This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Enhancement of Automotive Penetration Testing with Threat Analyses Results
Journal Article
11-01-02-0005
ISSN: 2572-1046, e-ISSN: 2572-1054
Sector:
Topic:
Citation:
Dürrwang, J., Braun, J., Rumez, M., Kriesten, R. et al., "Enhancement of Automotive Penetration Testing with Threat Analyses Results," SAE Int. J. Transp. Cyber. & Privacy 1(2):91-112, 2018, https://doi.org/10.4271/11-01-02-0005.
Language:
English
Abstract:
In this work, we present an approach to support penetration tests by combining safety and security analyses to enhance automotive security testing. Our approach includes a new way to combine safety and threat analyses to derive possible test cases. We reuse outcomes of a performed safety analysis as the input for a threat analysis. We show systematically how to derive test cases, and we present the applicability of our approach by deriving and performing test cases for a penetration test of an automotive electronic control unit (ECU). Therefore, we selected an airbag control unit due to its safety-critical functionality. During the penetration test, the selected control unit was installed on a test bench, and we were able to successfully exploit a discovered vulnerability, causing the detonation of airbags.
Recommended Content
Technical Paper | Hardware/Software Co-Design of an Automotive Embedded Firewall |
Ground Vehicle Standard | V2X Communications Message Set Dictionary |
Technical Paper | Model Based Development of Automotive Human Machine Interfaces |