JUCS - Journal of Universal Computer Science 27(8): 850-867, doi: 10.3897/jucs.71833
Cybersecurity Verification and Validation Testing in Automotive
expand article infoDamjan Ekert, Jürgen Dobaj§, Alen Salamun|
‡ ISCN GesmbH Entwicklung, Graz, Austria§ TU Graz, Graz, Austria| Real Security, Maribor, Slovenia
Open Access

The new generations of cars have a number of ECUs (Electronic Control Units) which are connected to a central gateway and need to pass cybersecurity integration tests to fulfil the homologation requirements of cars. Cars usually have a gateway server (few have additional domain servers) with Linux and a large number of ECUs which are real time control of actuators (ESP, EPS, ABS, etc. – usually they are multicore embedded controllers) connected by a real time automotive specific bus (CAN-FD) to the domain controller or gateway server. The norms (SAE J3061, ISO 21434) require cybersecurity related verification and validation. Fir the verification car manufacturers use a network test suite which runs > 2000 test cases and which have to be passed for homologation. These norms have impact on the way how car communication infrastructure is tested, and which cybersecurity attack patterns are checked before a road release of an ECU/car.

This paper describes typical verification and validation approaches in modern vehicles and how such test cases are derived and developed.

Automotive Cybersecurity, Verification, Validation, Best Practice Design Patterns