A Process to Facilitate Automated Automotive Cybersecurity Testing

TL;DR

This paper proposes a structured, flexible process for automating cybersecurity testing in modern vehicles, addressing the need for standardized, efficient, and comparable validation methods amid increasing vehicle digitalization.

Contribution

It introduces a novel structured testing process for automotive cybersecurity that is adaptable to various tools, filling a gap in existing standardization efforts.

Findings

Framework supports diverse toolsets and standards

Enhances testing efficiency and comparability

Addresses gap in standardized automotive cybersecurity validation

Abstract

Modern vehicles become increasingly digitalized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and interconnected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow implementers to utilize their own, accustomed toolsets.