Automated testing of security properties of vehicles

April 01, 2020 //By Christoph Hammerschmidt
Automated testing of security properties of vehicles
Cybersecurity specialist secunet AG (Essen, Germany) is expanding its product portfolio in the field of security analysis. With secunet redbox, security tests of electronic vehicle components can be efficiently automated. Not only in the information acquisition phase of penetration tests for control units can significantly more tests be performed. Vehicle manufacturers, suppliers and third-party providers thus have a basis on which specific and deeper tests can be implemented and further developed.

The automotive industry needs standard tools and methods to secure electronic components in the vehicle against attacks. This is increasingly required by both existing and future international standards for the cyber security of vehicles, such as SAE J3061 and ISO/SAE 21434. One important approach is regular penetration testing, in which commissioned security experts attempt to attack the product in the way hackers would do. Vulnerabilities identified during these attacks can thus be eliminated even before the cars go on sale. It is best practice to prove the effectiveness of such measures by means of a retest after they have been implemented. Up to now, all these tests have been carried out by experts who, due to resource constraints, are often only able to focus on the main features of the most critical control units.

The secunet redbox enables vehicle manufacturers to implement the automatable parts of penetration tests only once, so that they can be used many times afterwards without security experts - according to the required scaling, on more ECUs than before and with the required repetitions in different process steps. The phases relevant for security tests are initial agile development prototypes, supplier milestones (as part of input or acceptance tests), final tests of integration stages, and the start of series production. If information about new types of attacks or vulnerabilities appear in software components in use, situation-dependent tests can be used as part of the ISMS/CSMS.

For users, there are advantages through increased efficiency, simplified test processes, increased development speeds and a permanently increasing test coverage. If the advantages gained are reinvested in more security tests and countermeasures, the result is ultimately an increase in the security level and quality. Finally, the minimum standards can be raised by integrating with existing infrastructures and compiling test catalogues.


Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.