@article{c64a1a13209d4029890f4cdcc8bfc659,
title = "Cybersecurity verification and validation testing in automotive",
abstract = "The new generations of cars have a number of ECUs (Electronic Control Units) which are connected to a central gateway and need to pass cybersecurity integration tests to fulfil the homologation requirements of cars. Cars usually have a gateway server (few have additional domain servers) with Linux and a large number of ECUs which are real time control of actuators (ESP, EPS, ABS, etc. – usually they are multicore embedded controllers) connected by a real time automotive specific bus (CAN-FD) to the domain controller or gateway server. The norms (SAE J3061, ISO 21434) require cybersecurity related verification and validation. Fir the verification car manufacturers use a network test suite which runs > 2000 test cases and which have to be passed for homologation. These norms have impact on the way how car communication infrastructure is tested, and which cybersecurity attack patterns are checked before a road release of an ECU/car. This paper describes typical verification and validation approaches in modern vehicles and how such test cases are derived and developed.",
keywords = "Automotive Cybersecurity, Best Practice Design Patterns, Validation, Verification",
author = "Damjan Ekert and J{\"u}rgen Dobaj and Alen Salamun",
note = "Funding Information: We are grateful to the EU Project ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. Funding Information: We are grateful to the guest editors Dr Richard Messnarz from ISCN GesmbH and Dr Georg Macher from TU Graz who are experts of the cybersecurity task force in the German and Austrian working group SOQRATES (soqrates.eurospi.net) and who contributed state of the art experiences in the field. We are grateful to the European Commission which has funded the BLUEPRINT project DRIVES (2018 ? 2021) [Messnarz 2020] [DRIVES 2021] [Stolfa 2020],[Stolfa 2020 2]. In this case the publications reflect the views only of the author(s), and the Commission cannot be held responsible for any use, which may be made of the information contained therein. We are grateful to the EuroSPI community and conference series (www.eurospi.net) in which experts share experiences since 1994 and cybersecurity and JUCS has been promoted and experts from that community submitted papers to this journal. We are grateful to the EU Project ECQA Certified Cybersecurity Engineer and Manager ? Automotive Sector, Erasmus+ Programme, Grant Agreement No. 2020-1-CZ01-KA203-078494. We are grateful to a working party of Automotive suppliers SOQRATES [SOQRATES 2021] (https://soqrates.eurospi.net) who exchange knowledge about such assessment strategies. Funding Information: We are grateful to the guest editors Dr Richard Messnarz from ISCN GesmbH and Dr Georg Macher from TU Graz who are experts of the cybersecurity task force in the German and Austrian working group SOQRATES (soqrates.eurospi.net) and who contributed state of the art experiences in the field. We are grateful to the European Commission which has funded the BLUEPRINT project DRIVES (2018 – 2021) [Messnarz 2020] [DRIVES 2021] [Stolfa 2020],[Stolfa 2020 2]. In this case the publications reflect the views only of the author(s), and the Commission cannot be held responsible for any use, which may be made of the information ocntained etrehin. Publisher Copyright: {\textcopyright} 2021, IICM. All rights reserved.",
year = "2021",
doi = "10.3897/JUCS.71833",
language = "English",
volume = "27",
pages = "850--867",
journal = "Journal of Universal Computer Science ",
issn = "0948-695X",
publisher = "Verlag der Technischen Universit{\"a}t Graz",
number = "8",
}