Hackathon 2025 -TMC Drive: Threat Model 🚗 Autonomous Drive - Team 2 - (Special Mention)

Prasanna · April 29, 2025, 2:57pm

Team 2 – YODA: Your Optimal Defense Architects

Threat Modeling Hackathon 2025

Hello from Team 2 — a.k.a. YODA (Your Optimal Defense Architects)!
We’re proud returning champions from the TMC Hackathon 2024 , and this year we were thrilled to receive a Special Mention during the 2025 awards!

Meet the Team:

Arron (@A_J) – Our fearless Team Lead
Fraser Scott (@FraserScott) – Our Jedi Mentor
Jan Andersen (@hr.janandersen) – The Detail Defender
Alicia (@alicia) – Documentation Ninja & Confluence Commander
Jetzable – Sensor Whisperer
Ivan Smetskoy – The Detail Defender
Prasanna (@Prasanna) – Master of Visuals

How We Approached It

This image captures our journey through the galaxy of cyber risk during Threat Modeling Hackathon 2025.
We focused on the TMC-Drive, a futuristic Level 5 autonomous EV, and built our threat model with structure, curiosity, and a sprinkle of humor.

We kicked things off by defining a clear scope: the Autonomous Driving Stack — arguably the brain of the vehicle, and definitely the riskiest if compromised.

We dive into several threat modeling methods, and we chose PASTA (Process for Attack Simulation and Threat Analysis). Big shoutout to Tony, the creator of PASTA, for generously sharing insights and guiding us through ForkTM (forktm.com) to address Business centric risks.

But wait, there’s more — we explored:

IriusRisk Community Edition for structured modeling
RTMP (Rapid Threat Model Prototyping), guided by the ever-awesome Geoffrey Hill
(GitHub Docs)
**OpenThreat Model format referred but unfortunately we did not had time to play our hands on, but enjoyed the guidance by our awesome Mentor Fraser Scott.

Alongside that, we deepened our understanding of:

TARA Threat Analysis and Risk Assessment
Autonomous Driving Systems & ADAS
Software-Defined Vehicles
Limitations of Hardware and security on Autonomous industries
And of course, the role of AI in modern mobility

Our Stack:

Threat Modeling Methodology, Framework &Tools: STRIDE, IriusRisk (community edition), LINDUNN, Plot4AI, (PASTA) ForkTM, and RTMP
Collaboration: Zoom, Slack, Trello, Confluence
Research Sources: Auto-ISAC, MITRE, OWASP, and way too many late-night blog posts

The Outcomes:

Our Final Submission & Artifacts

We’d Love to Hear From You!

Have questions, ideas, feedback, or memes?
We’re all ears (and sensors) — let’s make threat modeling fun and fearless together.

Until next time —
Stay strong/safe, Threat Model hard, and May the Security Be With You.
– Team 2 YODA

DraganS · April 29, 2025, 8:41pm

It seems you conducted a very systematic ADS decomposition & analysis while combining the best capabilities of the tools you evaluated e.g. IriusRisk was obviously useful for creating the comprehensive diagram.Congrats for such a good work !

hewerlin · May 1, 2025, 7:00am

Thank you for making your post so beautiful and pleasant to read!

Would love to hear more about your experiences with PASTA!

dragon44 · May 2, 2025, 1:19pm

Great Job team 2. It is always great to see variety of perspectives

Topic		Replies	Views
TMC-Drive: Autonomous Driving Threat Model – 3rd Place (Hackathon 2025) Threat Model Examples hackathon , hackathon-25	11	151	May 2, 2025
Hackathon'25 - TMC-Drive: Autonomour Driving Threat Model - Team 24 (Special Mention) Threat Model Examples hackathon-25	0	78	April 25, 2025
Hackathon 2025 -TMC Drive Threat Model - Team 7 - 1st Place Threat Model Examples hackathon , hackathon-25	2	101	April 25, 2025
TMC-Drive: Autonomous Driving Stack by Team-40 \| 2nd Place \| Hackathon 2025 Threat Model Examples hackathon , hackathon-25	6	119	May 4, 2025
Hackathon 2025:TMC-Drive - Team 45 (Special Mention) Threat Model Examples hackathon , threatmodcon , hackathon-25	1	31	May 6, 2025