https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Model-Driven Security Test Case Generation Using Threat Modeling and Automata Learning
Mälardalen University, School of Innovation, Design and Engineering. AVL List GmbH. (Cyber-Physical Systems Analysis)ORCID iD: 0000-0001-8556-1541
2024 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Automotive systems are not only becoming more open through developments like advanced driving assistance functions, autonomous driving, vehicle-to-everything communication and software-defined vehicle functionality, but also more complex. At the same time, technology from standard IT systems become frequently adopted in this setting. These developments have two negative effects on correctness and security: the rising complexity adds potential flaws and vulnerabilities while the increased openness expands attack surfaces and entry points for adversaries. To provide more secure systems, the amount of verifying system security through testing has to be significantly increased, which is also a requirement by international regulation and standards. Due to long supply chains and non-disclosure policies, verification methods often have to operate in a black box setting. This thesis strives therefore towards finding more efficient methods of automating test case generation in both white and black box scenarios. The focus lies on communication protocols used in vehicular systems. The main approaches used are model-based methods. We provide a practical method to automatically obtain behavioral models in the form of state machines of communication protocol implementations in real-world settings using automata learning. We also provide a means to automatically check these implementation models for their compliance with a specification (e.g., from a standard). We furthermore present a technique to automatically derive test-cases to point out found deviations on the actual system.We also present a method to create abstract cybersecurity test case specifications from semi-formal threat models using attack trees. 

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2024.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 355
National Category
Computer and Information Sciences Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-66165ISBN: 978-91-7485-638-5 (print)OAI: oai:DiVA.org:mdh-66165DiVA, id: diva2:1842044
Presentation
2024-04-25, U2-024 och via Teams, Mälardalens universitet, Västerås, 10:00 (English)
Opponent
Supervisors
Available from: 2024-03-04 Created: 2024-03-01 Last updated: 2024-04-04Bibliographically approved
List of papers
1. A Systematic Approach to Automotive Security
Open this publication in new window or tab >>A Systematic Approach to Automotive Security
Show others...
2023 (English)In: Lecture Notes in Computer Science, vol 14000, Springer Science and Business Media Deutschland GmbH , 2023, p. 598-609Conference paper, Published paper (Refereed)
Abstract [en]

We propose a holistic methodology for designing automotive systems that consider security a central concern at every design stage. During the concept design, we model the system architecture and define the security attributes of its components. We perform threat analysis on the system model to identify structural security issues. From that analysis, we derive attack trees that define recipes describing steps to successfully attack the system’s assets and propose threat prevention measures. The attack tree allows us to derive a verification and validation (V &V) plan, which prioritizes the testing effort. In particular, we advocate using learning for testing approaches for the black-box components. It consists of inferring a finite state model of the black-box component from its execution traces. This model can then be used to generate new relevant tests, model check it against requirements, and compare two different implementations of the same protocol. We illustrate the methodology with an automotive infotainment system example. Using the advocated approach, we could also document unexpected and potentially critical behavior in our example systems. 

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2023
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 14000
Keywords
Cybersecurity, Attack tree, Automotive Systems, Automotives, Black-box components, Concept designs, Cyber security, Design stage, Security attributes, Systems architecture, Threat, Black-box testing, Automotive, Testing, Threats
National Category
Software Engineering
Identifiers
urn:nbn:se:mdh:diva-62185 (URN)10.1007/978-3-031-27481-7_34 (DOI)000999132100034 ()2-s2.0-85151056923 (Scopus ID)9783031274800 (ISBN)
Conference
25th International Symposium on Formal Methods, FM 2023, Lübeck, 6 March 2023 through 10 March 2023
Available from: 2023-04-05 Created: 2023-04-05 Last updated: 2024-03-01Bibliographically approved
2. Approaches for Automating Cybersecurity Testing of Connected Vehicles
Open this publication in new window or tab >>Approaches for Automating Cybersecurity Testing of Connected Vehicles
2024 (English)In: Intelligent Secure Trustable Things / [ed] M. Karner et al., Cham: Springer, 2024Chapter in book (Refereed)
Abstract [en]

Vehicles are on the verge building highly networked and interconnected systems with each other. Thisrequires open architectures with standardized interfaces. These interfaces provide huge surfaces forpotential threats from cyber attacks. Regulators therefore demand to mitigate these risks using structuredsecurity engineering processes. Testing the effectiveness of this measures, on the other hand, is lessstandardized. To fill this gap, this book chapter contains an approach for structured and comprehensivecybersecurity testing of contemporary vehicular systems. It gives an overview of how to define securesystems and contains specific approaches for (semi-)automated cybersecurity testing of vehicular systems,including model-based testing and the description of an automated platform for executing tests.

