Automotive Cybersecurity Testing: Survey of Testbeds and Methods

Mahmood, Shahid; Nguyen, Hoang Nga; Shaikh, Siraj Ahmed

doi:10.1007/978-3-030-65722-2_14

Cited by 10 publications

(5 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As outlined in Section I, a main drawbacks of the current security testing process is the complexity of modern vehicles, late and manual testing techniques, such as penetration testing, and the challenge of identifying vulnerabilities as early as possible through testing. Existing surveys on (model-based) security testing, such as the work of Mahmood et al [63], Luo et al [64], and Pekaric et al [65] often refer to penetration testing and dynamic analysis techniques (e.g., fuzzing and vulnerability scanning) that do not support early vulnerability testing and can only be applied late in the development cycle. Surveys, such as the work of Altinger et al [15] and Kriebel et al [17], suggest that model-based testing addresses these challenges.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Model-Based Security Testing Approaches in the Automotive Domain

2023

View full text Add to dashboard Cite

Modern connected or autonomous vehicles (AVs) are highly complex cyber-physical systems. As a result of the high number of different technologies and connectivity features involved, testing these systems to identify security vulnerabilities is a big challenge. Security testing techniques, such as penetration testing, are often manual methods that are applied comparatively late in the vehicle development process. Thus, vulnerabilities are only detected late or after development, leading to higher costs and more patching effort. To reduce the amount of testing resources in general and enable early and automated testing, modelbased testing methods have been established in several domains, such as information technology and the automotive domain. The transfer of model-based testing approaches to automotive security testing could help to detect vulnerabilities earlier than other, manual methods by automatically generating, executing, or simulating security tests. In this study, we review the literature on model-based test approaches in the automotive domain. First, we consider security-independent approaches to obtain an overview of applied models, formalisms, test selection criteria, and test generation techniques. In addition, we investigate, whether and how model-based approaches are applied for automotive security testing. Overall, we identified 63 publications related to model-based testing and 29 publications with regard to model-based security testing. The aim of this study is to provide an overview and direct comparison between these approaches. In this manner, the state of model-based security testing in the automotive domain, current challenges, and potential research areas are determined. INDEX TERMSAutomotive security, model-based testing, model-based security testing.

show abstract

Section: Discussionmentioning

confidence: 99%

“…Mahmood et al [63] present a survey of seven test beds for security testing in the automotive field. The respective publications are examined and compared with regard to covered network technologies (e.g., CAN), attack surfaces, and attack techniques.…”

Section: A Related Workmentioning

confidence: 99%

Survey of Model-Based Security Testing Approaches in the Automotive Domain

2023

View full text Add to dashboard Cite

show abstract

“…Previous research has established two critical criteria for quality evaluation of automotive networking test beds: fidelity and adaptability [6]. Fidelity refers to the capacity to emulate real-world in-vehicle networking infrastructure, while adaptability concerns the ability to simulate various real-world infrastructures.…”

Section: Software Defined Truck and Canmentioning

confidence: 99%

CANLay: A Network Virtualized Testbed for Vehicle Systems – Improving System Integration and Verification Efforts

Jepson,

Mukherjee,

Span

et al. 2023

INCOSE International Symp

View full text Add to dashboard Cite

Integration and Verification activities for cyber physical system networks is a complex task requiring multiple iterations of hardware and software configurations and topologies. Such testing is crucial for the system's functionality, safety, and security during operation. A proficient approach to swiftly generate various testing setups is to employ a software‐defined system, vehicle in this case, and encapsulate in‐vehicle networking messages in a switched packet network, like Ethernet. This paper introduces CANLay, the networking foundation of a software‐defined vehicle that serves as a virtualized test bed for in‐vehicle network examination. CANLay carries controller area network data and sensor signals originating from vehicle control units and simulator systems. It functions as a communication medium between a vehicle simulator and real‐world electronic control units situated on distinct network segments. CANLay's efficacy is demonstrated for heavy vehicle network performance testing in a versatile digital engineering environment, facilitating streamlined system integration and verification efforts.

show abstract

“…There has been some effort in addressing these issues with running software simulations of ECUs and networks on the cloud. However, these are often extremely limited and do not represent even a fraction of all attack surfaces of a modern vehicle [12]. More importantly, any hardwarebased weaknesses and vulnerabilities are often completely absent in software-only simulations.…”

Section: Current Security Testing Platformsmentioning

confidence: 99%

CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Kulandaivel

Jain

Guajardo

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

In the automotive security sector, the absence of a testing platform that is configurable, practical, and userfriendly presents considerable challenges. These difficulties are compounded by the intricate design of vehicle systems, the rapid evolution of attack vectors, and the absence of standardized testing methodologies. We propose a nextgeneration testing platform that addresses several challenges in vehicle cybersecurity testing and research domains. In this paper, we detail how the Vehicle Security Engineering Cloud (VSEC) Test platform enables easier access to test beds for efficient vehicle cybersecurity testing and advanced (e.g., penetration, fuzz) testing and how we extend such test beds to benefit automotive security research. We highlight methodology on how to use this platform for a variety of users and use cases with real implemented examples.

show abstract

Automotive Cybersecurity Testing: Survey of Testbeds and Methods

Cited by 10 publications

References 36 publications

Survey of Model-Based Security Testing Approaches in the Automotive Domain

Survey of Model-Based Security Testing Approaches in the Automotive Domain

CANLay: A Network Virtualized Testbed for Vehicle Systems – Improving System Integration and Verification Efforts

CANNON: Reliable and Stealthy Remote Shutdown Attacks via Unaltered Automotive Microcontrollers

Contact Info

Product

Resources

About