We develop a comprehensive threat model for the automotive domain. It is accomplished by means of a novel, multilevel research methodology that leverages Human-Artificial Intelligence (HAI). Given the inherent complexity of threat modelling and the challenges in ensuring its completeness, the methodology combines the complementary strengths of human analysis with large language models over four phases. Each phase is structured as a sequence of two or three refinement levels so that each level iteratively enhances prior results through either human or artificial intelligence. The first phase focuses on modelling the system under analysis to establish a clear and structured baseline. The second phase addresses the elicitation of assets and associated threats, followed by a third phase in which mitigation strategies are designed. The fourth and final phase ensures that mitigation is augmented to explicitly incorporate Zero Trust, Pseudonymisation, and Data Minimisation within the context of the automotive domain. The methodology maintains its multilevel HAI structure across all phases, thereby fostering a dynamic validation loop between expert knowledge and machine-driven inference, ultimately enhancing both accuracy and coverage of the resulting threat model.
Human-Artificial Intelligent Threat Modelling in the Automotive Domain
Bella G.;Castiglione G.;Esposito S.;Pampallona G.;Riccobene S.;Santamaria D. F.
2025-01-01
Abstract
We develop a comprehensive threat model for the automotive domain. It is accomplished by means of a novel, multilevel research methodology that leverages Human-Artificial Intelligence (HAI). Given the inherent complexity of threat modelling and the challenges in ensuring its completeness, the methodology combines the complementary strengths of human analysis with large language models over four phases. Each phase is structured as a sequence of two or three refinement levels so that each level iteratively enhances prior results through either human or artificial intelligence. The first phase focuses on modelling the system under analysis to establish a clear and structured baseline. The second phase addresses the elicitation of assets and associated threats, followed by a third phase in which mitigation strategies are designed. The fourth and final phase ensures that mitigation is augmented to explicitly incorporate Zero Trust, Pseudonymisation, and Data Minimisation within the context of the automotive domain. The methodology maintains its multilevel HAI structure across all phases, thereby fostering a dynamic validation loop between expert knowledge and machine-driven inference, ultimately enhancing both accuracy and coverage of the resulting threat model.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
