A Model-Based Security Testing Approach for Automotive Over-The-Air Updates

Research output: Chapter in Book/Report/Conference proceedingConference proceeding

3 Downloads (Pure)

Abstract

Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.
Original languageEnglish
Title of host publicationProceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020
PublisherIEEE
Pages6-13
Number of pages8
Volume(In-press)
ISBN (Electronic)978-1-7281-1075-2
ISBN (Print)978-1-7281-1076-9
DOIs
Publication statusPublished - Oct 2020
Event16th Workshop on Advances in Model Based Testing (A-MOST 2020) - Porto, Portugal
Duration: 23 Mar 202027 Mar 2020

Publication series

NameProceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020

Workshop

Workshop16th Workshop on Advances in Model Based Testing (A-MOST 2020)
Abbreviated titleICST2020
CountryPortugal
CityPorto
Period23/03/2027/03/20

Keywords

  • OTA
  • attack tree
  • automotive
  • cybersecurity
  • model-based security testing
  • over-the-air updates
  • testbed
  • testing
  • testing approach

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Modelling and Simulation

Fingerprint Dive into the research topics of 'A Model-Based Security Testing Approach for Automotive Over-The-Air Updates'. Together they form a unique fingerprint.

  • Cite this

    Mahmood, S., Fouillade, A., Nguyen, H. N., & Shaikh, S. (2020). A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. In Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020 (Vol. (In-press), pp. 6-13). [9155945] (Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020). IEEE. https://doi.org/10.1109/ICSTW50294.2020.00019