Autonomous Vehicles - Trust, Safety and Security Cases: The Complete Picture

Safety cases are required by several functional safety standards, specifications, and guidelines. Cybersecurity cases have recently been required by ISO/SAE 21424:2021 for automotive and EN TS 50701:2021 for the railway domain. In this paper we discuss cybersecurity cases and suggest using the topics and structure for a cybersecurity case as described in Annex G of EN TS 50701. BSI PAS 1881:2022 requires: "Trialing organizations shall develop and publish a publicly available and accessible version of the safety case". We have already developed a "safety case for the public" [1] to ensure that (1) the public is aware that safety evidence exists, (2) they are aware of relevant safety aspects when they are passengers, and (3) the vehicle's limitations are described transparently. Trust is a dynamic process that involves initiating and building trust, responding to violations of trust (failures), and trying to rebuild (repair) trust. The building blocks of trust are not limited to the vehicle itself but also include the embedded AI (Artificial Intelligence) and its overt function. Trust is a holistic perception of the complete service, technology, and organizations responsible for developing, implementing, and certifying an autonomous vehicle. An autonomous vehicle will need acceptance from the certification bodies and the authorities, but we also need to gain the public's trust. Our research found that several aspects are missing in the safety and cybersecurity cases to ensure public trust. To make self-driving buses a success, they need to be considered trustworthy. Thus, we need a "Trust case" that includes evidence related to distinct trust aspects. Our literature studies, focus groups [4], and surveys found that trust and safety are not correlated. We have developed a "Trust case" to cover the factors not included in the safety and cybersecurity cases. The resulting "Trust case" approach is currently in the form of specific information topics presented in a layman form and a safety case for the public [6], and specific trust topics in [7]. Further research is necessary, related to topics such as deep learning, security, and incorrect reporting to the driver due to e.g., false positive results.