A common challenge in verifying security requirements is that they are often abstract and, thereby, underspecified.1 Examples of such security requirements in the automotive domain are those provided by United Nations Regulation 155 (UN R155) WP.292 and the ISO/SAE 21434 standard.3 These mostly prescribe processes and methods but do not specify how security can be achieved in a concrete system. This leads to various problems in the development and quality assurance of these systems. Cruzes et al.4 argue that testing nonfunctional requirements, such as security, is a great challenge due to cross-functional aspects of testing and lack of clarity of their needs. Concrete requirements help us to better validate our systems’ security, however, we also need solutions that are able to cope with abstract requirements, such as those within the standards.
Abstract:
In this article, we introduce our approach, which applies the cyber digital twin (CDT) concept to automotive software for the purpose of security analysis. In our method,...Show MoreMetadata
Abstract:
In this article, we introduce our approach, which applies the cyber digital twin (CDT) concept to automotive software for the purpose of security analysis. In our method, automotive firmware is transformed into a CDT, and continuously evaluated for security requirements through automated analysis, verification and vulnerabilities detection.
Published in: IEEE Software ( Volume: 40, Issue: 1, Jan.-Feb. 2023)