Secure and Resilient Connected Autonomous Systems (SeRCAS)

Secure and Resilient Connected Autonomous Systems (SeRCAS) is a research theme within the Centre for Future Transport and Cities. 

Focus of our research

The Secure and Resilient Connected Autonomous Systems (SeRCAS) group focuses on building trustworthy and resilient autonomous systems by advancing key areas including cyber security, resilience, wireless connectivity, autonomy, and AI/ML. Our work spans multiple mobility domains such as Connected and Automated Mobility (CAM), Cooperative CAM (CCAM), and Multimodal Mobility as a Service (M‑MaaS).

Our research portfolio includes:

• Cyber Security for wireless interconnected systems, e.g., CAVs
• Critical infrastructure security, e.g., Electric Vehicle (EV) charging infrastructure
• Symbolic AI and Context‑Aware Security Analysis
• Threat Analysis and Risk Assessment (TARA) for automotive and cyber‑physical systems
• Digital Twins (DT) for communication and mobility systems
• Semantic Communication for Terrestrial (TN), e.g. 5G/B5G, and Non‑Terrestrial Networks (NTN), e.g., Satellite and Unmanned Aerial Vehicles (UAVs)
• Optimisation, planning, and coordination challenges in UAVs
• Urban Air Mobility related challenges

Together, these activities contribute to a comprehensive approach for ensuring the safety, security, and resilience of next‑generation autonomous and connected mobility systems.

Key researchers

Project spotlight

CyberASAP Year 9 – Phase 2: “AutoTARA – Proof-of-Concept Build and Commercialisation Readiness” [Sep. 2025 – Feb. 2026]
Funder: Department for Science, Innovation and Technology (DSIT) / Innovate UK

The Phase 2 bid aims to build a TRL-6 AutoTARA prototype with an integrated AI pipeline and a practical user interface for automotive cybersecurity engineers. It will harden the PoC towards an MVP, including security, scalability and integration with existing modelling/engineering tools. The project also covers SOC-2 readiness and structured preparation for investment, including data-room and technical due-diligence materials. Design-partner pilots with OEMs and Tier-1 suppliers will be used to validate performance, usability and audit-readiness in realistic TARA workflows. Overall, the project is designed to position AutoTARA as a credible spin-out opportunity by early 2026.

Phase 2 is expected to deliver a working prototype demonstrating at least a 50–60% reduction in TARA effort while maintaining or improving coverage versus manual baselines. It will generate robust pilot evidence on time-savings, compliance/audit acceptance and buyer journeys. The project will also result in an investor-ready proposition, enabling follow-on funding or spin-out formation.

Planned outputs include the AutoTARA PoC/MVP software (core AI engine plus UI), SOC-2 gap-analysis and associated security/compliance documentation. The project will also produce pilot evaluation reports and updated commercial materials (pitch deck, business plan, financial model and data-room structure). These will be used to support both internal commercialisation decisions and external investor/partner discussions.

CyberASAP Year 9 – Phase 1: “AutoTARA – AI-Driven Semi-Automated Threat Analysis and Risk Assessment for Automotive Cybersecurity” [Apr. 2025 – Jul. 2025]
Funder: Department for Science, Innovation and Technology (DSIT) / Innovate UK

AutoTARA develops an AI-driven, semi-automated Threat Analysis and Risk Assessment (TARA) tool for automotive systems, aligned with ISO/SAE 21434 and UNECE R155. It combines large language models, graph-based attack modelling and probabilistic risk assessment to automate threat identification, risk scoring and compliance reporting. The project targets OEMs, Tier-1 suppliers and cybersecurity consultancies through a B2B SaaS model. Phase 1 focused on value proposition development, market validation and early PoC scoping within the CyberASAP accelerator. The work establishes the commercial and technical basis for a future spin-out.

Phase 1 validated strong market pain and willingness-to-pay through interviews and surveys with OEMs, Tier-1s and auditors, confirming both problem fit and price sensitivity. It produced a clear commercialisation and go-to-market strategy focused on European automotive cybersecurity buyers. The project also defined a de-risked technical and commercial roadmap that underpins the follow-on Phase 2 proposal.

Key outputs include a validated value proposition, market-validation summary and a refined business model for AutoTARA. The project delivered pitch decks, a one-page project summary and Phase-1 review presentations, together with an initial technical architecture and AI pipeline concept. These materials are now being used in internal commercialisation discussions and external engagement.

EIDS-CAN-MHO: Enhanced Intrusion Detection System for Controller Area Network (CAN) Using Meta-Heuristic Optimization. [Sep. 2024 - Sep. 2025].
Funder: TÜBİTAK, Turkey

The Controller Area Network (CAN) bus is a key in-vehicle communication protocol that enables real-time data exchange among ECUs for functions such as engine control, braking, and infotainment. Despite its widespread use, the CAN bus lacks built-in security features like authentication and encryption, making it vulnerable to message injection, eavesdropping, and operational disruption. As connected and autonomous vehicles advance, securing CAN bus communication has become increasingly critical.

EIDS-CAN-MHO introduces MetaCAN, a machine learning-based IDS optimized with a hybrid metaheuristic approach combining Particle Swarm Optimization and Cuckoo Search. Using XGBoost with integrated feature selection and hyperparameter tuning, MetaCAN enhances detection performance while reducing false positives and computational cost. Evaluated on real-world CAN datasets, the proposed system demonstrates strong effectiveness in mitigating vehicular cyber threats.

CIintoSRN: A Roadmap to Cybersecurity for the Integration of Connected Infrastructure (CI) into the Strategic Road Network (SRN) [Sep. 2023 – Mar. 2024]
Funder: National Highways (NH)

CIintoSRN aims to conduct a comprehensive review and establish a roadmap on critical aspects of cybersecurity and related human factors concerning the integration of Connected Infrastructure (CI) into the Strategic Road Network (SRN). The project investigates how cybersecurity affects road users’ behaviour and explores users’ perceptions of data usage, emphasizing the importance of communication to build trust in connected technologies.

CIintoSRN reviewed CI development trends in the UK, assessing benefits and challenges, and analysed cybersecurity risks associated with CI integration into SRN, highlighting the importance of securing emerging technologies like 5G/B5G and V2X systems, as well as addressing the cybersecurity challenges of implementing a Digital Twin (DT) for the SRN. The research also reviewed relevant standards, policies, regulations, and best practices related to connected infrastructure, automotive cybersecurity, and road user safety. Methods included stakeholder workshops, document analysis, and expert consultations.

Key findings underscored the necessity of integrating human factors with cybersecurity, ensuring robust digital infrastructure, and addressing the privacy and security challenges of advanced connectivity technologies. The research recommended developing a holistic cybersecurity strategy with real-time monitoring and regular risk assessments, establishing robust privacy policies to build public trust, and ensuring seamless interoperability between different infrastructure components through collaboration with industry experts, public sectors, and standardization bodies. These recommendations aim to support the secure and efficient integration of CI into the SRN, enhancing road safety, user trust, and system resilience.

EV-Lift: Electric Vehicle Light-weighting integrated Future-proof Traction [Aug. 2019 – Mar. 2024]
Funder: Advanced Propulsion Centre (APC)

EV-Lift aimed to keep the UK at the forefront of electric vehicle development and is expected to have a positive impact on the UK, its partners, and their supply chains. Through this project, Coventry University investigated the potential of enhancing safety by utilizing torque vectoring capability to mitigate the hazards of certain failure modes, such as tyre blowouts on motorways, thereby providing wider exploitation opportunities for autonomous vehicles with this type of architecture.

Within the EV-LIFT project, Lotus progressed the EV-LIFT project with Coventry University and YASA Ltd and successfully established Electric Drive Unit (EDU) and vehicle system performance requirements, vehicle feature level targets, EDU layout studies, EDU integration evaluations, electrical architecture development, Functional Safety (FuSa) concept evaluation, EDU Design Verification Plan (DVP) established, propulsion Battery Electric Vehicle (BEV)/hybrid Computer Aided Engineering (CAE) tool created, an increased understanding of the torque vectoring (TV) possibilities (with Coventry University), along with increasing the teams knowledge on electric vehicle requirements and solutions—total project value £22.8 million, with £11.4 million funded through the APC.

Coventry University developed experimental Torque Vectoring and semi-autonomous algorithms and tested them at the simulation level, e.g., in scenarios, Motorway tests at different velocities (with varying tyre pressure), single-lane change, and double-lane change, among others. In addition, hardware-in-the-loop for digital twine and scale car physical autonomous platforms were designed at the hardware level (part of the exploitation plan for future development). The project introduced world-class electric vehicle technology at the hardware and algorithmic levels.

Secure-CAV: Advanced Cybersecurity for Connected and Autonomous Vehicles - Secure-CAV is an ambitious collaborative project that aims to improve the safety and security of tomorrow’s connected and autonomous vehicles (CAVs): and in doing so, ultimately advance the wellbeing of our citizens and infrastructure.

The project addresses one of the most pressing “pain points” in the transportation industry: cybersecurity. Today, we are moving progressively through increased levels of driver assistance, with the eventual aim of deploying full autonomy. The electronic content of vehicles is therefore growing rapidly. Vehicles are also increasingly connected, becoming effectively IoT-style devices.

The result of all this is that the opportunities for malicious actors to hack into vehicles’ systems are becoming greater. And at the same time, the potential consequences of failing to detect and mitigate such attacks are skyrocketing: a compromised autonomous vehicle is no mere inconvenience, it is a potential threat to life.

The Secure-CAV project seeks to answer these challenges by developing cybersecurity solutions that can be embedded deep in the underlying electronic hardware within a CAV. To do so, it brings together a multidisciplinary team: Cybersecurity specialist consultancy Copper Horse, leading hardware-based cybersecurity provider Siemens EDA, Machine Learning (ML) experts from the University of Southampton and the Institute of Future Transport at Coventry University. The socio-economic impacts of cybersecurity attacks are tremendous, with the automotive industry estimated to lose £20 billion annually by 2023 [Upstream Security]. Co-funded by the UK’s innovation agency Innovate UK, the Secure-CAV project is tackling a very real market and societal need with new thinking and technology.

TOMSAC: Trade-off Management between Safety and Cybersecurity - The TOMSAC project aims to propose novel and effective solutions for managing trade-offs between cybersecurity and safety in converging Cyber Physical (CPS) and Internet of Things (IoT) systems.

The convergence of IoT and CPS systems means there is a need for effective methods to manage trade-offs between cybersecurity and safety measures that are interdependent and often complementing or conflicting. Assuring cybersecurity can introduce unintended safety consequences and vice versa. Early analysis of existing work in this area indicates an urgent need of methods for managing trade-off between safety and cybersecurity. TOMSAC will achieve its aims through a comprehensive literature review, consultations with user partners and an industry survey.

The project will reflect the findings of the available research, complemented by the recommendations of relevant international standards and guidelines (such as ISA 84, ISA 99, ISO 26262, ISO/SAE 21434), and practices used by industry. TOMSAC will develop a novel method which is inspired by the principles of Quality Function Deployment (QFD) – a method created in Japan in 1960s and widely used in industry for improving product quality and customer satisfaction.

ENCODE: Ensuring Cybersecure Deployments of Driverless Teleoperated Vehicles - ENCODE will further the integration of enabling Connected and Automated Vehicle (CAV) technology, namely teleoperation - remotely operating a vehicle, and assessing its safe and secure integration with an automated driving system.

ENCODE believes that "multi-driver" vehicles (manually driven, automated software-driven or teleoperated) will accelerate CAV technology to commercially viable deployment, enabling the removal of the safety driver within certain ODDs. This supports the DfT's mission to benefit the UK supply chain, and support government assurance processes in this area.

