SELFY - Self Assessment, Protection & Healing Tools for a Trustworthy and Resilient CCAM

SELFY - Sel Assessmen , P o ec ion
and Healing Tools o a T us wo hy
and Resilien CCAM
Vic o Jimenez1(B), Ma io Reyes de Los Mozos1, Pau Pe ea Paños1,
Paula Cecilia F i zsche1, Ke in Gomez Buque in2, Tina Volke sdo e 2,
Hans-Joachim Ho 2, Ch is ophe Cou u ie 3, Thie y E ns 3, Miao Zhang4,
Mohamed Saied Mohamed4, Ma io Rod íguez-A ozamena5,
Iñigo A angu en-Mendie a 5, Joshué Pé ez5, Ad ien Jousse6, Ca los Mu guia7,
Na han an de Wouw7, Romain Bellesso 8, Behzad Salami9, Aleksanda Je ić9,
Bou heina Bannou 10, Manel Rod íguez Recasens11, Isaac Rope o11, Bu cu Ozbay12,
Ali E en12, Mus a a Bek as12, De yanu Tezcan12, Ch is oph Pilz13, Sa ah Haas13,
and Ge no Lenz14
1 Technology Cen e o Ca alonia, Uni o IT&OT Secu i y, Eu eca , 08005 Ba celona, Spain
[email p o ec ed]
2 Technische Hochschule Ingols ad , CARISSMA Ins i u e o Elec ic, Connec ed and Secu e
Mobili y (C-ECOS), Ingols ad , Ge many
3 YoGoKo, Cesson-Sé igné, F ance
4 FEV.io GmbH, Aachen, Ge many
5 TECNALIA Resea ch & Inno a ion, Basque Resea ch and Technology Alliance, De io, Spain
6 Communica ing Sys ems Labo a o y, CEA, LIST, Gi -Su -Y e e, F ance
7 TUE, Technical Uni e si y o Eindho en, Eindho en, The Ne he lands
8 Canon Resea ch Cen e F ance, Cesson-Sé igné, F ance
9 FICOSA ADAS, SLU, Ba celona, Spain
10 CEA, LIST, Labo a o y o Sys ems Requi emen s and Con o mi y Enginee ing, P.C. 174,
91191 Gi -Su -Y e e, F ance
11 IDIADA Au omo i e Technology SA, Ta agona, Spain
12 FEV Tü kiye, Is anbul, Tü kiye
13 Vi ual Vehicle Resea ch GmbH, G az, Aus ia
14 Vienna, Aus ia
Abs ac . SELFY en isions an agnos ic oolbox o he sel -managemen o secu-
i y and esilience o he CCAM (Connec ed, Coope a i e and Au oma ed Mobil-
i y) ecosys em, which can be easily deployed o ex end he cu en Ope a ional
Design Domain (ODD), p o iding sel -awa eness, sel - esilience and sel -healing
mechanisms and enhancing us be ween s akeholde s. SELFY is based on ou
pilla s: Si ua ional awa eness, Resilience, Secu e Da a Sha ing and T us and p o-
ides h ee g oups o ools. SACP (Si ua ional Awa eness and Collabo a i e Pe -
cep ion) ools aim a p o iding all CCAM ac o s wi h a comp ehensi e unde -
s anding o hei en i onmen , i.e., he pe cep ion o objec s, such as o he a ic
pa icipan s and s a iona y objec s. CRHS (Coope a i e Resilience and Healing
Sys em) ools enable sel -p o ec ion ac ions whene e a comp omising si ua ion
is de ec ed in ela ion o asse s, ehicles, ope a ions, o he sys em i sel . TDMS
© The Au ho (s) 2026
C. McNally e al. (Eds.): TRAcon e ence 2024, LNMOB, pp. 745–751, 2026.
h ps://doi.o g/10.1007/978-3-032-06763-0_106
746 V. Jimenez e al.
(T us and Da a Managemen Sys em) ools es ablish a secu e and us ed en i-
onmen o da a in a collabo a i e and coope a i e con ex , bo h o in as uc u e
and asse s, as well as o ci izen’s da a, such as d i e s o pedes ians wi h spe-
cial a en ion o p i acy conside a ions. By de ining a collabo a i e en i onmen
be ween he di e en ools o espond o new h ea s, isks and a acks SELFY
acili a es he comp ehension o new challenges in he cybe secu i y aspec o
CCAMs.
