Corresponding author: Damjan Ekert ( dekert@iscn.com ) © Damjan Ekert, Jürgen Dobaj, Alen Salamun. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY-ND 4.0). This license allows reusers to copy and distribute the material in any medium or format in unadapted form only, and only so long as attribution is given to the creator. The license allows for commercial use. Citation:
Ekert D, Dobaj J, Salamun A (2021) Cybersecurity Verification and Validation Testing in Automotive. JUCS - Journal of Universal Computer Science 27(8): 850-867. https://doi.org/10.3897/jucs.71833 |
The new generations of cars have a number of ECUs (Electronic Control Units) which are connected to a central gateway and need to pass cybersecurity integration tests to fulfil the homologation requirements of cars. Cars usually have a gateway server (few have additional domain servers) with Linux and a large number of ECUs which are real time control of actuators (ESP, EPS, ABS, etc. – usually they are multicore embedded controllers) connected by a real time automotive specific bus (CAN-FD) to the domain controller or gateway server. The norms (SAE J3061, ISO 21434) require cybersecurity related verification and validation. Fir the verification car manufacturers use a network test suite which runs > 2000 test cases and which have to be passed for homologation. These norms have impact on the way how car communication infrastructure is tested, and which cybersecurity attack patterns are checked before a road release of an ECU/car.
This paper describes typical verification and validation approaches in modern vehicles and how such test cases are derived and developed.