Risk-based testing of Bluetooth functionality in an automotive environment
ISSN der Zeitschrift
Automotive - Safety & Security 2012
Regular Research Papers
Gesellschaft für Informatik e.V.
This paper describes an approach for risk-based testing of Bluetooth functionality in an automotive environment, recently studied as part of the ITEA-2 research project DIAMONDS. In the past two decades the functionality of infotainment systems of a modern car increased in complexity. Based on the worldwide evolution towards an information age the driver requests permanently increasing number of functionalities for infotainment systems where the vehicle becomes a connected vehicle which is always on. For instance next generation infotainment systems will provide internet to the cabin and will have integrated of applications like Twitter and Facebook. These additional online services can be realized by integrating the driver's smartphone with the vehicle infotainment system whereby the phone becomes a logical part of the infotainment head unit. This intense integration of consumer mobile devices with the vehicle electronics and network can also have a negative impact on the security of the vehicle electronics. Even the safety level of the entire automotive system can be affected, which recent studies have shown [Ko10, Ko11]. With respect to these increasing security risks for connected vehicles and future telematics applications, efficient and structured methods are required to verify such systems concerning their robustness against security attacks. One important approach is a risk oriented model-based testing concept as developed in the research project DIAMONDS1. Within this project a case study has been defined by Dornier Consulting for the automotive domain focused on connected car applications such as the integration of mobile consumer devices with the in-vehicle network and electronics. Based on risk analysis a security related prioritization of messages is achieved, which enables a smart and efficient generation of the most relevant test scenarios. Using adapted security test generation methods based on known concepts, such as fuzzing of these pre-defined test scenarios, will then be used to generate the final set of test cases. This paper discusses the generation process for risk based security test cases using this model-based testing approach, which pays attention to the analysed security flaws. An approach that refers to the generation of test cases that will cover possible unknown flaws by integrating fuzzing methodologies will also be described. The practical implementation of this generation process will be demonstrated by Dornier Consulting's extended Model-Based Testing (MBT) framework do.ATOMS for industrial and commercial application.