Automotive Innovation ›› 2023, Vol. 6 ›› Issue (2): 146-163.doi: 10.1007/s42154-022-00203-2

• • 上一篇    下一篇

A Double Assessment of Privacy Risks Aboard Top-Selling Cars

Giampaolo Bella1 · Pietro Biondi1 · Giuseppe Tudisco2
  

  1. 1 Dipartimento di Matematica e Informatica , Università degli Studi di Catania , Catania , Italy
    2 Osservatorio Astrofisico di Catania , Istituto Nazionale di Astrofisica , Catania , Italy
  • 出版日期:2023-05-28 发布日期:2023-05-28

A Double Assessment of Privacy Risks Aboard Top-Selling Cars

Giampaolo Bella1 · Pietro Biondi1 · Giuseppe Tudisco2 #br#   

  1. Dipartimento di Matematica e Informatica , Università degli Studi di Catania , Catania , Italy
    Osservatorio Astrofisico di Catania , Istituto Nazionale di Astrofisica , Catania , Italy
  • Online:2023-05-28 Published:2023-05-28

摘要: The advanced and personalised experience that modern cars offer makes them more and more data-hungry. For example, the cabin preferences of the possible drivers must be recorded and associated to some identity, while such data could be exploited to deduce sensitive information about the driver’s health. Therefore, drivers’ privacy must be taken seriously, requiring a dedicated risk assessment framework, as presented in this paper through a double assessment combining the asset-oriented ISO approach with the threat-oriented STRIDE approach. The framework is tailored to the level of specific car brand and demonstrated on the ten top-selling brands as well as, due to its innovative character, Tesla. The two approaches yield different, but complementary findings, demonstrating the additional insights gained through their parallel adoption.

Abstract: The advanced and personalised experience that modern cars offer makes them more and more data-hungry. For example, the cabin preferences of the possible drivers must be recorded and associated to some identity, while such data could be exploited to deduce sensitive information about the driver’s health. Therefore, drivers’ privacy must be taken seriously, requiring a dedicated risk assessment framework, as presented in this paper through a double assessment combining the asset-oriented ISO approach with the threat-oriented STRIDE approach. The framework is tailored to the level of specific car brand and demonstrated on the ten top-selling brands as well as, due to its innovative character, Tesla. The two approaches yield different, but complementary findings, demonstrating the additional insights gained through their parallel adoption.