An Open Software-Based Framework for Automotive Cybersecurity Testing

Abstract

With the rise of cyberattacks in the last years, cybersecurity is of high importance in the context of the automotive domain [10, 22]. As current cars are more connected and reliant on embedded system technologies, the need for security engineering has tremendously accelerated. While ISO/SAE 21434 is available as a security engineering standard for the domain, frameworks and tools for cybersecurity training and testing of concepts are scarce. Automotive cybersecurity testbeds provide a specified and controlled environment for testing, evaluating, and learning cybersecurity solutions for vehicles, allowing researchers and engineers to be trained and upskill faster. Therefore, this work focuses on an embedded automotive systems framework for cybersecurity testing. The presented framework simulates a CAN controller network and allows researchers and engineers to test attack vectors and mitigation methods in a simulated environment, providing also basic implementations for the most common attack types. The presented framework is extendable for training and testing purposes with series controllers and real-world demonstrators.