https://www.mdu.se/

mdu.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling
Mälardalens universitet, Akademin för innovation, design och teknik, Inbyggda system. Avl List GmbH, Graz, Austria.ORCID-id: 0000-0001-8556-1541
Ait Austrian Institute of Technology GmbH, Vienna, Austria.
Ait Austrian Institute of Technology GmbH, Vienna, Austria.
Ait Austrian Institute of Technology GmbH, Vienna, Austria.
Visa övriga samt affilieringar
2023 (Engelska)Ingår i: Proceedings: CSCS 2023 - 7th ACM Computer Science in Cars Symposium, Association for Computing Machinery, Inc , 2023Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The United Nations Economic Commission for Europe (UNECE) demands the management of cyber security risks in vehicle design and that the effectiveness of these measures is verified by testing. Generally, with rising complexity and openness of systems via software-defined vehicles, verification through testing becomes a very important for security assurance. This mandates the introduction of industrial-grade cybersecurity testing in automotive development processes. Currently, the automotive cybersecurity testing procedures are not specified or automated enough to be able to deliver tests in the amount and thoroughness needed to keep up with that regulation, let alone doing so in a cost-efficient manner. This paper presents a methodology to automatically generate technology-agnostic test scenarios from the results of threat analysis and risk assessment (TARA) process. Our approach is to transfer the resulting threat models into attack trees and label their edges using actions from a domain-specific language (DSL) for attack descriptions. This results in a labelled transitions system (LTS), in which every labelled path intrinsically forms a test scenario. In addition, we include the concept of Cybersecurity Assurance Levels (CALs) and Targeted Attack Feasibility (TAF) into testing by assigning them as costs to the attack path. This abstract test scenario can be compiled into a concrete test case by augmenting it with implementation details. Therefore, the efficacy of the measures taken because of the TARA can be verified and documented. As TARA is a de-facto mandatory step in the UNECE regulation and the relevant ISO standard, automatic test generation (also mandatory) out of it could mean a significant improvement in efficiency, as two steps could be done at once.

Ort, förlag, år, upplaga, sidor
Association for Computing Machinery, Inc , 2023.
Nyckelord [en]
Automotive, CAL, Cybersecurity, Life Cycle, TAF, Testing
Nationell ämneskategori
Datorsystem
Identifikatorer
URN: urn:nbn:se:mdh:diva-65679DOI: 10.1145/3631204.3631864ISI: 001150368200005Scopus ID: 2-s2.0-85182016784ISBN: 9798400704543 (tryckt)OAI: oai:DiVA.org:mdh-65679DiVA, id: diva2:1830922
Konferens
7th ACM Computer Science in Cars Symposium, CSCS 2023, Darmstadt, 5 December 2023
Tillgänglig från: 2024-01-24 Skapad: 2024-01-24 Senast uppdaterad: 2024-03-01Bibliografiskt granskad
Ingår i avhandling
1. Model-Driven Security Test Case Generation Using Threat Modeling and Automata Learning
Öppna denna publikation i ny flik eller fönster >>Model-Driven Security Test Case Generation Using Threat Modeling and Automata Learning
2024 (Engelska)Licentiatavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Automotive systems are not only becoming more open through developments like advanced driving assistance functions, autonomous driving, vehicle-to-everything communication and software-defined vehicle functionality, but also more complex. At the same time, technology from standard IT systems become frequently adopted in this setting. These developments have two negative effects on correctness and security: the rising complexity adds potential flaws and vulnerabilities while the increased openness expands attack surfaces and entry points for adversaries. To provide more secure systems, the amount of verifying system security through testing has to be significantly increased, which is also a requirement by international regulation and standards. Due to long supply chains and non-disclosure policies, verification methods often have to operate in a black box setting. This thesis strives therefore towards finding more efficient methods of automating test case generation in both white and black box scenarios. The focus lies on communication protocols used in vehicular systems. The main approaches used are model-based methods. We provide a practical method to automatically obtain behavioral models in the form of state machines of communication protocol implementations in real-world settings using automata learning. We also provide a means to automatically check these implementation models for their compliance with a specification (e.g., from a standard). We furthermore present a technique to automatically derive test-cases to point out found deviations on the actual system.We also present a method to create abstract cybersecurity test case specifications from semi-formal threat models using attack trees. 

Ort, förlag, år, upplaga, sidor
Västerås: Mälardalen University, 2024
Serie
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 355
Nationell ämneskategori
Data- och informationsvetenskap Datavetenskap (datalogi)
Forskningsämne
datavetenskap
Identifikatorer
urn:nbn:se:mdh:diva-66165 (URN)978-91-7485-638-5 (ISBN)
Presentation
2024-04-25, U2-024 och via Teams, Mälardalens universitet, Västerås, 10:00 (Engelska)
Opponent
Handledare
Tillgänglig från: 2024-03-04 Skapad: 2024-03-01 Senast uppdaterad: 2024-04-04Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Marksteiner, StefanSjödin, MikaelSirjani, Marjan

Sök vidare i DiVA

Av författaren/redaktören
Marksteiner, StefanSjödin, MikaelSirjani, Marjan
Av organisationen
Inbyggda system
Datorsystem

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 112 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf