@InProceedings{Farrell:2019:UsingThreatAnalysis,
    author = "Farrell, Marie and Bradbury, Matthew and Fisher, Michael and Dennis, Louise A. and Dixon, Clare and Yuan, Hu and Maple, Carsten",
    editor = {{\"O}lveczky, Peter Csaba and Sala{\"u}n, Gwen},
    booktitle = "Software Engineering and Formal Methods",
    title = "{Using Threat Analysis Techniques to Guide Formal Verification: A Case Study of Cooperative Awareness Messages}",
    year = "2019",
    address = "Cham",
    month = "09 September",
    pages = "471--490",
    publisher = "Springer International Publishing",
    abstract = "Autonomous robotic systems such as Connected and Autonomous Vehicle (CAV) systems are both safety-and security-critical, since a breach in system security may impact safety. Generally, safety and security concerns for such systems are treated separately during the development process. In this paper, we consider an algorithm for sending Cooperative Awareness Messages (CAMs) between vehicles in a CAV system and the use of CAMs in preventing vehicle collisions. We employ threat analysis techniques that are commonly used in the cyber security domain to guide our formal verification. This allows us to focus our formal methods on those security properties that are particularly important and to consider both safety and security in tandem. Our analysis centres on identifying STRIDE security properties and we illustrate how these can be formalised, and subsequently verified, using a combination of formal tools for distinct aspects, namely Promela/SPIN and Dafny.",
    doi = "10.1007/978-3-030-30446-1\_25",
    file = ":SEFM2019.pdf:PDF",
    isbn = "978-3-030-30446-1"
}