An Agnostic Domain Specific Language for Implementing Attacks in an Automotive Use Case

TL;DR

This paper introduces a generic, system-agnostic domain-specific language for describing cyber attacks, enabling automated testing across various automotive systems to improve security assessment and robustness.

Contribution

It presents a novel DSL for attack description that is adaptable to different systems and integrates with a test case generator for automated attack implementation.

Findings

DSL enables system-agnostic attack descriptions

Automates attack generation for multiple automotive systems

Supports enhanced security testing and evaluation

Abstract

This paper presents a Domain Specific Language (DSL) for generically describing cyber attacks, agnostic to specific system-under-test(SUT). The creation of the presented DSL is motivated by an automotive use case. The concepts of the DSL are generic such thatattacks on arbitrary systems can be addressed.The ongoing trend to improve the user experience of vehicles with connected services implies an enhanced connectivity as well asremote accessible interface opens potential attack vectors. This might also impact safety and the proprietary nature of potential SUTs.Reusing tests of attack vectors to industrialize testing them on multiple SUTs mandates an abstraction mechanism to port an attackfrom one system to another. The DSL therefore generically describes attacks for the usage with a test case generator (and executionenvironment) also described in this paper. The latter use this description and a database with SUT-specific information to generateattack implementations for a multitude of different (automotive) SUTs.