Cybersecurity verification and validation testing in automotive

Damjan Ekert, Jürgen Dobaj, Alen Salamun

Research output: Contribution to journalArticlepeer-review


The new generations of cars have a number of ECUs (Electronic Control Units) which are connected to a central gateway and need to pass cybersecurity integration tests to fulfil the homologation requirements of cars. Cars usually have a gateway server (few have additional domain servers) with Linux and a large number of ECUs which are real time control of actuators (ESP, EPS, ABS, etc. – usually they are multicore embedded controllers) connected by a real time automotive specific bus (CAN-FD) to the domain controller or gateway server. The norms (SAE J3061, ISO 21434) require cybersecurity related verification and validation. Fir the verification car manufacturers use a network test suite which runs > 2000 test cases and which have to be passed for homologation. These norms have impact on the way how car communication infrastructure is tested, and which cybersecurity attack patterns are checked before a road release of an ECU/car. This paper describes typical verification and validation approaches in modern vehicles and how such test cases are derived and developed.

Original languageEnglish
Pages (from-to)850-867
Number of pages18
JournalJournal of Universal Computer Science
Issue number8
Publication statusPublished - 2021


  • Automotive Cybersecurity
  • Best Practice Design Patterns
  • Validation
  • Verification

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Cybersecurity verification and validation testing in automotive'. Together they form a unique fingerprint.

Cite this