Automating Function-Level TARA for Automotive Full-Lifecycle Security
Yuqiao Yang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Malware & RE
As connected vehicles are projected to represent **95% of new cars by 2030**, the automotive attack surface is expanding dramatically through autonomous driving, OTA updates, and ADAS systems. The industry relies on **Threat Analysis and Risk Assessment (TARA)** as a mandatory regulatory requirement for OEMs and suppliers, but the process remains largely manual -- taking teams **two to five weeks** per report. This talk presents **DefenseViewer**, a system that automates function-level TARA by combining structured vehicle configuration representations, a multi-agent LLM framework for attack path reasoning, and LoRA fine-tuning with RAG for domain adaptation.
AI review
An LLM-powered automation tool for automotive threat modeling that replaces manual TARA report writing with multi-agent prompt chaining. While the enterprise deployment numbers are real, the security content is thin -- it's fundamentally a workflow automation paper dressed up as security research. No novel attack techniques, no deep reversing of automotive systems, and the 11 'real-world attack paths' are never described in enough detail to evaluate their actual sophistication.