Insider Threats in Emerging Mobility-as-a-Service Scenarios
It addresses security and privacy concerns for MaaS providers and users, but is incremental as it applies existing threat classification and mitigation approaches to a new domain.
The paper tackles the problem of insider threats in Mobility-as-a-Service (MaaS) systems by classifying potential threats across different tiers and proposing countermeasures to mitigate them.
Mobility as a Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we follow a tiered structure --- from individual operators to markets of federated MaaS providers --- to classify the potential threats of each tier and propose the appropriate countermeasures, in an effort to mitigate the problems.