Multiple Security Domain Model of a Vehicle in an Automated Platoon


This chapter focuses on the security of automated vehicle platoons. Specifically, it examines the vulnerabilities that occur via disruptions of the information flows among the different types of sensors, the communications network and the control unit in each vehicle of a platoon. Multiple security domain nondeducibility is employed to determine whether or not the system can detect attacks. The information flows among the various domains provide insights into the vulnerabilities that exist in the system and whether the model is nondeducible. If nondeducibility is found to be true, then an attacker can create an undetectable attack. Defeating nondeducibility requires additional information sources, including invariants pertaining to vehicle platoon operation. A platoon is examined from the control unit perspective to determine if the vulnerabilities are associated with preventing situational awareness, which could lead to vehicle crashes.

Meeting Name

11th IFIP WG 11.10 International Conference on Critical Infrastructure Protection, ICCIP 2017 (2017: Mar. 13-15, Arlington, VA)


Computer Science

Research Center/Lab(s)

Intelligent Systems Center


This research was supported, in part, by the Future Renewable Electric Energy Distribution Management Center, a National Science Foundation supported Engineering Research Center, under Grant EEC 0812121; by the National Science Foundation under Grant CNS 1505610; and by the National Institute of Standards and Technology under Grant 60NANB15D236.

Keywords and Phrases

Automated Vehicle Platoons; Multiple Security Domain Nondeducibility

International Standard Book Number (ISBN)


International Standard Serial Number (ISSN)


Document Type

Article - Conference proceedings

Document Version


File Type





© 2017 International Federation for Information Processing (IFIP), All rights reserved.

Publication Date

01 Mar 2017