An Agnostic Domain Specific Language for Implementing Attacks in an Automotive Use Case

This paper presents a Domain Specific Language (DSL) for generically describing cyber attacks, agnostic to specific system-under-test (SUT). The creation of the presented DSL is motivated by an automotive use case. The concepts of the DSL are generic such that attacks on arbitrary systems can be addressed. The ongoing trend to improve the user experience of vehicles with connected services implies an enhanced connectivity as well as remote accessible interface opens potential attack vectors. This might also impact safety and the proprietary nature of potential SUTs. Reusing tests of attack vectors to industrialize testing them on multiple SUTs mandates an abstraction mechanism to port an attack from one system to another. The DSL therefore generically describes attacks for the usage with a test case generator (and execution environment) also described in this paper. The latter use this description and a database with SUT-specific information to generate attack implementations for a multitude of different (automotive) SUTs.