| | Phase | Subphase | Overview | Participants |
| | Plan | - | This is the phase in which the planner and the developers of the car’s manufacture plan their product. They formulate their car’s concept, for example, the scope of user, how to use the services of their car, etc. In addition, they summarize and determine the required specifications of the car which include functional and nonfunctional items. As they evaluate the entire costs of the car system throughout its entire lifecycle at this phase, “the security level” of the system will be decided, as well as how much they can assure the security of their product. It is important for the requirement definitions to include the security requirements and not to include the vulnerabilities. | OEM staff |
| | Development | Product design | This is the phase in which the developers of the car’s manufacture and the parts maker design the hardware and the software based on the requirement definitions of the plan phase, in which they plan the implementation of the car. | Supplier staff | | | Manufacturing | It is necessary at this phase that “the requirement definitions are correctly implemented in the product,” “the vulnerabilities shall not be included in the product,” and “the vulnerabilities, if included must be detected before the shipment of the product”. | OEM staff
Supplier staff |
| | Operation | Shipping | This is the phase in which the user buys the car through the dealer and drives it. For example, in this phase, the status of the car, such as its location, the downloaded software, the operation history of the user, and the driving history of | Carrier staff | | | Registration | the car, is collected. Also, when the user buys a second-hand car through the second-hand broker, it is necessary for the broker to consider both what should be kept ongoing (e.g., the latest security patch of the firmware) and what must be erased in advance (e.g., the personal information of the previous owner) of the accumulated information. | Dealer staff
Second-hand broker | | | Regular use, operation | There are many cases in which multiple users who are not the owner of the car use the car in a short term, for example, for car-sharing, car rental, or as a company car. In these cases, it is also necessary to consider the protection of privacy regarding the previous information about the car, its drivers, and types of contract, etc. | Owner/User
Outsider | | | Maintenance | Furthermore, it is necessary to build a system which allows the users and owners of the car to know its vulnerabilities if some are found after the shipment. This phase also deals with cooperation between the car dealer, the broker, and the maintenance factory. | Administrator of Server
Maintenance staff |
| | Disposal | - | This is the phase in which the owner sells or discards the car to replace it or it breaks down. Two cases exist in which the owner will let go of the car: (1) the owner sells the car to another person through a second-hand broker, or (2) the owner deletes the car’s registration and throws it away. In this phase certain procedures and confidential data (such as in-person inspection, issuing evidence, etc.) must be confirmed by the owner. | Dismantler
Second-hand broker |
|
|
