Required Trustworthiness Level based on Threat Analysis and Risk Assessment (TARA)
Automated vehicles communicating with each other or their surroundings are expected to exchange a large amount of data. With that, the trustworthiness of a shared data item concerning its integrity is raised, as well as the trustworthiness of a vehicle component not having been tampered with by an attacker. Traditional security mechanisms, such as misbehavior detection, can help identify some security violations but cannot assess the overall consequences of a range of vehicle attacks. For this purpose, previous work has already introduced the Trust Assessment Framework, which computes a target entity’s Actual Trustworthiness Level (ATL). This paper focuses on the concept of Required Trustworthiness Level (RTL), which represents the numerical thresholds an ATL needs to reach for an entity to be considered trustworthy. We present a risk-based method to calculate the belief component of an RTL based on the well-established and standardized Threat Analysis and Risk Assessment (TARA). We provide an in-vehicle use case to demonstrate our belief calculation method and discuss the impact of using risk ratings.