Open Access

ARTICLE

An Orchestration Model for TARA across Vehicle Manufacturers and Suppliers in Software-Defined Vehicles

Yunkeun Song¹, Samuel Woo², Suji Lee³, Yousik Lee^3,*

1 Department of Computer Science, Dankook University, Yongin, Republic of Korea
2 Department of Software Science, Dankook University, Yongin, Republic of Korea
3 Department of Information Security, Soonchunhyang University, Asan, Republic of Korea

* Corresponding Author: Yousik Lee. Email:

(This article belongs to the Special Issue: Intelligent Transportation System (ITS) Safety and Security)

Computers, Materials & Continua 2026, 88(2), 91 https://doi.org/10.32604/cmc.2026.083267

Received 31 March 2026; Accepted 11 May 2026; Issue published 15 June 2026

Abstract

Software-Defined Vehicles (SDVs) increase cybersecurity complexity through the combination of external connectivity, software-intensive functions, and distributed development across vehicle manufacturers and suppliers. Although United Nations (UN) Regulation No. 155 and ISO/SAE 21434 require Threat Analysis and Risk Assessment (TARA) throughout the vehicle lifecycle, conventional TARA methodologies remain largely system-focused and often provide limited procedural guidance for coordinating supplier-derived TARA results at the vehicle level. This paper proposes an orchestration model for TARA across vehicle manufacturers and suppliers that structures TARA activities into the concept phase and the product development phases. The model defines interactions between the vehicle and system perspectives throughout the TARA process. In particular, it supports vehicle-perspective re-rating of system-perspective impact ratings, integration of electrical/electronic (E/E)-architecture-based and technical attack paths, signal-level asset refinement, and asset clustering. The feasibility and industrial applicability of the proposed approach are demonstrated through its application to the Driving Control Unit (DCU): Rear in a virtual SDV model using a commercial TARA tool. In addition, an expert-based qualitative evaluation indicates that the model improves the precision, consistency, traceability, and practical applicability of TARA activities in vehicle manufacturer–supplier collaboration. The results suggest that the proposed orchestration model provides a structured and industry-applicable mechanism for lifecycle-aware and vehicle-level TARA.

---

Keywords

---