Hackathon 2025 -TMC Drive: Threat Model πŸš— Autonomous Drive - Team 2 - (Special Mention)

Team 2 – YODA: Your Optimal Defense Architects

:chequered_flag: Threat Modeling Hackathon 2025

Hello from Team 2 β€” a.k.a. YODA (Your Optimal Defense Architects)!
We’re proud returning champions from the TMC Hackathon 2024 :trophy:, and this year we were thrilled to receive a Special Mention during the 2025 awards! :sparkles:

:busts_in_silhouette: Meet the Team:

  • Arron (@A_J) – Our fearless Team Lead
  • Fraser Scott (@FraserScott) – Our Jedi Mentor
  • Jan Andersen (@hr.janandersen) – The Detail Defender
  • Alicia (@alicia) – Documentation Ninja & Confluence Commander
  • Jetzable – Sensor Whisperer
  • Ivan Smetskoy – The Detail Defender
  • Prasanna (@Prasanna) – Master of Visuals

:brain: How We Approached It


This image captures our journey through the galaxy of cyber risk during Threat Modeling Hackathon 2025.
We focused on the TMC-Drive, a futuristic Level 5 autonomous EV, and built our threat model with structure, curiosity, and a sprinkle of humor.

We kicked things off by defining a clear scope: the Autonomous Driving Stack β€” arguably the brain of the vehicle, and definitely the riskiest if compromised. :automobile::high_voltage:

We dive into several threat modeling methods, and we chose PASTA (Process for Attack Simulation and Threat Analysis). Big shoutout to Tony, the creator of PASTA, for generously sharing insights and guiding us through ForkTM (forktm.com) to address Business centric risks.

But wait, there’s more :eyes: β€” we explored:

  • IriusRisk Community Edition for structured modeling :puzzle_piece:
  • RTMP (Rapid Threat Model Prototyping), guided by the ever-awesome Geoffrey Hill
    (GitHub Docs)
  • **OpenThreat Model format referred but unfortunately we did not had time to play our hands on, but enjoyed the guidance by our awesome Mentor Fraser Scott.

Alongside that, we deepened our understanding of:

  • TARA Threat Analysis and Risk Assessment
  • Autonomous Driving Systems & ADAS
  • Software-Defined Vehicles
  • Limitations of Hardware and security on Autonomous industries
  • And of course, the role of AI in modern mobility :robot::brain:

:toolbox: Our Stack:

  • Threat Modeling Methodology, Framework &Tools: STRIDE, IriusRisk (community edition), LINDUNN, Plot4AI, (PASTA) ForkTM, and RTMP
  • Collaboration: Zoom, Slack, Trello, Confluence
  • Research Sources: Auto-ISAC, MITRE, OWASP, and way too many late-night blog posts :sweat_smile:

:bullseye: The Outcomes:

:open_file_folder: Our Final Submission & Artifacts


:speech_balloon: We’d Love to Hear From You!

Have questions, ideas, feedback, or memes?
We’re all ears (and sensors) β€” let’s make threat modeling fun and fearless together.

Until next time β€”
Stay strong/safe, Threat Model hard, and May the Security Be With You.
– Team 2 YODA :shield::sparkles:

5 Likes

It seems you conducted a very systematic ADS decomposition & analysis while combining the best capabilities of the tools you evaluated e.g. IriusRisk was obviously useful for creating the comprehensive diagram.Congrats for such a good work !

1 Like

Thank you for making your post so beautiful :bouquet: and pleasant to read! :heart:

Would love to hear more about your experiences with PASTA!

1 Like

Great Job team 2. It is always great to see variety of perspectives