Search Results

Abstract The United Nation Economic Commission for Europe (UNECE) Regulation 155—Cybersecurity and Cybersecurity Management System (UN R155) mandates the development of cybersecurity management systems (CSMS) as part of a vehicle’s lifecycle. ...Due to the focus of R155 and its suggested implementation guideline, ISO/SAE 21434:2021—Road Vehicle Cybersecurity Engineering, mainly centering on the alignment of cybersecurity risk management to the vehicle development lifecycle, there is a gap in knowledge of proscribed activities for validation and verification testing. ...An inherent component of the CSMS is cybersecurity risk management and assessment. Validation and verification testing is a key activity for measuring the effectiveness of risk management, and it is mandated by UN R155 for type approval.

Abstract There are already a number of cybersecurity activities introduced in the development process in the automotive industry. For example, security testing of automotive components is often performed at the late stages of development.

Abstract In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.