This six-month project, concluding in March 2022, will research and assess the security and safety considerations for implementing a remote driving system into a multi-driver vehicle removing barriers to CAV deployment.

SAVOR: Safely Advancing Vehicle Automation on Roads - SAVOR explores the key requirements to apply remote monitoring and teleoperation (RMTO) to automated vehicles (AVs) as an essential safety measure in achieving L4 operation on public roads.

These requirements apply both to the vehicle automation stack, the communications and the remote monitoring and control interface. The project includes essential human factors and technology assessments to provide recommendations that may be used by DfT, CCAV, and other industry stakeholders when deploying their solutions.

PhD Projects

A Framework to Securing Software Defined Vehicles with Zero Trust Security Mechanisms

[Feb. 2026 – Feb. 2030] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Moksha Thisarani
As SDVs become increasingly integrated into connected ecosystems, traditional security models are insufficient to address evolving cyber threats. Zero Trust, which assumes no implicit trust and enforces continuous verification, offers a promising approach. While existing research in the UK and abroad has explored ZTA in areas such as intrusion detection and 5G/6G networks, there remains a significant gap in applying these models to the dynamic, real-time environments of SDVs. This research aims to develop a context-aware framework adapting zero trust security for software-defined vehicles (SDVs), addressing real-time security challenges. It will integrate proactive threat anticipation to strengthen SDV resilience and analyse key zero trust elements - identities, data, network, software, and hardware - to develop best practices for robust security in connected and autonomous vehicles.

AI-driven Cooperative Internet of Vehicles (C-IoV) as a Service

[Jan. 2026 -Jan. 2029] (cotutelle PhD project between Coventry University and GITAM, India)
PhD student: Parvathy Padmanabhan
Connected and Autonomous Vehicles (CAVs) are poised to reshape smart cities by not only transporting people and goods but also sharing their underused onboard resources to form a Cooperative Internet of Vehicles (C IoV). With rich sensing, communication, and computing capabilities, CAVs can provide data storage, relaying, and processing services for vehicles, passengers, and third party stakeholders. Although researchers have explored task offloading, resource management, and Digital Twin (DT) enabled solutions, key challenges remain, including sporadic resource availability, diverse user demands, multi resource requirements for safety critical applications, and the impact of C IoV services on DT accuracy. This PhD project will tackle these gaps by developing AI based resource availability prediction, optimal joint resource allocation, and efficient inter CAV spectrum coordination mechanisms.

An Adaptable and Contextual Zero Trust Access Control Mechanism for Critical Infrastructures

[Sep. 2025 – Sep. 2029] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Arun Acharya
Zero Trust Architecture (ZTA) shifts security from perimeter-based defence to continuous, resource-centric verification. In Access Control Systems, Policy Enforcement Points use trust algorithms and models to decide access. However, existing trust models, including machine learning approaches, typically assess trust only once before granting access, failing to meet ZTA’s need for continuous, context-aware, and risk-based evaluation. This gap is critical in dynamic Critical Infrastructure (CI) environments with heterogeneous IoT and Cyber-Physical Systems generating real-time data. Static rule-based and black-box AI methods lack adaptability. This project proposes a Reinforcement Learning (RL)–based, context-aware access control framework for CIs, enabling continuous trust assessment, adaptive policy decisions, scalability, rigorous validation, and broader exploration of RL applications in cybersecurity.

An integrated approach to formal modelling and verification of connected autonomous systems

[Jan. 2022-Jan. 2026] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Sheraz Mazhar
Modern connected and autonomous vehicles (CAVs) face major cybersecurity risks due to complex electronics and extensive connectivity. Greater connectivity increases the likelihood of remote attacks, making strong security measures essential. Traditional testing, though important, cannot fully capture the wide range of possible attack scenarios. Formal verification provides a more rigorous alternative by mathematically checking all possible system behaviours, but its effectiveness depends on defining the correct security properties—an often-challenging task. This project introduces an integrated framework that combines threat analysis with formal verification to improve the security of connected autonomous systems. Using Natural Language Processing (NLP), the framework automatically extracts key security information from threat analysis outputs and generates relevant Computation Tree Logic (CTL) properties. These properties precisely describe system security requirements and used within a NuSMV model, enabling detailed simulation, verification, and interpretation through verification results and counterexample traces.

