Table of Links Abstract and 1 Introduction Abstract and 1 Introduction 2. Current Security Testing Platforms 2. Current Security Testing Platforms 2.1. Recent progress 2.1. Recent progress 3. A New Testing Platform and 3.1. Testing platform roles 3. A New Testing Platform and 3.1. Testing platform roles 3.2. Web-based remote access 3.2. Web-based remote access 3.3. Testbed setup 3.3. Testbed setup 4. Enabled Testing Methodologies 4.1. Secure Development Lifecycle (SDL) testing and 4.2. Penetration testing 4.1. Secure Development Lifecycle (SDL) testing and 4.2. Penetration testing 4.3. Research testing 4.3. Research testing 5. Conclusion & Outlook, and References 5. Conclusion & Outlook, and References 3.2. Web-based remote access The first step to developing a user-friendly testing platform is providing an easy-to-use and familiar interface. Vehicle Security Engineering Cloud [6] (VSEC) is a cloud-based platform that aims to connect and automate various steps of the vehicle cybersecurity engineering process. A major problem we see in the V&V processes is the lack of repeatability and frequency of tests. To address this problem, while maintaining confidentiality, VSEC Test centralizes the testing process and execution while distributing the efforts across locations and resources. Managed remote access. Via a web interface, the VSEC Test platform allows users to register and connect hardware test benches or vehicles to the cloud, which are then shared and managed centrally under an enterprise account. Authorized users are able to schedule benches, access all available interfaces of the bench via a Linux terminal, and control multiple power sources to individual configured targets. User access is configured and controlled by the lab orchestration software to prevent unauthorized access. Features such as file explorer and workspace sharing can be enabled to allow quick ways to reproduce test environments; otherwise, each user has a sandbox environment in a Docker container to keep their workspace separated. In addition, VSEC Test also hosts a test management system that allows for continuous and repeated test setup with connected benches. Managed remote access. To evaluate the effectiveness and robustness of the VSEC Test platform, we set up a few bench and vehicle targets in the lab and connected various vehicle interfaces to a local machine that connects to VSEC Test on the cloud. We used built-in tests to remotely scan for basic information from a complete vehicle network, and compared the results with similar open-source tools installed directly to the local machine. Then we set up a custom test case on VSEC Test to be ran periodically on the remote target while purposely triggering some network downtime during test execution to simulate unplanned network disruptions, and compared the results to a local setup. We found that the added latency due to the cloud connection was not sufficient to cause a noticeable negative effect on the effectiveness of the test team. Test results obtained from the cloud platform are functionally equivalent to those achieved through a local setup. Moreover, the cloud platform provides the added benefit of facilitating instant sharing of results among team members and automating the report generation process, thereby eliminating the need for manual compilation of results from open-source tools. This paper is available on arxiv under CC BY 4.0 DEED. This paper is available on arxiv under CC BY 4.0 DEED. available on arxiv Authors:
(1) Sekar Kulandaivel, Robert Bosch LLC — Research and Technology Center;
(2) Wenjuan Lu, Block Harbor Cybersecurity;
(3) Brandon Barry, Block Harbor Cybersecurity;
(4) Jorge Guajardo, Robert Bosch LLC — Research and Technology Center. Authors: Authors: (1) Sekar Kulandaivel, Robert Bosch LLC — Research and Technology Center; (2) Wenjuan Lu, Block Harbor Cybersecurity; (3) Brandon Barry, Block Harbor Cybersecurity; (4) Jorge Guajardo, Robert Bosch LLC — Research and Technology Center.

Part of HackerNoon's growing list of open-source research papers, promoting free access to academic material.

Abstract

Bosch

Docker

effect

The Vehicle Security Engineering Cloud Explained

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A New Testing Platform and Testing Platform Roles

4 Reasons To Learn Ethical Hacking

5 Popular Professions in Cybersecurity

9 PWA Security Practices to Safeguard From Cyber Threats

A Basic Intro to Mobile App Debugging with Security Testing Tools

API Security Testing Based on Schema: Highs and Lows

A New Testing Platform and Testing Platform Roles

4 Reasons To Learn Ethical Hacking

5 Popular Professions in Cybersecurity

9 PWA Security Practices to Safeguard From Cyber Threats

A Basic Intro to Mobile App Debugging with Security Testing Tools

API Security Testing Based on Schema: Highs and Lows

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps