Home > Research > Publications & Outputs > Using Threat Analysis Techniques to Guide Forma...


Text available via DOI:

View graph of relations

Using Threat Analysis Techniques to Guide Formal Verification: A Case Study of Cooperative Awareness Messages

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

  • Marie Farrell
  • Matthew Bradbury
  • Michael Fisher
  • Louise A. Dennis
  • Clare Dixon
  • Hu Yuan
  • Carsten Maple
Publication date1/09/2019
Host publicationSoftware Engineering and Formal Methods: 17th International Conference, SEFM 2019, Oslo, Norway, September 18–20, 2019, Proceedings
EditorsPeter Csaba Ölveczky, Gwen Salaün
Place of PublicationCham
PublisherSpringer International Publishing
Number of pages20
ISBN (Electronic)9783030304461
ISBN (Print)9783030304454
<mark>Original language</mark>English

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Autonomous robotic systems such as Connected and Autonomous Vehicle (CAV) systems are both safety-and security-critical, since a breach in system security may impact safety. Generally, safety and security concerns for such systems are treated separately during the development process. In this paper, we consider an algorithm for sending Cooperative Awareness Messages (CAMs) between vehicles in a CAV system and the use of CAMs in preventing vehicle collisions. We employ threat analysis techniques that are commonly used in the cyber security domain to guide our formal verification. This allows us to focus our formal methods on those security properties that are particularly important and to consider both safety and security in tandem. Our analysis centres on identifying STRIDE security properties and we illustrate how these can be formalised, and subsequently verified, using a combination of formal tools for distinct aspects, namely Promela/SPIN and Dafny.