Table 7. Losses, vulnerabilities, and constraints of the use case.
Identified system-level losses, vulnerabilities, and constraints of the example case, with trace information in the bracket.
| L-1: Loss of physical property (incl. the vehicle and properties in it) |
| L-2: Loss of non-physical property (incl. manufacturer’s reputation and intellectual property) |
| V-1: Doors can be controlled by invalid users, which is not detected by valid users (e.g., A theft opens the door without being noticed.) [L-1/2, Integrity] |
| V-2: Doors can not be controlled by valid users (e.g., Car owner can not lock the door when parking.) [L-2, Availability] |
| V-3: Sensitive information (e.g., communication protocol and personal data) is leaked. [L-2, Confidentiality] |
| SC-1: Doors should not be controlled by invalid users [V-1] |
| SC-2: If doors are controlled by invalid users, it must be detected and recovered [V-1] |
| SC-3: Doors should always be controlled by valid users [V-2] |
| SC-4: If doors can not be controlled by valid users, it should be fixed within an acceptable period [V-2] |
| SC-5: Sensitive information should be protected from leakage [V-3] |
| SC-6: If sensitive information is leaked, it should be detected and reactions need to be taken to minimize losses [V-3] |