov. 2012. Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)."},{"key":"e_1_3_2_1_2_1","volume-title":"Computer Security: Art and Science","author":"Bishop Matt","year":"2019","unstructured":"Matt Bishop . 2019 . Computer Security: Art and Science ( second ed.). Addison-Wesley , Boston, MA, USA . Matt Bishop. 2019. Computer Security: Art and Science (second ed.). Addison-Wesley, Boston, MA, USA."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2014.40"},{"key":"e_1_3_2_1_4_1","unstructured":"BishopFox. 2022. BishopFox: Attack Surface Management. https:\/\/bishopfox.com\/platform\/attack-surface-management  BishopFox. 2022. BishopFox: Attack Surface Management. https:\/\/bishopfox.com\/platform\/attack-surface-management"},{"volume-title":"New contributions in information systems and technologies","author":"Bjorck Fredrik","key":"e_1_3_2_1_5_1","unstructured":"Fredrik Bjorck , Martin Henkel , Janis Stirna , and Jelena Zdravkovic . 2015. Cyber resilience\u2013fundamentals for a definition . In New contributions in information systems and technologies . Springer , 311\u2013316. Fredrik Bjorck, Martin Henkel, Janis Stirna, and Jelena Zdravkovic. 2015. Cyber resilience\u2013fundamentals for a definition. In New contributions in information systems and technologies. Springer, 311\u2013316."},{"volume-title":"Introduction to discrete event systems","author":"Cassandras G","key":"e_1_3_2_1_6_1","unstructured":"Christos\u00a0 G Cassandras and St\u00e9phane Lafortune . 2008. Introduction to discrete event systems . Springer . Christos\u00a0G Cassandras and St\u00e9phane Lafortune. 2008. Introduction to discrete event systems. Springer."},{"volume-title":"20th USENIX security symposium (USENIX Security 11).","author":"Checkoway Stephen","key":"e_1_3_2_1_7_1","unstructured":"Stephen Checkoway , Damon McCoy , Brian Kantor , Danny Anderson , Hovav Shacham , Stefan Savage , Karl Koscher , Alexei Czeskis , Franziska Roesner , and Tadayoshi Kohno . 2011. Comprehensive experimental analyses of automotive attack surfaces . In 20th USENIX security symposium (USENIX Security 11). Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis, Franziska Roesner, and Tadayoshi Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In 20th USENIX security symposium (USENIX Security 11)."},{"key":"e_1_3_2_1_8_1","volume-title":"National cyber leap year summit 2009: Co-chairs","author":"Chong Fred","year":"2009","unstructured":"Fred Chong , Ruby Lee , A Acquisti , W Horne , C Palmer , A Ghosh , D Pendarakis , W Sanders , E Fleischman , H Teufel\u00a0III, 2009. National cyber leap year summit 2009: Co-chairs \u2019 report. NITRD Program ( 2009 ). Fred Chong, Ruby Lee, A Acquisti, W Horne, C Palmer, A Ghosh, D Pendarakis, W Sanders, E Fleischman, H Teufel\u00a0III, 2009. National cyber leap year summit 2009: Co-chairs\u2019 report. NITRD Program (2009)."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0058022"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2002.1176298"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1998.738650"},{"volume-title":"The Solar Trust Model, Identity, and Anonymity","author":"Clifford Michael\u00a0Allen","key":"e_1_3_2_1_12_1","unstructured":"Michael\u00a0Allen Clifford . 2012. The Solar Trust Model, Identity, and Anonymity . University of California , Davis, Davis, CA, USA . Michael\u00a0Allen Clifford. 2012. The Solar Trust Model, Identity, and Anonymity. University of California, Davis, Davis, CA, USA."},{"key":"e_1_3_2_1_13_1","volume-title":"System Safety Conference","author":"Ericson A","year":"1999","unstructured":"Clifton\u00a0 A Ericson 1999 . Fault tree analysis . In System Safety Conference , Orlando, Florida, Vol.