Keywo ds: Coope a i e Connec ed Au oma ed Mobili y (CCAM) ·
Cybe secu i y · P i acy · T us · Resilience · Si ua ional Awa eness ·
Sel -Managemen Secu i y
1 In oduc ion and Mo i a ion
Coope a i e Connec ed Au oma ed Mobili y (CCAM) will imp o e he mobili y ecosys-
em o millions o ci izens in Eu ope and a ound he wo ld. Le e aging a i icial in el-
ligence solu ions, big da a, enhanced connec i i y, and digi aliza ion, CCAM will pa e
he way o sma e ci ies, enhancing hei e iciency, sus ainabili y, and accessibili y
o all use s. Howe e , as de ined by he CCAM’s SRIA [1] (S a egic Resea ch and
Inno a ion Agenda), Key Enabling Technologies such as cybe secu i y a e equi ed o
p o ide obus ness and esilience. Th ea s, inciden s, and malicious ac ions as well as
sys em ailu es mus be de ec ed in eal- ime and epo ed o a decision-making sys-
em o pe o m esponse ac ions. CCAM s ys ems’ esilience hea ily elies on he da a
and in o ma ion usion, sha ing and p ocessing. The e o e, gua an eeing a secu e low o
gene a ed and p ocessed da a be ween all s akeholde s is i al o a co ec , e icien , and
obus ope a ion o he di e en se ices and sys ems in he CCAM en i onmen . Ensu -
ing he e aci y, quali y and in eg i y o he gene a ed da a is essen ial in he mobili y
managemen and con ol p ocess, bo h in he s ages o pe sis ence, ansmission, access
and use o in o ma ion, as well as in he di e en s ages o cybe secu i y and secu i y
managemen o he CCAM ecosys em.
The e a e al eady some egula ions and s anda ds like he UNECE WP.29 R155 [2]
and R156 [3] o he ISO/SAE21434 [4] which ocus hei e o s on p o iding a mo e
comple e cybe secu i y managemen sys em wi h inciden managemen and emo e so -
wa e upda es as well as de ining a amewo k o including cybe secu i y equi emen s
and isk managemen . SELFY ools like he Vehicle Secu i y Ope a ions Cen e (VSOC)
o Secu ed O e he Ai so wa e upda e (SOTA) p o ide a pa ial solu ion bu go beyond
by p oposing a collabo a i e en i onmen be ween all CCAM elemen s by sha ing and
using da a and inc easing he awa eness, obus ness and us o he o e all CCAM
sys em.
2 SELFY Concep
SELFY esea ches and implemen s a se o ools ha a e agnos ic o OEMs and suppli-
e s, being easily in eg a ed ( eady- o-use and e-use) in se ice and p oduc de elopmen
p ocesses om he design s age ( esilience by design), conside ing he ull ODD o he
SELFY - Sel Assessmen , P o ec ion and Healing Tools 747
di e en CCAM scena ios. SELFY oolbox will pe o m a con inuous assessmen o
he obus ness and esilience, based on a p ocess o si ua ional awa eness h ough col-
labo a i e pe cep ion, a se o coope a i e esilience and healing sys ems se ices in
esponse o comp omised si ua ions (cybe -a ack, in usion, cybe - e o ism o cybe -
sabo age), based on he ga he ing and sha ing o da a in a us ed collabo a i e en i on-
men . The key echnologies unde pinning he SELFY oolbox a e desc ibed in Fig. 1.
These echnologies a e g ouped in o h ee ca ego ies which in u n a e suppo ed by
he ou cybe secu i y inno a ion pilla s ou lined ea lie . To add ess he complexi y o
CCAM he SELFY ools a e deployed on mul iple laye s, e.g., ehicle, RSU o cloud.
Fig. 1. SELFY’s oolbox o echnologies (sou ce: pixabay.com oyal y- ee con en license)
2.1 Si ua ional Awa eness and Collabo a i e Pe cep ion (SACP)
The SACP includes a se o ools o ob ain a comp ehensi e unde s anding o he en i on-
men , pe cep ion and posi ion o objec s by using a i icial in elligence and agg ega ing
and using da a om senso s and V2X.
Vehicle
•Si ua ional Assessmen Module. I de ec s anomalies, misuse, mal unc ions, e c. The
ool akes he en i onmen model ( used om RSU and on-boa d ehicle senso da a),
ego ehicle CAN inpu s, ego ehicle ajec o y, Coope a i e Awa eness Messages
(CPMs) as inpu and analyzes he da a using AI-Based me hods o de ec anomalies
and assign a isk le el o he cu en si ua ion.
•Vehicle-cen e ed si ua ional awa eness ool. I p o ides a 360º iew o he ehicle
su oundings using senso usion and AI-based objec ( ehicle and VRU) de ec ion
algo i hms. This in o ma ion will be sha ed o he on-boa d V2X communica ion
module, and i will be used o gene a e a Local Dynamic Map (LDM). The LDM will
be sha ed wi h RSU and o he ehicles h ough V2X channel.
•Agg ega ion ool. CAMs and CPMs sha ed om a ic pa icipan s and in as uc-
u e ia V2X communica ions a e agg ega ed and used wi h he local pe cep ion
in o ma ion in o a cen al pe cep ion sys em.
748 V. Jimenez e al.
RSU
•T a ic Moni o ing Tool. I iden i ies and acks objec s based on ideo da a, esul s
o senso s usion and V2X messages.
•Th ea E alua ion Tool. I i den i ies di e en ypes o h ea s and makes decisions
abou how o handle hem.
•Senso Fusion & Anomaly De ec ion Tool. I analyses and uses da a om
LIDARs/RADARs moun ed on he RSU. The ool also aims o de ec anomalies
be ween a pai o s ou ces.
2.2 Coope a i e Resilience and Healing Sys em (CRHS)
The CRHS includes a se o ools ha will elici sel -p o ec ion whene e a comp omised
si ua ion is de ec ed. The ac ions can be aken locally o in coope a ion a global CCAM
le el. This global capaci y is embodied in he VSOC.
Vehicle
•Sa e y Ope a ional Tool. I e alua es he si ua ional and own isks o he ego- ehicle
and modi ies he planned ajec o y o a minimum isk manoeu e when needed in
he e en s o sys em ailu es such as localiza ion losses.
•A i icial Immune Sys em. I p o ides a mechanism o de ec de ia ions. I hese
in ol e an a ack, lea n om hem and (i possible) mi iga e his ype o a ack. I ac s
as a swa m ha connec s all ehicles, upda ing and sha ing he mi iga ion’s solu ions.
•ROBUST ool. I p o ides a se o algo i hms ha allows designing and implemen -
ing physics-based (kinema ics/dynamics) schemes o ajec o y planning, anomaly
de ec ion, and communica ion p o ocols ha a e op imized by design o be as obus as
possible (in e ms o po en ial damage o ehicles/in as uc u e) agains cybe a acks.
RSU
•Audi Box. I audi s he WiFi and BT in e aces o he ehicle and de ec s jamming
si ua ions. I logs he esul s and sends i o he VSOC.
Cloud
•VSOC. I collec s da a om he SELFY oolse ( h ough he VSOC API) and de ec s
anomalies wi hin he da a o he CCAM ecosys em. The analysis esul s a e p epa ed
and dis ibu ed o he SELFY ools h ough he VSOC API. The API can be used o
subsc ibe o in o ma ion (e.g., us sco e o ool pa ne s and OEMs) and send da a
o he VSOC.
