DREADSTRIDERisk Assessment

Risk Assessment of Autonomous Vehicle Telematics

Independent Researcher·Jan – Feb 2024

Overview

A structured risk assessment of an autonomous vehicle telematics system using DREAD quantitative scoring combined with STRIDE threat categorization. The goal was to translate abstract attack surfaces — GPS, CAN bus, OTA updates, V2X communication — into measurable risk values with actionable mitigations.

The Challenge

AV telematics systems have a uniquely high-stakes threat model: a successful attack can endanger lives, not just data. Standard qualitative risk ratings (high/medium/low) don't capture the nuance needed for safety-critical systems. Quantitative scoring tied to specific threat scenarios was required.

The Solution

Applied DREAD across 5 attack surfaces: GPS spoofing, CAN bus injection, OTA firmware tampering, V2X communication interception, and remote API abuse. Scored each scenario on Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Linked results to STRIDE categories (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) to map each threat to specific mitigation controls.

Tech Stack

DREAD Framework5-dimension quantitative threat scoring

STRIDE Threat ModelThreat categorization across 6 attack types

Risk QuantificationComposite scoring for prioritized remediation

Outcomes

▸5 attack surfaces analyzed: GPS, CAN bus, OTA updates, V2X, remote API
▸12+ threat scenarios scored with DREAD composite values
▸STRIDE-mapped mitigations provided for all high-severity findings
▸Risk prioritization framework adaptable to other safety-critical IoT systems

← Back to all projects View Artifact ↗