A Model-Based Security Testing Approach for Automotive Over-The-Air Updates

Shahid Mahmood, Alexy Fouillade, Hoang Nga Nguyen, Siraj Shaikh

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    5 Citations (Scopus)
    190 Downloads (Pure)

    Abstract

    Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.
    Original languageEnglish
    Title of host publicationProceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020
    PublisherIEEE
    Pages6-13
    Number of pages8
    Volume(In-press)
    ISBN (Electronic)978-1-7281-1075-2
    ISBN (Print)978-1-7281-1076-9
    DOIs
    Publication statusPublished - Oct 2020
    Event16th Workshop on Advances in Model Based Testing (A-MOST 2020) - Porto, Portugal
    Duration: 23 Mar 202027 Mar 2020

    Publication series

    NameProceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020

    Workshop

    Workshop16th Workshop on Advances in Model Based Testing (A-MOST 2020)
    Abbreviated titleICST2020
    Country/TerritoryPortugal
    CityPorto
    Period23/03/2027/03/20

    Keywords

    • OTA
    • attack tree
    • automotive
    • cybersecurity
    • model-based security testing
    • over-the-air updates
    • testbed
    • testing
    • testing approach

    ASJC Scopus subject areas

    • Software
    • Safety, Risk, Reliability and Quality
    • Modelling and Simulation

    Fingerprint

    Dive into the research topics of 'A Model-Based Security Testing Approach for Automotive Over-The-Air Updates'. Together they form a unique fingerprint.

    Cite this