SELFY - Sel Assessmen , P o ec ion and Healing Tools 749
•In e ac ion-based V&V (Ve i ica ion and Valida ion ool. I is dedica ed o conduc -
ing o mal analyses employing models o in e ac ions akin o UML Sequence Dia-
g ams and Message Sequence Cha s. Among he analysis ea u es o e ed by he
ool, we ha e Run ime Ve i ica ion (RV), as de ailed in [5] and in [6]. This unc-
ionali y enables he iden i ica ion o non-con o mi ies agains he in e ac ion mod-
els, he eby exposing po en ial secu i y h ea s wi hin V2X communica ion lows i n
CCAM sys ems.
2.3 T us Da a Managemen Sys em (TDMS)
TDMS includes a se o ools add essed o build a secu e and us ed en i onmen o
da a in a collabo a i e con ex bo h o in as uc u e and ehicles as well o ci izens
(d i e s o pedes ians).
Vehicle
•Sensi i e Da a Anonymiza ion ool. I ecei es he de ec ed objec s ( ehicle and VRU)
om he ehicle-cen ed si ua ional-awa eness ool, de ec s he sensi i e da a (human
aces and ehicle license pla es), and anonymizes such pe sonal and sensi i e da a by
blu ing.
•P i acy U ili y Tool. I dis o s ( o en o ce p i acy) da a used o pla ooning ajec o y
planning and anomaly de ec ion be o e sha ing ia V2X so ha sensi i e in o ma ion
is hidden as much as possible while p ese ing da a u ili y.
RSU
•V2X P i acy ool. I assigns IDs o desc ibing acked objec s in CPM messages,
he assignmen o said IDs aking in o accoun change o iden i y by CAM-sending
ehicles so as o a oid leaking ehicle iden i y h ough CPM messages.
•Roadside T us Tool. I assesses a le el o us o each V2X agen based on V2X
messages and da a om oadside senso s.
Cloud
•SOTA ool. I p o ides me hods o ensu e secu e SW upda es o connec ed and
au oma ed ehicles. I ocuses on he en i e ehicle le el and no only on i s key
componen s. The en i e li e cycle o he ehicle wi hin he CCAM shall be add essed
a each laye o he CCAM s ys em.
All
•PQC p o ides lib a ies o use Pos Quan um C yp og aphy as pa o a TLS unc ion.
Pos Quan um C yp og aphy gua an ees ha sys ems will be obus agains cu en
and u u e cybe a acks on c yp o-sys ems

750 V. Jimenez e al.
•Remo e A es a ion Sys em Box. I aims a ensu ing in eg i y e i ica ion o a ious
so wa e componen s unning on he ehicle o he RSU.
•Key Exchange/Managemen Box (KEMS Box). I dynamically gene a es and upda es,
whene e needed, he keying ma e ial o all he en i ies ha equi e i o di e en
pu poses like da a p o ec ion, ne wo k access con ol.
•ITS S a ion. I ansmi s and ecei es V2X messages in compliance wi h he V2X
s anda ds. V2X communica ion can happen ei he in di ec mode (ITS-G5) o
h ough cellula communica ion (wi h a elay in he cloud: C-ITS-S) (No planned in
SELFY). I can also ou e s anda d IP( 4/ 6) messages be ween componen s and he
in as uc u e on he In e ne .
3 Ma ke Po en ial
SELFY’s signi icance ela es o i s po en ial impac in secu i y, sa e y, and esilience o
he CCAM ecosys em, such as OEMs, a ic managemen cen e s, TIER-x supplie s,
sma in as uc u e supplie s o egula o y and s anda diza ion bodies, among o he s.
The ma ke segmen s a e e y b oad, om au omo i e OEMs and supplie s, a ic and
in as uc u e managemen , oad ope a o s o p oduc and se ice de elopmen eams.