\u00a01. 1\u20139. Clifton\u00a0A Ericson 1999. Fault tree analysis. In System Safety Conference, Orlando, Florida, Vol.\u00a01. 1\u20139."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","unstructured":"Benjamin Eriksson Jonas Groth and Andrei Sabelfeld. 2019. On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform.. In VEHITS. 64\u201375.  Benjamin Eriksson Jonas Groth and Andrei Sabelfeld. 2019. On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform.. In VEHITS. 64\u201375.","DOI":"10.5220\/0007678200002179"},{"key":"e_1_3_2_1_15_1","volume-title":"9th USENIX Workshop on Offensive Technologies (WOOT 15)","author":"Foster Ian","year":"2015","unstructured":"Ian Foster , Andrew Prudhomme , Karl Koscher , and Stefan Savage . 2015 . Fast and vulnerable: A story of telematic failures . In 9th USENIX Workshop on Offensive Technologies (WOOT 15) . Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage. 2015. Fast and vulnerable: A story of telematic failures. In 9th USENIX Workshop on Offensive Technologies (WOOT 15)."},{"key":"e_1_3_2_1_16_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Fredrikson Matthew","year":"2014","unstructured":"Matthew Fredrikson , Eric Lantz , Somesh Jha , Simon Lin , David Page , and Thomas Ristenpart . 2014 . Privacy in pharmacogenetics: An { End-to-End} case study of personalized warfarin dosing . In 23rd USENIX Security Symposium (USENIX Security 14) . 17\u201332. Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in pharmacogenetics: An { End-to-End} case study of personalized warfarin dosing. In 23rd USENIX Security Symposium (USENIX Security 14). 17\u201332."},{"key":"e_1_3_2_1_17_1","unstructured":"Nir Friedman Lise Getoor Daphne Koller and Avi Pfeffer. 1999. Learning probabilistic relational models. In IJCAI Vol.\u00a099. 1300\u20131309.  Nir Friedman Lise Getoor Daphne Koller and Avi Pfeffer. 1999. Learning probabilistic relational models. In IJCAI Vol.\u00a099. 1300\u20131309."},{"key":"e_1_3_2_1_18_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu , Brendan Dolan-Gavitt , and Siddharth Garg . 2017 . Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017). Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/283699.283743"},{"key":"e_1_3_2_1_20_1","unstructured":"Michael Howard. 2003. Fending off future attacks by reducing attack surface.  Michael Howard. 2003. Fending off future attacks by reducing attack surface."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.39"},{"volume-title":"Managing cyber threats","author":"Jajodia Sushil","key":"e_1_3_2_1_22_1","unstructured":"Sushil Jajodia , Steven Noel , and Brian O\u2019berry . 2005. Topological analysis of network attack vulnerability . In Managing cyber threats . Springer , 247\u2013266. Sushil Jajodia, Steven Noel, and Brian O\u2019berry. 2005. Topological analysis of network attack vulnerability. In Managing cyber threats. Springer, 247\u2013266."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.2002.1021806"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1067629.806538"},{"key":"e_1_3_2_1_25_1","unstructured":"Peter\u00a0E Kaloroumakis and Michael\u00a0J Smith. 2021. Toward a knowledge graph of cybersecurity countermeasures. Corporation Editor (2021).  Peter\u00a0E Kaloroumakis and Michael\u00a0J Smith. 2021. Toward a knowledge graph of cybersecurity countermeasures. Corporation Editor (2021)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102150"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-48751-4_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1093\/logcom\/exs029"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN-W54100.2022.00014"},{"key":"e_1_3_2_1_30_1","volume-title":"Fault tree analysis, methods, and applications \u2014 a review","author":"Lee Wen-Shing","year":"1985","unstructured":"Wen-Shing Lee , Doris\u00a0 L Grosh , Frank\u00a0 A Tillman , and Chang\u00a0 H Lie . 1985. Fault tree analysis, methods, and applications \u2014 a review . IEEE transactions on reliability 34, 3 ( 1985 ), 194\u2013203. Wen-Shing Lee, Doris\u00a0L Grosh, Frank\u00a0A Tillman, and Chang\u00a0H Lie. 1985. Fault tree analysis, methods, and applications \u2014 a review. IEEE transactions on reliability 34, 3 (1985), 194\u2013203."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2018.1700319"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2006.302434"},{"volume-title":"An introduction to input\/output automata. Laboratory for Computer Science","author":"Lynch A","key":"e_1_3_2_1_34_1","unstructured":"Nancy\u00a0 A Lynch and Mark\u00a0 R Tuttle . 1988. An introduction to input\/output automata. Laboratory for Computer Science , Massachusetts Institute of Technology . Nancy\u00a0A Lynch and Mark\u00a0R Tuttle. 1988. An introduction to input\/output automata. Laboratory for Computer Science, Massachusetts Institute of Technology."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.60"},{"volume-title":"Moving Target Defense","author":"Manadhata K","key":"e_1_3_2_1_37_1","unstructured":"Pratyusa\u00a0 K Manadhata and Jeannette\u00a0 M Wing . 2011. A formal model for a system\u2019s attack surface . In Moving Target Defense . Springer , 1\u201328. Pratyusa\u00a0K Manadhata and Jeannette\u00a0M Wing. 2011. A formal model for a system\u2019s attack surface. In Moving Target Defense. Springer, 1\u201328."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-81688-9_22"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.3390\/app9235101"},{"key":"e_1_3_2_1_40_1","volume-title":"Phantom of the adas: Phantom attacks on driver-assistance systems. Cryptology ePrint Archive","author":"Nassi Ben","year":"2020","unstructured":"Ben Nassi , Dudi Nassi , Raz Ben-Netanel , Yisroel Mirsky , Oleg Drokin , and Yuval Elovici . 2020. Phantom of the adas: Phantom attacks on driver-assistance systems. Cryptology ePrint Archive ( 2020 ). Ben Nassi, Dudi Nassi, Raz Ben-Netanel, Yisroel Mirsky, Oleg Drokin, and Yuval Elovici. 2020. Phantom of the adas: Phantom attacks on driver-assistance systems. Cryptology ePrint Archive (2020)."},{"key":"e_1_3_2_1_41_1","volume-title":"Secure Cyberspace and Critical Infrastructure. https:\/\/www.dhs.gov\/secure-cyberspace-and-critical-infrastructure. [Online","author":"Department of Homeland\u00a0Security. 2022.","year":"2022","unstructured":"Department of Homeland\u00a0Security. 2022. Secure Cyberspace and Critical Infrastructure. https:\/\/www.dhs.gov\/secure-cyberspace-and-critical-infrastructure. [Online ; accessed 12- December - 2022 ]. Department of Homeland\u00a0Security. 2022. Secure Cyberspace and Critical Infrastructure. https:\/\/www.dhs.gov\/secure-cyberspace-and-critical-infrastructure. [Online; accessed 12-December-2022]."},{"key":"e_1_3_2_1_42_1","unstructured":"Penetra. 2022. Penetra Automated Security Validation Platform. https:\/\/penetra.io  Penetra. 2022. Penetra Automated Security Validation Platform. https:\/\/penetra.io"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.21072"},{"key":"e_1_3_2_1_44_1","volume-title":"Attack trees. Dr. Dobb\u2019s journal 24, 12","author":"Schneier Bruce","year":"1999","unstructured":"Bruce Schneier . 1999. Attack trees. Dr. Dobb\u2019s journal 24, 12 ( 1999 ), 21\u201329. Bruce Schneier. 1999. Attack trees. Dr. Dobb\u2019s journal 24, 12 (1999), 21\u201329."