This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Cybersecurity Testing and Validation
ISSN: 0148-7191, e-ISSN: 2688-3627
Published March 28, 2017 by SAE International in United States
This content contains downloadable datasetsAnnotation ability available
An essential part of an effective cybersecurity engineering process is testing the implementation of a system for vulnerabilities and validating the effectiveness of countermeasures. The SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems provides a recommended framework which organizations can use to implement a cybersecurity engineering process, which includes activities such as integration and testing, penetration testing and verification/validation of cybersecurity requirements at the hardware, software and system levels. This presentation explores the different kinds of testing that are appropriate at each of these process steps and discusses some important differences between cybersecurity testing and more familiar forms of testing. We also consider the necessary scope and depth of cybersecurity testing and suggest examples of how this can be related to cybersecurity requirements, goals and integrity levels, as determined by the threat analysis and risk assessment.
CitationWooderson, P. and Ward, D., "Cybersecurity Testing and Validation," SAE Technical Paper 2017-01-1655, 2017, https://doi.org/10.4271/2017-01-1655.
Data Sets - Support Documents
|Unnamed Dataset 1|
- SAE Recommended Practice J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems Jan. 2016
- Road vehicles — Functional safety 2011
- Common Criteria for Information Technology Security Evaluation 2012 http://www.commoncriteriaportal.org/cc/ 21 Oct. 2016
- Information technology — Security techniques – Evaluation criteria for IT security
- Common Methodology for Information Technology Security Evaluation 2012 http://www.commoncriteriaportal.org/cc/ 21 Oct. 2016
- Common Vulnerabilities and Exposures https://cve.mitre.org/ 21 Oct. 2016
- Schneier , B. , Attack Trees Dec. 1999 https://www.schneier.com/academic/archives/1999/12/attack_trees.html 21 Oct. 2016
- SOGIS Supporting Documents http://www.sogisportal.eu/uk/supporting_doc_en.html 28 Oct 2016
- Rosenfeld , K. , Karri , R. Attacks and Defenses for JTAG IEEE Design & Test of Computers 2009
- Mazloom , S. , Rezaeirad , M. , Hunter , A. , McCoy , D. A security analysis of an in vehicle infotainment and app platform WOOT'16 Proceedings of the 10th USENIX Conference on Offensive Technologies 2016
- Eisenbarth , T. , Physical Cryptanalysis of KeeLoq Code Hopping Applications Cryptology ePrint Archive Report 2008/058 2008
- Ruddle , A. , EVITA Project, Deliverable D2.3: Security requirements for automotive on-board networks based on dark-side scenarios 2009