A Model-Based Security Testing Approach for Automotive  Over-The-Air Updates

Shahid Mahmood; Alexy Fouillade; Hoang Nga Nguyen; Siraj Shaikh

doi:10.1109/ICSTW50294.2020.00019

A Model-Based Security Testing Approach for Automotive Over-The-Air Updates

Shahid Mahmood, Alexy Fouillade, Hoang Nga Nguyen, Siraj Shaikh

École supérieure d'électronique de l'Ouest

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

7 Citations (Scopus)

258 Downloads (Pure)

Abstract

Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.

Original language	English
Title of host publication	Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020
Publisher	IEEE
Pages	6-13
Number of pages	8
Volume	(In-press)
ISBN (Electronic)	978-1-7281-1075-2
ISBN (Print)	978-1-7281-1076-9
DOIs	https://doi.org/10.1109/ICSTW50294.2020.00019
Publication status	Published - Oct 2020
Event	16th Workshop on Advances in Model Based Testing (A-MOST 2020) - Porto, Portugal Duration: 23 Mar 2020 → 27 Mar 2020

Publication series

Name	Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020

Workshop

Workshop	16th Workshop on Advances in Model Based Testing (A-MOST 2020)
Abbreviated title	ICST2020
Country/Territory	Portugal
City	Porto
Period	23/03/20 → 27/03/20

Keywords

OTA
attack tree
automotive
cybersecurity
model-based security testing
over-the-air updates
testbed
testing
testing approach

ASJC Scopus subject areas

Software
Safety, Risk, Reliability and Quality
Modelling and Simulation

Access to Document

10.1109/ICSTW50294.2020.00019

Post-PrintAccepted author manuscript, 0.99 MBLicence: Unspecified

Cite this

Mahmood, S., Fouillade, A., Nguyen, H. N., & Shaikh, S. (2020). A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. In Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020 (Vol. (In-press), pp. 6-13). Article 9155945 (Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020). IEEE. Advance online publication. https://doi.org/10.1109/ICSTW50294.2020.00019

A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. / Mahmood, Shahid; Fouillade, Alexy; Nguyen, Hoang Nga et al.
Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020. Vol. (In-press) IEEE, 2020. p. 6-13 9155945 (Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding › peer-review

Mahmood, S, Fouillade, A, Nguyen, HN & Shaikh, S 2020, A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. in Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020. vol. (In-press), 9155945, Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020, IEEE, pp. 6-13, 16th Workshop on Advances in Model Based Testing (A-MOST 2020), Porto, Portugal, 23/03/20. https://doi.org/10.1109/ICSTW50294.2020.00019

Mahmood S, Fouillade A, Nguyen HN, Shaikh S. A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. In Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020. Vol. (In-press). IEEE. 2020. p. 6-13. 9155945. (Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020). Epub 2020 Aug 4. doi: 10.1109/ICSTW50294.2020.00019

Mahmood, Shahid ; Fouillade, Alexy ; Nguyen, Hoang Nga et al. / A Model-Based Security Testing Approach for Automotive Over-The-Air Updates. Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020. Vol. (In-press) IEEE, 2020. pp. 6-13 (Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020).

@inproceedings{3d6cda91ad224fc482909f3706d19f81,

title = "A Model-Based Security Testing Approach for Automotive Over-The-Air Updates",

abstract = "Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.",

keywords = "OTA, attack tree, automotive, cybersecurity, model-based security testing, over-the-air updates, testbed, testing, testing approach",

author = "Shahid Mahmood and Alexy Fouillade and Nguyen, {Hoang Nga} and Siraj Shaikh",

year = "2020",

month = oct,

doi = "10.1109/ICSTW50294.2020.00019",

language = "English",

isbn = "978-1-7281-1076-9",

volume = "(In-press)",

series = "Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020",

publisher = "IEEE",

pages = "6--13",

booktitle = "Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020",

address = "United States",

note = "16th Workshop on Advances in Model Based Testing (A-MOST 2020), ICST2020 ; Conference date: 23-03-2020 Through 27-03-2020",

}

TY - GEN

T1 - A Model-Based Security Testing Approach for Automotive Over-The-Air Updates

AU - Mahmood, Shahid

AU - Fouillade, Alexy

AU - Nguyen, Hoang Nga

AU - Shaikh, Siraj

PY - 2020/10

Y1 - 2020/10

N2 - Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.

AB - Modern connected cars are exposed to various cybersecurity threats due to the sophisticated computing and connectivity technologies they host for providing enhanced user experience for their occupants by offering numerous innovative applications. While prior studies exist that explore cybersecurity challenges, tools and techniques for automotive systems, over-the-air (OTA) software updates for automobiles can be exploited by the attackers to compromise vehicle security and safety has not been covered extensively. This paper presents our Model-Based Security Testing (MBST) approach, designed for cybersecurity evaluation of the OTA update system for automobiles, which has an integrated testbed and a software tool that is capable of automatically generating and executing test cases by using attack trees as an input. Integrating threat modelling in the testing provides several benefits, including clear and systematic identification of different threats. Automation of the test-case generation and execution has the obvious benefits of saving time and manual effort, as manual test-case generation is both a time-consuming and error-prone process (especially, when the testing involves several test-cases). A simple simulated attack is used to demonstrate the validity and effectiveness of our testing approach. To the best of our knowledge, there is no prior research that uses a testing approach similar to our approach for automotive OTA security evaluation.

KW - OTA

KW - attack tree

KW - automotive

KW - cybersecurity

KW - model-based security testing

KW - over-the-air updates

KW - testbed

KW - testing

KW - testing approach

UR - http://www.scopus.com/inward/record.url?scp=85091756308&partnerID=8YFLogxK

U2 - 10.1109/ICSTW50294.2020.00019

DO - 10.1109/ICSTW50294.2020.00019

M3 - Conference proceeding

SN - 978-1-7281-1076-9

VL - (In-press)

T3 - Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020

SP - 6

EP - 13

BT - Proceedings - 2020 IEEE 13th International Conference on Software Testing, Verification and Validation Workshops, ICSTW 2020

PB - IEEE

T2 - 16th Workshop on Advances in Model Based Testing (A-MOST 2020)

Y2 - 23 March 2020 through 27 March 2020

ER -