@LiyouZhou @vmayoral @JWhitleyWork at Apex.AI we indeed brought up the threat model topic in Autoware TSC meeting minutes for May 15, 2019.
Since then, in August 2019, Apex.AI worked with Alias Robotics and we got the threat model analysis done on our internal code base which is based on ROS 2 (=Apex.OS) and parts of Autoware.Auto.
Alias Robotics found a few threats and vectors of attacks related to the Autoware.Auto based code and also proposed the mitigation roadmap.
We were going to openly release the full report but we did not yet manage to fix all of the elements of the mitigation roadmap (we are prioritizing fixing security flaws related to our core product, Apex.OS).
If you guys are able to commit to fixing of the security flaws related to the Autoware.Auto based code - we can share that part of the report with you.
Regarding https://arxiv.org/pdf/2003.10402.pdf, it would be great if elements of it could gradually become the steps in Autoware.Auto Contributor’s Guide.
D.