This paper presents a Threat Analysis and Risk Assessment (TARA) of the takeover request (TOR) component in Advanced Driver Assistance Systems (ADAS) for SAE Level 2–3 automation. A TOR prompts the human driver to retake control when the system approaches its Operational Design Domain limits or when risk increases; late, false, or muted requests directly impact safety. The study models the TOR pipeline (perception, driver monitoring, decision logic, in-vehicle networks, and Human–Machine Interface) as assets and data flows, applies STRIDE-based threat identification using Microsoft Threat Modeling Tool and Ansys Medini Analyze, and rates risks under ISO/SAE 21434 with traceability to ISO 26262, ISO 21448, and UNECE R155/R157. The assessment produces 165 threat rows, with an initial risk distribution of 1 Critical, 113 High, 34 Medium, and 17 Low. Results show that tampering, denial of service, and spoofing dominate the TOR threat landscape, with the central processing unit, sensor-to-CPU links, and HMI channels as primary trust anchors. After applying mitigation measures including secure boot, message authentication, intrusion detection, redundancy checks, and encrypted communication, the residual post-mitigation security levels were reduced to 0 Critical, 0 High, 13 Medium, 101 Low, and 51 Negligible. Unlike other ADAS TARA studies, this TOR-focused analysis shows that cybersecurity risk is shaped by the interaction between cyber compromise, driver-readiness estimation, HMI delivery, fallback execution, and the limited handover time budget. The results support a defence-in-depth mitigation strategy for secure TOR operation in SAE Level 2–3 vehicles.
Kujovic et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: