Skip to main content

PhD Defense "Subsystem Compatibility and Cross-Standard Likelihood: A Compositional Approach to Automotive Cybersecurity Risk Assessment" Mohamed Abdelsalam

Thesis defence / Thesis

On 10 December 2025

Valence

phd defence

We have the pleasure to announce the Ph.D. thesis defence of Mohamed Abdelsalam on the 10th of December 2025 10:00am, in D030, Grenoble INP - UGA, Esisar building D (50, rue Barthélémy de Laffemas, Bat D), in Valence.


TitleSubsystem Compatibility and Cross-Standard Likelihood: A Compositional Approach to Automotive Cybersecurity Risk Assessment

 

AbstractThe future of automotive and transportation systems is one where vehicles, smart infrastructure and backend subsystems are all interconnected; such a setting is also referred to as Intelligent Transport Systems (ITS). This interconnected environment offers several benefits for the involved subsystems, such as improving safety and traffic efficiency. For instance, a vehicle that receives sensor information from a smart traffic light would be alerted to an approaching vehicle at an intersection that it might not be able to detect with its own sensors, helping it avoid a possible accident. Also, sharing information about traffic jams would allow vehicles to take alternative routes, optimising traffic.


In an ITS setting, having secure interconnected subsystems is critical. These subsystems are typically developed independently by different manufacturers. Hence, security experts usually assess the risks of these subsystems individually before deployment. A subsystem may be secure in isolation, but once connected to others, dependencies between subsystems, new attack surfaces and risks can emerge. Therefore, a new risk assessment is needed for every two subsystems about to interconnect to deal with the new vulnerabilities that may arise. Performing such risk assessments for every possible combination of subsystems is impractical given the vast number of potential interconnections.

One of the essential steps in risk assessment is likelihood estimation. Different security standards use different methods or approaches for estimating risk likelihood. For instance, the Attack Potential (AP) method is used in the ISO/SAE 21434 automotive standard, while the Common Vulnerability Scoring System (CVSS) is used in IT systems that adhere to ISO/IEC 27005. The difference in these methods makes it hard to estimate the overall risk when such systems are combined. Therefore, when a vehicle adhering to ISO/SAE 21434 attempts to interconnect with a cloud backend server that adheres to ISO/IEC 27005, it becomes infeasible to combine or compare their risk assessments or exchange their likelihood values.

We propose C-TAR (Compositional Threat Analysis and Risk Assessment), a compositional risk assessment approach that enables its user to determine the security compatibility of two interconnected subsystems. It allows each subsystem to express its dependencies on another subsystem in addition to its own requirements and guarantees. Then it checks if the involved subsystems satisfy the requirements of each other through a set of developed compatibility conditions. As a compositional approach, C-TAR allows performing independent risk assessments for each subsystem without requiring the sharing of information between stakeholders or performing an overall risk assessment that involves both subsystems simultaneously. The output of C-TAR is a compatibility statement containing a verdict about the security compatibility of the interconnected subsystems. It indicates whether the two subsystems are compatible or not and the reasons for incompatibility, if any. We develop a custom SysML profile that enables its users to model dependencies between subsystems.

Additionally, we present the Unified Likelihood Scale (ULS), a novel approach that enables mapping the values of different likelihood methods to a common scale. ULS provides a unified framework to combine risk assessments across different standards through mapping likelihood estimations to a common scale. This allows different stakeholders to exchange their mapped likelihood values, enabling a shared understanding of the likelihood estimations. In this thesis, we provide the optimal ULS mapping of the AP method and the Exploitability Sub-Score (ESS) of CVSS, aligning AP and ESS likelihood values to a four-segment ULS. Additionally, we provide the method to derive and identify the optimal ULS mapping of AP and ESS values using our dataset of automotive cybersecurity attacks.

 

 Language: Talk in  English and slides in English

 

 

This work was supported by Robert Bosch GmbH through Hi-Drive and ConnRAD projects.



 

Date

On 10 December 2025

Localisation

Valence

Submitted on 8 December 2025

Updated on 4 June 2026