Markus Wolf

Stefan Marksteiner, Slava Bronfman, Markus Wolf et al.

Cybersecurity testing of automotive systems has become a practical necessity, with the wide adoption of advanced driving assistance functions and vehicular communications. These functionalities require the integration of information and communication technologies that not only allow for a plethora of on-the-fly configuration abilities, but also provide a huge surface for attacks. Theses circumstances have also been recognized by standardization and regulation bodies, making the need for not only proper cybersecurity engineering but also proving the effectiveness of security measures by verification and validation through testing also a formal necessity. In order to keep pace with the rapidly growing demand of neutral-party security testing of vehicular systems, novel approaches are needed. This paper therefore presents a methodology to create and execute cybersecurity test cases on the fly in a black box setting by using pattern matching-based binary analysis and translation mechanisms to formal attack descriptions as well as model-checking techniques. The approach is intended to generate meaningful attack vectors on a system with next-to-zero a priori knowledge.

Christian Wolschke, Stefan Marksteiner, Tobias Braun et al.

This paper presents a Domain Specific Language (DSL) for generically describing cyber attacks, agnostic to specific system-under-test(SUT). The creation of the presented DSL is motivated by an automotive use case. The concepts of the DSL are generic such thatattacks on arbitrary systems can be addressed.The ongoing trend to improve the user experience of vehicles with connected services implies an enhanced connectivity as well asremote accessible interface opens potential attack vectors. This might also impact safety and the proprietary nature of potential SUTs.Reusing tests of attack vectors to industrialize testing them on multiple SUTs mandates an abstraction mechanism to port an attackfrom one system to another. The DSL therefore generically describes attacks for the usage with a test case generator (and executionenvironment) also described in this paper. The latter use this description and a database with SUT-specific information to generateattack implementations for a multitude of different (automotive) SUTs.