{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T20:12:08Z","timestamp":1780776728605,"version":"3.54.1"},"reference-count":63,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2023,11,29]],"date-time":"2023-11-29T00:00:00Z","timestamp":1701216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Safety-critical cyber-physical systems (CPSs), such as high-tech cars having cyber capabilities, are highly interconnected. Automotive manufacturers are concerned about cyber attacks on vehicles that can lead to catastrophic consequences. There is a need for a new risk management approach to address and investigate cybersecurity risks. Risk management in the automotive domain is challenging due to technological improvements and advances every year. The current standard for automotive security is ISO\/SAE 21434, which discusses a framework that includes threats, associated risks, and risk treatment options such as risk reduction by applying appropriate defences. This paper presents a residual cybersecurity risk management framework aligned with the framework presented in ISO\/SAE 21434. A methodology is proposed to develop an integrated attack tree that considers multiple sub-systems within the CPS. Integrating attack trees in this way will help the analyst to take a broad perspective of system security. Our previous approach utilises a flow graph to calculate the residual risk to a system before and after applying defences. This paper is an extension of our initial work. It defines the steps for applying the proposed framework and using adaptive cruise control (ACC) and adaptive light control (ALC) to illustrate the applicability of our work. This work is evaluated by comparing it with the requirements of the risk management framework discussed in the literature. Currently, our methodology satisfies more than 75% of their requirements.<\/jats:p>","DOI":"10.3390\/info14120639","type":"journal-article","created":{"date-parts":[[2023,11,29]],"date-time":"2023-11-29T12:01:00Z","timestamp":1701259260000},"page":"639","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Integrated Attack Tree in Residual Risk Management Framework"],"prefix":"10.3390","volume":"14","author":[{"given":"Ahmed Nawaz","family":"Khan","sequence":"first","affiliation":[{"name":"Institute of Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jeremy","family":"Bryans","sequence":"additional","affiliation":[{"name":"Institute of Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1183-7001","authenticated-orcid":false,"given":"Giedre","family":"Sabaliauskaite","sequence":"additional","affiliation":[{"name":"Department of Computer Science, Swansea University, Swansea SA1 8EN, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5481-9789","authenticated-orcid":false,"given":"Hesamaldin","family":"Jadidbonab","sequence":"additional","affiliation":[{"name":"Institute of Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2023,11,29]]},"reference":[{"key":"ref_1","unstructured":"(2022, May 21). Researchers Hack BMW Cars, Discover 14 Vulnerabilities. Available online: https:\/\/www.helpnetsecurity.com\/2018\/05\/23\/hack-bmw-cars\/."},{"key":"ref_2","unstructured":"(2023, November 17). Hackers Remotely Kill a Jeep on the Highway\u2014With Me in It. Available online: https:\/\/www.wired.com\/2015\/07\/hackers-remotely-kill-jeep-highway\/."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., and Shacham, H. (2010, January 16\u201319). Experimental security analysis of a modern automobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA.","DOI":"10.1109\/SP.2010.34"},{"key":"ref_4","unstructured":"(2021, November 11). Team of Hackers Take Remote Control of Tesla Model S from 12 Miles Away. Available online: https:\/\/www.theguardian.com\/technology\/2016\/sep\/20\/tesla-model-s-chinese-hack-remote-control-brakes."},{"key":"ref_5","unstructured":"(2021). Road Vehicles\u2014Cybersecurity Engineering (Standard No. ISO\/SAE 21434:2021)."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Khan, A., Bryans, J., and Sabaliauskaite, G. (2022, January 20\u201323). Framework for Calculating Residual Cybersecurity Risk of Threats to Road Vehicles in Alignment with ISO\/SAE 21434. Proceedings of the International Conference on Applied Cryptography and Network Security, Rome, Italy.","DOI":"10.1007\/978-3-031-16815-4_14"},{"key":"ref_7","first-page":"21","article-title":"Attack trees","volume":"24","author":"Schneier","year":"1999","journal-title":"Dr. Dobb\u2019s J."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Macher, G., Sporer, H., Berlach, R., Armengaud, E., and Kreiner, C. (2015, January 9\u201313). SAHARA: A security-aware hazard and risk analysis method. Proceedings of the 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France.","DOI":"10.7873\/DATE.2015.0622"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Schmittner, C., Ma, Z., and Smith, P. (2014, January 8\u20139). FMVEA for safety and security analysis of intelligent and cooperative vehicles. Proceedings of the International Conference on Computer Safety, Reliability, and Security, Florence, Italy.","DOI":"10.1007\/978-3-319-10557-4_31"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Anisetti, M., Ardagna, C.A., Bena, N., and Foppiani, A. (2021, January 5\u201310). An Assurance-Based Risk Management Framework for Distributed Systems. Proceedings of the 2021 IEEE International Conference on Web Services (ICWS), Chicago, IL, USA.","DOI":"10.1109\/ICWS53863.2021.00068"},{"key":"ref_11","unstructured":"(2023, November 17). Methods for Testing & Specification; Risk-Based Security Assessment and Testing Methodologies. Available online: https:\/\/cdn.standards.iteh.ai\/samples\/43304\/600f329d9fbd4ef1ba07a115de3097af\/Methods-for-Testing-Specification-Risk-based-Security-Assessment-and-Testing-Methodologies.pdf."},{"key":"ref_12","unstructured":"(2009). Risk Management\u2013Principles and Guidelines (Standard No. ISO 31000)."},{"key":"ref_13","unstructured":"(2012). Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, Tech. Rep. NIST Special Publication (SP) 800-30, Rev."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MITP.2017.3680959","article-title":"Security risk assessment in internet of things systems","volume":"19","author":"Nurse","year":"2017","journal-title":"IT Prof."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Jahnke, M., Thul, C., and Martini, P. (2007, January 15\u201318). Graph based metrics for intrusion response measures in computer networks. Proceedings of the 32nd IEEE Conference on Local Computer Networks (LCN 2007), Dublin, Ireland.","DOI":"10.1109\/LCN.2007.45"},{"key":"ref_16","unstructured":"(2023, November 17). UNECE Regulation No. 155\u2014Cyber Security and Cyber Security Management System. Available online: https:\/\/unece.org\/transport\/documents\/2021\/03\/standards\/un-regulation-no-155-cyber-security-and-cyber-security."},{"key":"ref_17","unstructured":"Bi\u00dfmeyer, N., Frank, K., Stefan, D., and Christian, S. (2023, November 17). PREparing SEcuRe VEhicle-to-X. Available online: https:\/\/trimis.ec.europa.eu\/sites\/default\/files\/project\/documents\/20121025_114452_74602_PRESERVE-D1.1-Security_Requirements_of_Vehicle_Security_Architecture.pdf."},{"key":"ref_18","unstructured":"(2021, September 12). The EVITA Consortium, EVITA Threat and Risk Analysis. Available online: https:\/\/www.evita-project.org\/Publications\/Seu09.pdf."},{"key":"ref_19","unstructured":"(2022, January 15). Open VEhiculaR SEcurE Platform (OVERSEE). Available online: https:\/\/cordis.europa.eu\/project\/id\/248333."},{"key":"ref_20","unstructured":"Ruddle, A., Ward, D., Weyl, B., Idrees, S., Roudier, Y., Friedewald, M., Leimbach, T., Fuchs, A., G\u00fcrgens, S., and Henniger, O. (2023, November 17). Deliverable D2.3: Security Requirements for Automotive on-Board Networks Based on Dark-Side Scenarios. EVITA Proj. (Version 1.1). 2009; pp. 85\u2013130. Available online: https:\/\/zenodo.org\/records\/1188418."},{"key":"ref_21","unstructured":"(2023, November 17). Common Methodology for Information Technology Security Evaluation (CEM v3.1). Available online: https:\/\/www.commoncriteriaportal.org\/files\/ccfiles\/CEMV3.1R5.pdf."},{"key":"ref_22","unstructured":"Olovsson, T. (2018, November 20). HEAling Vulnerabilities to ENhance Software Security and Safety (HEAVENS). 2015; pp. 33\u201389. Available online: https:\/\/research.chalmers.se\/en\/project\/5809."},{"key":"ref_23","unstructured":"(2009). Information Technology\u2014Security Techniques\u2014Evaluation Criteria for IT Security (Standard No. ISO\/IEC 15408-1:2009)."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"516","DOI":"10.4271\/2014-01-0334","article-title":"Adapted development process for security in networked automotive systems","volume":"7","author":"Schmidt","year":"2014","journal-title":"SAE Int. J. Passeng. Cars Electron. Electr. Syst."},{"key":"ref_25","unstructured":"Intelligent Transport Systems (ITS) (2023, November 17). In Security; Threat, Vulnerability and Risk Analysis (TVRA). ETSI TR 102 893 V1.2.1 March 2017. Available online: https:\/\/cdn.standards.iteh.ai\/samples\/35784\/df77f1b9ab9e4be88965c14a9f0d49d7\/ETSI-TR-102-893-V1-2-1-2017-03-.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Le, A., and Maple, C. (2019, January 1\u20132). A simplified approach for dynamic security risk management in connected and autonomous vehicles. Proceedings of the Living in the Internet of Things (IoT 2019), London, UK.","DOI":"10.1049\/cp.2019.0140"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Salfer, M., and Eckert, C. (2018, January 27\u201330). Attack graph-based assessment of exploitability risks in automotive on-board networks. Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg Germany.","DOI":"10.1145\/3230833.3230851"},{"key":"ref_28","first-page":"1","article-title":"PIER: Cyber-resilient risk assessment model for connected and autonomous vehicles","volume":"28","author":"Park","year":"2022","journal-title":"Wirel. Netw."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"10494","DOI":"10.1109\/TVT.2020.3009165","article-title":"VeRA: A simplified security risk analysis method for autonomous vehicles","volume":"69","author":"Cui","year":"2020","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Reich, J., and Trapp, M. (2020, January 7\u201310). SINADRA: Towards a framework for assurable situation-aware dynamic risk assessment of autonomous vehicles. Proceedings of the 2020 16th European Dependable Computing Conference (EDCC), Munich, Germany.","DOI":"10.1109\/EDCC51268.2020.00017"},{"key":"ref_31","unstructured":"Won, D.H., and Kim, S. (2005, January 1\u20132). Foundations of attack trees. Proceedings of the Information Security and Cryptology-ICISC, Seoul, Republic of Korea."},{"key":"ref_32","unstructured":"Weiss, J.D. (1991, January 1\u20134). A system security engineering process. Proceedings of the 14th National Computer Security Conference, Washington, DC, USA."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Salter, C., Saydjari, O.S., Schneier, B., and Wallner, J. (1998, January 22\u201325). Toward a secure system engineering methodolgy. Proceedings of the 1998 Workshop on New Security Paradigms, Charlottsville, VA, USA.","DOI":"10.1145\/310889.310900"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Amoroso, E.G. (1994). Fundamentals of Computer Security Technology, Prentice-Hall, Inc.","DOI":"10.1016\/0142-0496(94)90187-2"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Ray, I., and Poolsapassit, N. (2005, January 12\u201314). Using attack trees to identify malicious attacks from authorized insiders. Proceedings of the European Symposium on Research in Computer Security, Milan, Italy.","DOI":"10.1007\/11555827_14"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"483","DOI":"10.1016\/j.ijinfomgt.2008.01.009","article-title":"Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements","volume":"28","author":"Patel","year":"2008","journal-title":"Int. J. Inf. Manag."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"2933","DOI":"10.1016\/j.ins.2005.08.004","article-title":"OWA trees and their role in security modeling using attack trees","volume":"176","author":"Yager","year":"2006","journal-title":"Inf. Sci."},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"J\u00fcrgenson, A., and Willemson, J. (2007, January 29\u201331). Processing multi-parameter attacktrees with estimated parameter values. Proceedings of the International Workshop on Security, Nara, Japan.","DOI":"10.1007\/978-3-540-75651-4_21"},{"key":"ref_39","unstructured":"Aven, T., and Vinnem, J.E. (2007). Risk, Reliability and Societal Safety, Taylor & Francis."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Kordy, B., Mauw, S., Radomirovi\u0107, S., and Schweitzer, P. (2010, January 16\u201317). Foundations of attack\u2013defense trees. Proceedings of the International Workshop on Formal Aspects in Security and Trust, Pisa, Italy.","DOI":"10.1007\/978-3-642-19751-2_6"},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Roy, A., Kim, D.S., and Trivedi, K.S. (2010, January 15\u201319). ACT: Attack countermeasure trees for information assurance analysis. Proceedings of the 2010 INFOCOM IEEE Conference on Computer Communications Workshops, San Diego, CA, USA.","DOI":"10.1109\/INFCOMW.2010.5466633"},{"key":"ref_42","unstructured":"Zonouz, S.A. (2011). Game-Theoretic Intrusion Response and Recovery, University of Illinois at Urbana-Champaign."},{"key":"ref_43","unstructured":"Tanu, E., and Arreymbi, J. (2010, January 14). An examination of the security implications of the supervisory control and data acquisition (SCADA) system in a mobile networked environment: An augmented vulnerability tree approach. Proceedings of the Advances in Computing and Technology, (AC&T) The School of Computing and Technology 5th Annual Conference, London, UK."},{"key":"ref_44","unstructured":"Poolsapassit, N., and Ray, I. (2007, January 28\u201331). Investigating computer attacks using attack trees. Proceedings of the IFIP International Conference on Digital Forensics, Orlando, FL, USA."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"J\u00fcrgenson, A., and Willemson, J. (2008, January 9\u201314). Computing exact outcomes of multi-parameter attack trees. Proceedings of the OTM Confederated International Conferences \u201cOn the Move to Meaningful Internet Systems\u201d, Monterrey, Mexico.","DOI":"10.1007\/978-3-540-88873-4_8"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"J\u00fcrgenson, A., and Willemson, J. (2009, January 2\u20134). Serial model for attack tree computations. Proceedings of the International Conference on Information Security and Cryptology, Seoul, Republic of Korea.","DOI":"10.1007\/978-3-642-14423-3_9"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"J\u00fcrgenson, A., and Willemson, J. (2010, January 12\u201313). On fast and approximate attack tree computations. Proceedings of the International Conference on Information Security Practice and Experience, Seoul, Republic of Korea.","DOI":"10.1007\/978-3-642-12827-1_5"},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Niitsoo, M. (2010, January 22\u201324). Optimal adversary behavior for the serial model of financial attack trees. Proceedings of the International Workshop on Security, Kobe, Japan.","DOI":"10.1007\/978-3-642-16825-3_24"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Buldas, A., and Lenin, A. (2013, January 11\u201312). New efficient utility upper bounds for the fully adaptive model of attack trees. Proceedings of the International Conference on Decision and Game Theory for Security, Fort Worth, TX, USA.","DOI":"10.1007\/978-3-319-02786-9_12"},{"key":"ref_50","unstructured":"Buldas, A., Laud, P., Priisalu, J., Saarepera, M., and Willemson, J. (September, January 31). Rational choice of security measures via multi-parameter attack trees. Proceedings of the International Workshop on Critical Information Infrastructures Security, Samos Island, Greece."},{"key":"ref_51","unstructured":"Buldas, A., and M\u00e4gi, T. (2007, January 29\u201331). Practical security analysis of e-voting systems. Proceedings of the International Workshop on Security, Nara, Japan."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"1394","DOI":"10.1016\/j.ress.2009.02.020","article-title":"Integrating cyber attacks within fault trees","volume":"94","author":"Fovino","year":"2009","journal-title":"Reliab. Eng. Syst. Saf."},{"key":"ref_53","unstructured":"Roy, A. (2010). Attack Countermeasure Trees: A Non-State-Space Approach towards Analyzing Security and Finding Optimal Countermeasure Sets. [Ph.D. Thesis, Duke University]."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Roy, A., Kim, D.S., and Trivedi, K.S. (2010, January 21\u201323). Cyber security analysis using attack countermeasure trees. Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, Oak Ridge, TN, USA.","DOI":"10.1145\/1852666.1852698"},{"key":"ref_55","doi-asserted-by":"crossref","first-page":"395","DOI":"10.1109\/TPDS.2013.211","article-title":"RRE: A game-theoretic intrusion response and recovery engine","volume":"25","author":"Zonouz","year":"2013","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"1167","DOI":"10.1080\/00423110903365910","article-title":"A comprehensive review of the development of adaptive cruise control systems","volume":"48","author":"Xiao","year":"2010","journal-title":"Veh. Syst. Dyn."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"012059","DOI":"10.1088\/1742-6596\/1969\/1\/012059","article-title":"Adaptive Headlight Control System","volume":"1969","author":"Mahadevan","year":"2021","journal-title":"J. Phys. Conf. Ser. IOP Publ."},{"key":"ref_58","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/S1353-4858(09)70008-X","article-title":"Microsoft SDL threat modelling tool","volume":"2009","author":"Potter","year":"2009","journal-title":"Netw. Secur."},{"key":"ref_59","unstructured":"Schmittner, C., Chlup, S., Fellner, A., Macher, G., and Brenner, E. (2020, January 10\u201311). ThreatGet: Threat modeling based approach for automated and connected vehicle systems. Proceedings of the AmE 2020-Automotive Meets Electronics, 11th GMM-Symposium, Dortmund, Germany."},{"key":"ref_60","doi-asserted-by":"crossref","unstructured":"Asratian, A.S., Denley, T.M., and H\u00e4ggkvist, R. (1998). Bipartite Graphs and Their Applications, Cambridge University Press.","DOI":"10.1017\/CBO9780511984068"},{"key":"ref_61","doi-asserted-by":"crossref","first-page":"88892","DOI":"10.1109\/ACCESS.2020.2993553","article-title":"Attacks and defenses in short-range wireless technologies for IoT","volume":"8","author":"Lounis","year":"2020","journal-title":"IEEE Access"},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"921","DOI":"10.1145\/48014.61051","article-title":"A new approach to the maximum-flow problem","volume":"35","author":"Goldberg","year":"1988","journal-title":"J. ACM"},{"key":"ref_63","first-page":"100468","article-title":"Systematic threat assessment and security testing of automotive over-the-air (OTA) updates","volume":"35","author":"Mahmood","year":"2022","journal-title":"Veh. Commun."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/12\/639\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T21:33:36Z","timestamp":1760132016000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/12\/639"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,29]]},"references-count":63,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2023,12]]}},"alternative-id":["info14120639"],"URL":"https:\/\/doi.org\/10.3390\/info14120639","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,29]]}}}