From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling

Stefan Marksteiner (Vortragende:r), Christoph Schmittner (Autor:in und Vortragende:r), Korbinian Christl, Dejan Nickovic, Mikael Sjödin, Marjan Sirjani

Publikation: Beitrag in Buch oder TagungsbandVortrag mit Beitrag in TagungsbandBegutachtung


The United Nations Economic Commission for Europe (UNECE) demands the management of cyber security risks in vehicle design and that the effectiveness of these measures is verified by testing. Generally, with rising complexity and openness of systems via software-defined vehicles, verification through testing becomes a very important for security assurance. This mandates the introduction of industrial-grade cybersecurity testing in automotive development processes. Currently, the automotive cybersecurity testing procedures are not specified or automated enough to be able to deliver tests in the amount and thoroughness needed to keep up with that regulation, let alone doing so in a cost-efficient manner. This paper presents a methodology to automatically generate technology-agnostic test scenarios from the results of threat analysis and risk assessment (TARA) process. Our approach is to transfer the resulting threat models into attack trees and label their edges using actions from a domain-specific language (DSL) for attack descriptions. This results in a labelled transitions system (LTS), in which every labelled path intrinsically forms a test scenario. In addition, we include the concept of Cybersecurity Assurance Levels (CALs) and Targeted Attack Feasibility (TAF) into testing by assigning them as costs to the attack path. This abstract test scenario can be compiled into a concrete test case by augmenting it with implementation details. Therefore, the efficacy of the measures taken because of the TARA can be verified and documented. As TARA is a de-facto mandatory step in the UNECE regulation and the relevant ISO standard, automatic test generation (also mandatory) out of it could mean a significant improvement in efficiency, as two steps could be done at once.
TitelProceedings of the 7th ACM Computer Science in Cars Symposium, CSCS 2023, Darmstadt, Germany, 5 December 2023
Redakteure/-innenBjörn Brücher, Christoph Krauß, Mario Fritz, Hans Joachim Hof, Oliver Wasenmüller
PublikationsstatusVeröffentlicht - 5 Dez. 2023
VeranstaltungCSCS '23: Computer Science in Cars Symposium - Darmstadt , Darmstadt , Deutschland
Dauer: 5 Dez. 2023 → …


SonstigesCSCS '23: Computer Science in Cars Symposium
Zeitraum5/12/23 → …

Research Field

  • Dependable Systems Engineering


Untersuchen Sie die Forschungsthemen von „From TARA to Test: Automated Automotive Cybersecurity Test Generation Out of Threat Modeling“. Zusammen bilden sie einen einzigartigen Fingerprint.

Diese Publikation zitieren