Place, publisher, year, edition, pages
Cham: Springer, 2024
Series
Studies in Computational Intelligence, ISSN 1860-949X, E-ISSN 1860-9503 ; 1147
National Category
Vehicle Engineering Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-66161 (URN)10.1007/978-3-031-54049-3_13 (DOI)
Funder
European Commission
Available from: 2024-03-01 Created: 2024-03-01 Last updated: 2024-03-06Bibliographically approved
3. Using Automata Learning for Compliance Evaluation of Communication Protocols on an NFC Handshake Example
Open this publication in new window or tab >>Using Automata Learning for Compliance Evaluation of Communication Protocols on an NFC Handshake Example
2024 (English)In: Lecture Notes in Computer Science, Springer Science and Business Media Deutschland GmbH , 2024, p. 170-190Conference paper, Published paper (Refereed)
Abstract [en]

Near-Field Communication (NFC) is a widely adopted standard for embedded low-power devices in very close proximity. In order to ensure a correct system, it has to comply to the ISO/IEC 14443 standard. This paper concentrates on the low-level part of the protocol (ISO/IEC 14443-3) and presents a method and a practical implementation that complements traditional conformance testing. We infer a Mealy state machine of the system-under-test using active automata learning. This automaton is checked for bisimulation with a specification automaton modelled after the standard, which provides a strong verdict of conformance or non-conformance. As a by-product, we share some observations of the performance of different learning algorithms and calibrations in the specific setting of ISO/IEC 14443-3, which is the difficulty to learn models of system that a) consist of two very similar structures and b) very frequently give no answer (i.e. a timeout as an output).

Place, publisher, year, edition, pages
Springer Science and Business Media Deutschland GmbH, 2024
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 14390 LNCS
Keywords
Automata Learning, Bisimulation, Formal Methods, NFC, Protocol Compliance, Automata theory, ISO Standards, Learning algorithms, Learning systems, Near field communication, Automaton learning, Bisimulations, Close proximity, Communications protocols, Compliance evaluations, Conformance testing, ISO/IEC-14443, Low-power devices, Near-field communication
National Category
Computer Sciences
Identifiers
urn:nbn:se:mdh:diva-65246 (URN)10.1007/978-3-031-49252-5_13 (DOI)2-s2.0-85180149916 (Scopus ID)9783031492518 (ISBN)
Conference
8th International Conference on Engineering of Computer-Based Systems, ECBS 2023, Västerås, 16 October 2023 through 18 October 2023
Available from: 2024-01-03 Created: 2024-01-03 Last updated: 2024-03-01Bibliographically approved
4. From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling
Open this publication in new window or tab >>From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling
Show others...
2023 (English)In: Proceedings: CSCS 2023 - 7th ACM Computer Science in Cars Symposium, Association for Computing Machinery, Inc , 2023Conference paper, Published paper (Refereed)
Abstract [en]

The United Nations Economic Commission for Europe (UNECE) demands the management of cyber security risks in vehicle design and that the effectiveness of these measures is verified by testing. Generally, with rising complexity and openness of systems via software-defined vehicles, verification through testing becomes a very important for security assurance. This mandates the introduction of industrial-grade cybersecurity testing in automotive development processes. Currently, the automotive cybersecurity testing procedures are not specified or automated enough to be able to deliver tests in the amount and thoroughness needed to keep up with that regulation, let alone doing so in a cost-efficient manner. This paper presents a methodology to automatically generate technology-agnostic test scenarios from the results of threat analysis and risk assessment (TARA) process. Our approach is to transfer the resulting threat models into attack trees and label their edges using actions from a domain-specific language (DSL) for attack descriptions. This results in a labelled transitions system (LTS), in which every labelled path intrinsically forms a test scenario. In addition, we include the concept of Cybersecurity Assurance Levels (CALs) and Targeted Attack Feasibility (TAF) into testing by assigning them as costs to the attack path. This abstract test scenario can be compiled into a concrete test case by augmenting it with implementation details. Therefore, the efficacy of the measures taken because of the TARA can be verified and documented. As TARA is a de-facto mandatory step in the UNECE regulation and the relevant ISO standard, automatic test generation (also mandatory) out of it could mean a significant improvement in efficiency, as two steps could be done at once.

Place, publisher, year, edition, pages
Association for Computing Machinery, Inc, 2023
Keywords
Automotive, CAL, Cybersecurity, Life Cycle, TAF, Testing
National Category
Computer Systems
Identifiers
urn:nbn:se:mdh:diva-65679 (URN)10.1145/3631204.3631864 (DOI)001150368200005 ()2-s2.0-85182016784 (Scopus ID)9798400704543 (ISBN)
Conference
7th ACM Computer Science in Cars Symposium, CSCS 2023, Darmstadt, 5 December 2023
Available from: 2024-01-24 Created: 2024-01-24 Last updated: 2024-03-01Bibliographically approved

Open Access in DiVA

fulltext(1279 kB)31 downloads
File information
File name FULLTEXT02.pdfFile size 1279 kBChecksum SHA-512
e0453757c7f2cce1133a3435ad92dea419211a5ff55956aec8771beba7f8b08ded8e8fed64d835eafea4fdf0b1b71d3208d7824e95cce9603461f350f06d3518
Type fulltextMimetype application/pdf

Authority records

Marksteiner, Stefan

Search in DiVA

By author/editor
Marksteiner, Stefan
By organisation
School of Innovation, Design and Engineering
Computer and Information SciencesComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 31 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 357 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf