HORIBA MIRA (Uk)
TRACK 3: Rails and Roads 18 October – 12:15-13:00
Automotive Cyber Security and Penetration Testing
Demonstrated attacks on vehicles have shown that security testing is essential. However, security testing is difficult. This difficulty is compounded by operational and design factors and practices that feature in the automotive industry.
We have proposed here a systematic security evaluation that takes into account some of these factors (such as the fact that the system is usually a black box), using penetration testing and attack tree methodology as supporting mechanisms.
Results from experimentation in this study showed that there is a technological lag in the computing aspects to a vehicle compared to what might be available in other analogous domains, and that a systematic evaluation is able to find weaknesses and exploits that could be designed out.
A discussion of implications and steps forward follow, including thoughts on extended methods that would allow for more formal model based testing or analysis to confer additional rigour and in accordance with emergent standards.
Madeline Cheah is currently a Senior Cyber Security Analyst at HORIBA MIRA. She started her current role after having completed a PhD in Automotive Cybersecurity, with a focus on systematic security evaluations on automotive interfaces and all the processes (formal or informal) that might be inherent in such a framework. Her contributions have been published in peer-reviewed papers and she is a regular speaker at cybersecurity events. Her research interests currently lie in high assurance methods for black-box testing, penetration testing and digital forensics.