},{"key":"e_1_3_2_1_45_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Shan Shawn","year":"2022","unstructured":"Shawn Shan , Arjun\u00a0Nitin Bhagoji , Haitao Zheng , and Ben\u00a0 Y Zhao . 2022 . Poison forensics: Traceback of data poisoning attacks in neural networks . In 31st USENIX Security Symposium (USENIX Security 22) . 3575\u20133592. Shawn Shan, Arjun\u00a0Nitin Bhagoji, Haitao Zheng, and Ben\u00a0Y Zhao. 2022. Poison forensics: Traceback of data poisoning attacks in neural networks. In 31st USENIX Security Symposium (USENIX Security 22). 3575\u20133592."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2002.1004377"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442167.3442179"},{"key":"e_1_3_2_1_48_1","volume-title":"Pang Wei\u00a0W Koh, and Percy\u00a0S Liang","author":"Steinhardt Jacob","year":"2017","unstructured":"Jacob Steinhardt , Pang Wei\u00a0W Koh, and Percy\u00a0S Liang . 2017 . Certified defenses for data poisoning attacks. Advances in neural information processing systems 30 (2017). Jacob Steinhardt, Pang Wei\u00a0W Koh, and Percy\u00a0S Liang. 2017. Certified defenses for data poisoning attacks. Advances in neural information processing systems 30 (2017)."},{"key":"e_1_3_2_1_49_1","unstructured":"Blake\u00a0E Strom Andy Applebaum Doug\u00a0P Miller Kathryn\u00a0C Nickels Adam\u00a0G Pennington and Cody\u00a0B Thomas. [n.d.]. Mitre att&ck: Design and philosophy.  Blake\u00a0E Strom Andy Applebaum Doug\u00a0P Miller Kathryn\u00a0C Nickels Adam\u00a0G Pennington and Cody\u00a0B Thomas. [n.d.]. Mitre att&ck: Design and philosophy."},{"volume-title":"Proceedings of the 2000 New Security Paradigms Workshop. ACM","author":"J.","key":"e_1_3_2_1_50_1","unstructured":"Steven\u00a0 J. Templeton and Karl Levitt. 2000. A Requires\/Provides Model for Computer Attacks . In Proceedings of the 2000 New Security Paradigms Workshop. ACM , New York, NY, USA, 31\u201338. Steven\u00a0J. Templeton and Karl Levitt. 2000. A Requires\/Provides Model for Computer Attacks. In Proceedings of the 2000 New Security Paradigms Workshop. ACM, New York, NY, USA, 31\u201338."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.07.008"},{"key":"e_1_3_2_1_52_1","first-page":"9706","article-title":"Variational Model Inversion Attacks","volume":"34","author":"Wang Kuan-Chieh","year":"2021","unstructured":"Kuan-Chieh Wang , Yan Fu , Ke Li , Ashish Khisti , Richard Zemel , and Alireza Makhzani . 2021 . Variational Model Inversion Attacks . Advances in Neural Information Processing Systems 34 (2021), 9706 \u2013 9719 . Kuan-Chieh Wang, Yan Fu, Ke Li, Ashish Khisti, Richard Zemel, and Alireza Makhzani. 2021. Variational Model Inversion Attacks. Advances in Neural Information Processing Systems 34 (2021), 9706\u20139719.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1978.11114"}],"event":{"name":"NSPW '22: New Security Paradigms Workshop","acronym":"NSPW '22","location":"North Conway NH USA"},"container-title":["Proceedings of the 2022 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3584318.3584325","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3584318.3584325","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3584318.3584325","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:54Z","timestamp":1750182534000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3584318.3584325"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,24]]},"references-count":51,"alternative-id":["10.1145\/3584318.3584325","10.1145\/3584318"],"URL":"https:\/\/doi.org\/10.1145\/3584318.3584325","relation":{},"subject":[],"published":{"date-parts":[[2022,10,24]]},"assertion":[{"value":"2023-06-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}