Software Security Testing Lifecycle for Automotive Products

Software Security Testing Lifecycle for Automotive Products

연구 분야: Analysis

학회: 2024 IEEE International Conference on Cyber Security and Resilience (CSR)

Automotive security standards outline essential procedures and requirements to secure systems, yet they lack guidelines on optimal methods for security verification and validation. Existing research describe methodologies that can be used for assessing security threats at different levels but fail to define when those methods should be applied to get optimal results. The methods used to discover vulnerabilities must be implemented at right stage of PDLC (Product Development Lifecycle), else they can be considered as not being done at all, since vulnerabilities will not be identified. Our paper aims at providing a solution, SSTLC (Software Security Testing Lifecycle) which ensures that correct testing methodology is utilized at right stage to make a product Cyber Safe and discusses about different testing methods that can be used to detect vulnerabilities in automotive products and when they should be used during PDLC. This paper aims at defining the software security testing lifecycle for automotive products and describes what test methodology should be performed at what stage of product development to ensure that minimum threats are left unexposed during the development stage. It also discusses what amount of information should be exposed to the tester at different stages of testing.