An Agnostic Domain Specific Language for Implementing Attacks in an Automotive Use Case
This addresses the problem of efficient and scalable cybersecurity testing for automotive systems with enhanced connectivity, though it is incremental as it builds on existing DSL and testing concepts.
The paper tackles the challenge of reusing cyber attack tests across different automotive systems by introducing a Domain Specific Language (DSL) that generically describes attacks, enabling portability and industrialization of testing through a test case generator.
This paper presents a Domain Specific Language (DSL) for generically describing cyber attacks, agnostic to specific system-under-test(SUT). The creation of the presented DSL is motivated by an automotive use case. The concepts of the DSL are generic such thatattacks on arbitrary systems can be addressed.The ongoing trend to improve the user experience of vehicles with connected services implies an enhanced connectivity as well asremote accessible interface opens potential attack vectors. This might also impact safety and the proprietary nature of potential SUTs.Reusing tests of attack vectors to industrialize testing them on multiple SUTs mandates an abstraction mechanism to port an attackfrom one system to another. The DSL therefore generically describes attacks for the usage with a test case generator (and executionenvironment) also described in this paper. The latter use this description and a database with SUT-specific information to generateattack implementations for a multitude of different (automotive) SUTs.