Model-based Security Testing in Automotive Industry

Abstract

The automotive industry is entering a new era as the cars becomes more complex and connected to the Internet. Today a modern car consist of over 100 ECUs and has an Internet connection, which makes the vehicle exposed for malicious attacks. Therefore, the importance of being confident that the system is behaving as intended increases. This thesis survey the state-of-the-art in the model-based security testing (MBST) field and investigates the possibility to apply a MBST approach within the automotive industry, more specific at Volvo Cars Corporation (VCC). The focus is the gateway firewall in the infotainment subsystem which is the protection for incoming and outgoing traffic. It is concluded that it is infeasible at this point to make use of an existing MBST approach. An evaluation of model-based testing tools is conducted which can be used for testing functionality of security mechanisms. However, no model-based testing tool is appropriate at Volvo Cars and a new tool needs to be implemented. The final conclusion is that it is possible to make use of a model-based security testing approach with the new AFT tool, which automatically verifies whether requirements are fulfilled or not. The result is that 10 out of 11 existing requirements at VCC can be covered by the MBST approach.