Hello,

I would like to report that we have submitted two papers. Details of the papers are below. If accepted, we will acknowledge SPARTA.

Best greetings,

Raimundas

—————————

Title: Information Security Analysis in the Passenger-Autonomous Vehicle Interaction

Authors: Mariia Bakhtina, Raimundas Matulevičius

Venue: International Workshop on Security and Privacy in Intelligent Infrastructures (SP2I 2021) co-organised at ARES 2021.

Abstract: Autonomous vehicles (AV) are becoming a part of humans' everyday life. There are numerous pilot projects of driverless public buses; some car manufacturers deliver their premium-level automobiles with advanced self-driving features. Thus, assuring the security of a Passenger--Autonomous Vehicle interaction arises as an important research topic, as along with opportunities, new cybersecurity risks and challenges occur that potentially may threaten Passenger's privacy and safety on the roads. This study proposes an approach of the security requirements elicitation based on the developed threat model. Thus, information security risk management helps to fulfil one of the principles needed to protect data privacy - information security. We demonstrate the process of security requirements elicitation to mitigate arising security risks. The findings of the thesis are case-oriented and are based on the literature review. They are applicable for AV system implementation used by ride-hailing service providers that enable supervisory AV control.

—————————

Title: Risk-Oriented Design Approach For Forensic-Ready Software Systems

Authors: Lukas Daubner, Raimundas Matulevičius

Venue: the 14th International Workshop on Digital Forensics (WSDF 2021) co-organised at ARES 2021.

Abstract: Digital forensic investigation is a complex and time-consuming activity in response to a cybersecurity incident or cybercrime to answer questions related to it. These typically are what happened, when, where, how, and who is responsible. However, answering them is often very laborious and sometimes outright impossible due to a lack of useable data. The forensic-ready software systems are designed to produce valuable on-point data for use in the investigation with potentially high evidence value. Still, the particular ways to develop these systems are currently not explored.

This paper proposes consideration of forensic readiness within security risk management to refine specific requirements on forensic-ready software systems. The idea is to re-evaluate the taken security risk decisions with the aim to provide trustable data when the security measures fail. Additionally, it also considers possible disputes, which the digital evidence can solve. Our proposed approach, risk-oriented forensic-ready design, composes of two parts: (1) process guiding the identification of the requirements in the form of potential evidence sources, and (2) supporting BPMN notation capturing the potential evidence sources and their relationship. Together they are aimed to provide a high-level overview of the forensic-ready requirements within the system. Finally, the approach is demonstrated on an automated valet parking scenario, followed by a discussion regarding its impact and usefulness within the forensic readiness effort.