Web-based remote access

Table of Links

Abstract and 1 Introduction

2. Current Security Testing Platforms

2.1. Recent progress

3. A New Testing Platform and 3.1. Testing platform roles

3.2. Web-based remote access

3.3. Testbed setup

4. Enabled Testing Methodologies

4.1. Secure Development Lifecycle (SDL) testing and 4.2. Penetration testing

4.3. Research testing

5. Conclusion & Outlook, and References

3.2. Web-based remote access

The first step to developing a user-friendly testing platform is providing an easy-to-use and familiar interface. Vehicle Security Engineering Cloud [6] (VSEC) is a cloud-based platform that aims to connect and automate various steps of the vehicle cybersecurity engineering process. A major problem we see in the V&V processes is the lack of repeatability and frequency of tests. To address this problem, while maintaining confidentiality, VSEC Test centralizes the testing process and execution while distributing the efforts across locations and resources.

Managed remote access. Via a web interface, the VSEC Test platform allows users to register and connect hardware test benches or vehicles to the cloud, which are then shared and managed centrally under an enterprise account. Authorized users are able to schedule benches, access all available interfaces of the bench via a Linux terminal, and control multiple power sources to individual configured targets. User access is configured and controlled by the lab orchestration software to prevent unauthorized access. Features such as file explorer and workspace sharing can be enabled to allow quick ways to reproduce test environments; otherwise, each user has a sandbox environment in a Docker container to keep their workspace separated. In addition, VSEC Test also hosts a test management system that allows for continuous and repeated test setup with connected benches.

To evaluate the effectiveness and robustness of the VSEC Test platform, we set up a few bench and vehicle targets in the lab and connected various vehicle interfaces to a local machine that connects to VSEC Test on the cloud. We used built-in tests to remotely scan for basic information from a complete vehicle network, and compared the results with similar open-source tools installed directly to the local machine. Then we set up a custom test case on VSEC Test to be ran periodically on the remote target while purposely triggering some network downtime during test execution to simulate unplanned network disruptions, and compared the results to a local setup. We found that the added latency due to the cloud connection was not sufficient to cause a noticeable negative effect on the effectiveness of the test team. Test results obtained from the cloud platform are functionally equivalent to those achieved through a local setup. Moreover, the cloud platform provides the added benefit of facilitating instant sharing of results among team members and automating the report generation process, thereby eliminating the need for manual compilation of results from open-source tools.