Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.083267
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

An Orchestration Model for TARA across Vehicle Manufacturers and Suppliers in Software-Defined Vehicles

Yunkeun Song1, Samuel Woo2, Suji Lee3, Yousik Lee3,*
1 Department of Computer Science, Dankook University, Yongin, Republic of Korea
2 Department of Software Science, Dankook University, Yongin, Republic of Korea
3 Department of Information Security, Soonchunhyang University, Asan, Republic of Korea
* Corresponding Author: Yousik Lee. Email: email
(This article belongs to the Special Issue: Intelligent Transportation System (ITS) Safety and Security)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.083267

Received 31 March 2026; Accepted 11 May 2026; Published online 02 June 2026

Abstract

Software-Defined Vehicles (SDVs) increase cybersecurity complexity through the combination of external connectivity, software-intensive functions, and distributed development across vehicle manufacturers and suppliers. Although United Nations (UN) Regulation No. 155 and ISO/SAE 21434 require Threat Analysis and Risk Assessment (TARA) throughout the vehicle lifecycle, conventional TARA methodologies remain largely system-focused and often provide limited procedural guidance for coordinating supplier-derived TARA results at the vehicle level. This paper proposes an orchestration model for TARA across vehicle manufacturers and suppliers that structures TARA activities into the concept phase and the product development phases. The model defines interactions between the vehicle and system perspectives throughout the TARA process. In particular, it supports vehicle-perspective re-rating of system-perspective impact ratings, integration of electrical/electronic (E/E)-architecture-based and technical attack paths, signal-level asset refinement, and asset clustering. The feasibility and industrial applicability of the proposed approach are demonstrated through its application to the Driving Control Unit (DCU): Rear in a virtual SDV model using a commercial TARA tool. In addition, an expert-based qualitative evaluation indicates that the model improves the precision, consistency, traceability, and practical applicability of TARA activities in vehicle manufacturer–supplier collaboration. The results suggest that the proposed orchestration model provides a structured and industry-applicable mechanism for lifecycle-aware and vehicle-level TARA.

Keywords

Threat analysis and risk assessment (TARA); vehicle security; software-defined vehicle (SDV)

  • 130

    View

  • 23

    Download

  • 0

    Like

Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link