An Adaptive Cybersecurity Analysis Framework for Connected EV Charging Systems

[Jan. 2022 – Jan. 2026] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Teena Kumari
Advances in vehicle technology have turned modern EVs into highly connected cyber-physical systems, improving safety and convenience but also widening their attack surface. Static, traditional security methods struggle to incorporate diverse contextual information, limiting their ability to deliver interpretable, situation-aware security analyses in dynamic environments. This project presents an adaptive cybersecurity framework for assessing security in the connected EV charging ecosystem. It uses ontology-based techniques, OWL and SWRL, to integrate and reason over contextual data from sensors, regulations, and other sources. A Python environment dynamically populates the ontology and performs reasoning, while SPARQL queries support validation. A custom PyQt interface automates reasoning, extracts inferred knowledge and visualizes results interactively. Applied to EV charging sessions, the framework semantically links contextual attributes to cybersecurity concepts such as anomalies and threats. Experiments show that it enables adaptive, scalable, and context-aware security assessments, improving decision-making and strengthening cybersecurity analysis in EV ecosystems.

Reverse Engineering Guided Fuzzing for Controller Area Network Security

[Feb. 2022 – Feb. 2026] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Manu Jo Varghese
Modern vehicles now function as complex cyber-physical systems with over a hundred ECUs communicating over the insecure, legacy CAN bus, creating a wide attack surface. This project tackles these challenges by developing a framework that integrates reverse engineering, fuzz testing, and machine learning to strengthen vehicular cybersecurity. The work begins with a protocol-aware CAN fuzzing framework using entropy-based bit partitioning and heuristic mutation to uncover ECU vulnerabilities. It then introduces ARE-GF, an automated reverse-engineering-guided fuzzer that decodes proprietary message structures and prioritizes high-impact mutations using a statistical vulnerability predictor. These methods are realized in a hardware-in-the-loop testbed featuring real ECUs and a software-defined CAN gateway for safe, reproducible experimentation. It then develops AMCFF-RL, which applies deep reinforcement learning to multi-modal CAN features, enabling a DQN agent to dynamically allocate mutation effort and optimize fuzzing strategy. In evaluations, ARE-GF and AMCFF-RL outperform commercial tools, accelerate vulnerability discovery, and uncover multiple previously unknown flaws.

Towards Uncertainty-Aware Real-Time Neuro-Symbolic Contextual Intelligence

[Jan. 2022-Jan. 2026] (cotutelle PhD project between Coventry University and Deakin University, Australia)
PhD student: Alireza Nezhadettehad
Real-time, context-aware predictive systems are increasingly used in dynamic, safety-critical domains such as intelligent transportation systems, where incomplete data, sensor noise, and evolving behaviour create unavoidable uncertainty. Traditional deterministic models, such as Long Short-Term Memory networks, optimise point accuracy and assume predictions must always be produced, often leading to overconfident and poorly calibrated decisions. This thesis develops uncertainty-aware frameworks that integrate Bayesian probabilistic learning with symbolic reasoning for reliable decision-making. Using parking availability prediction as a representative use case, three progressive phases are evaluated under varying data availability and noise. First, Bayesian Neural Networks model epistemic and aleatoric uncertainty, enabling selective prediction and improving accepted-decision accuracy by 20–30% over LSTM at reduced coverage. Second, loosely coupled neuro-symbolic integration enhances robustness but not raw accuracy. Finally, a tightly coupled Bayesian neuro-symbolic framework embeds domain knowledge into learning, achieving superior accuracy, coverage, robustness, and interpretability under uncertainty.