Conside ing he new egula o y equi emen s in CCAM, he ma ke po en ial is e i-
den , which is es ima ed [6] a EUR 535 million. I can be eached h ough h ee main
sou ces: licensing and subsc ip ion ees o using he SELFY oolbox, consul a ion and
cus omiza ion se ices o speci ic needs and main enance and suppo ees.
4 Conclusions and Nex S eps
Coope a i e Connec ed and Au oma ed Mobili y equi es cybe secu i y and p i acy
ools. New egula ions and s anda ds a e coming and solu ions ha e o be deployed o e
he sys em. Ci izens, such as d i e s, Vulne able Road Use s (VRU) o pedes ians shall
accep and us he sys em. SELFY’s solu ion is a coope a i e oolbox which add esses
all o hese issues, inc easing pe cep ion and awa eness, obus ness, a ack de ec ion and
mi iga ion a e and p o iding sa e s a es and secu e upda es, e e y hing o ches a ed by
aVSOC.
As a nex s ep, SELFY is going o be alida ed o e h ee main use cases: Resilien
Coope a i e Mechanisms o VRU Sa e y, Secu e empowe men o backend sys em o
a ic managemen sys em and Robus pla ooning. These alida ions a e going o be
sepa a ed in o h ee g oups: simula ion, labo a o y and eal-wo ld alida ion and he
ou comes o he p ojec a e going o be e alua ed acco ding o a se o KPIs (Key
Pe o mance Indica o s) ele an o he CCAM sec o .
Acknowledgemen . The esea ch leading o hese esul s has ecei ed unding om he Eu opean
Union’s Ho izon Eu ope p og amme unde g an ag eemen No 101069748- SELFY p ojec .
SELFY - Sel Assessmen , P o ec ion and Healing Tools 751
Re e ences
1. SRIA web page. h ps://www.ccam.eu/ou -ac ions/s ia/
2. UN egula ion 155 web page. h ps://unece.o g/ anspo /documen s/2021/03/s anda ds/un- eg
ula ion-no-155-cybe -secu i y-and-cybe -secu i y
3. UN egula ion 156 web page. h ps://unece.o g/ anspo /documen s/2021/03/s anda ds/un- eg
ula ion-no-156-so wa e-upda e-and-so wa e-upda e
4. ISO/SAE21434 web page. h ps://www.iso.o g/s anda d/70918.h ml
5. Mahe, E., Bannou , B., Gas on, C., Lapi e, A., Gall, P.L.: In e ac ion-based o line un ime
e i ica ion o dis ibu ed sys ems. In: Con e ence FSEN (2023). h ps://doi.o g/10.1007/978-
3-031-42441-0
6. Mahe, E., Bannou , B., Gas on, C., Lapi e, A., Gall, P.L.: Tooling o line un ime e i ica ion
agains in e ac ion models: ecognizing sliced beha io s using pa ame e ized simula ion. J.
Objec Technol. ( o appea )
7. P edence Resea ch web page. h ps://www.p ecedence esea ch.com/au omo i e-cybe secu i y
Open Access This chap e is licensed unde he e ms o he C ea i e Commons A ibu ion 4.0
In e na ional License (h p://c ea i ecommons.o g/licenses/by/4.0/), which pe mi s use, sha ing,
adap a ion, dis ibu ion and ep oduc ion in any medium o o ma , as long as you gi e app op ia e
c edi o he o iginal au ho (s) and he sou ce, p o ide a link o he C ea i e Commons license and
indica e i changes we e made.
The images o o he hi d pa y ma e ial in his chap e a e included in he chap e ’s C ea i e
Commons license, unless indica ed o he wise in a c edi line o he ma e ial. I ma e ial is no
included in he chap e ’s C ea i e Commons license and you in ended use is no pe mi ed by
s a u o y egula ion o exceeds he pe mi ed use, you will need o ob ain pe mission di ec ly om
he copy igh holde .