Using a Cyber Digital Twin for Continuous Automotive Security Requirements Verification
This addresses security verification for automotive systems, offering a continuous and automated method, though it appears incremental as it applies existing DT concepts to a new domain.
The paper tackles the problem of verifying security requirements in automotive software by introducing a Cyber Digital Twin (CDT) approach, which detected an average of about 600 known vulnerabilities and 80 unknown weaknesses per firmware in pre-production phases.
A Digital Twin (DT) is a digital representation of a physical object used to simulate it before it is built or to predict failures after the object is deployed. In this article, we introduce our approach, which applies the concept of a Cyber Digital Twin (CDT) to automotive software for the purpose of security analysis. In our approach, automotive firmware is transformed into a CDT, which contains automatically extracted, security-relevant information from the firmware. Based on the CDT, we evaluate security requirements through automated analysis and requirements verification using policy enforcement checks and vulnerabilities detection. The evaluation of a CDT is conducted continuously integrating new checks derived from new security requirements and from newly disclosed vulnerabilities. We applied our approach to about 100 automotive firmwares. In average, about 600 publicly disclosed vulnerabilities and 80 unknown weaknesses were detected per firmware in the pre-production phase. Therefore, the use of a CDT enables efficient continuous verification of security requirements.