Search Results (24)

Rising complexity in cyber-physical systems development exposes challenges in the consistent and reusable specification of graphical domain-specific languages (DSLs). Despite the benefits of model-based systems engineering (MBSE), the absence of a standardized, life-cycle-wide specification process results in semantic inconsistencies, tool dependence, and limited interoperability. While our previous work has addressed individual stages of DSL definition, a comprehensive, standards-based process integrating these stages remains missing. Building on these foundations, this paper introduces a unified language specification process for graphical DSLs grounded in established standards—the Meta-Object Facility (MOF), Unified Modeling Language (UML), Web Ontology Language (OWL), and Resource Description Framework (RDF). The process integrates three core artifacts: a tool-independent ontology capturing domain semantics, a MOF-conforming metamodel unifying abstract syntax, semantics, and concrete syntax, and a UML-profile-based implementation. To support and exemplify this process, a prototypical toolchain is introduced that enables automated transformations between these artifacts, thereby facilitating the consistent propagation of semantics from ontology to implementation. The applicability of the proposed process is demonstrated through both a top-down automotive case and a bottom-up cybersecurity DSL, illustrating its cross-domain generalizability. By explicitly structuring and connecting ontology, metamodel, and implementation, this work contributes a semantically consistent, machine-interpretable, and tool-independent specification process for graphical DSLs in MBSE. Full article

The advancement of Automotive Industry 4.0 has promoted the development of Vehicle to Vehicle (V2V) and Internet of Vehicles (IoV) communication, which marks the new era for intelligent, connected and automated transportation. Despite the benefits of this metamorphosis in terms of effectiveness and convenience, new obstacles to safety, inter-connectivity, and cybersecurity emerge. The tire pressure monitoring system (TPMS) is one prominent feature that senses tire pressure, which is closely related to vehicle stability, braking performance and fuel efficiency. However, the majority of TPMSs currently in use are based on the use of insecure and proprietary wireless communication links that can be breached by attackers so as to interfere with not only tire pressure readings but also sensor data manipulation. For this purpose, we design a secure TPMS architecture suitable for real-time IoV sensing. The framework is experimentally implemented using a Raspberry Pi 3B+ (Raspberry Pi Ltd., Cambridge, UK) as an independent autonomous control unit (ACU), interfaced with vehicular pressure sensors and a LoRa SX1278 (Semtech Corporation, Camarillo, CA, USA) module to support low-power, long-range communication. The gathered sensor data are encrypted, their integrity checked, source authenticated by lightweight cryptographic algorithms and sent to a secure server locally. To validate this approach, we show a three-node exhibition where Node A (raw data and tampered copy), B (unprotected copy) and C (secure auditor equipped with alerting of tampering and weekly rotation of the ID) realize detection of physical level threats at top speeds. The validated datasets are further enriched in a MATLAB R2024a simulator by replicating the data of one vehicle by 100 virtual vehicles communicating using over 5G, LoRaWAN and LoRa P2P as communication protocols under urban, rural and hill-station scenarios. The presented statistics show that, despite 5G ultra-low latency, LoRa P2P consistently provides better reliability and energy efficiency and is more resistant to attacks in the presence of various terrains. Considering the lack of private vehicular 5G infrastructure and the regulatory restrictions, this work simulated and evaluated the performance of 5G communication, while LoRa-based communication was experimentally validated with a hardware prototype. The results underline the trade-offs among LoRa P2P and an infrastructure-based uplink 5G mode, when under some specific simulation conditions, as opposed to claiming superiority over all 5G modes. In conclusion, the presented Raspberry Pi–MATLAB hybrid solution proves to be an effective and scalable approach to secure TPMS in IoV settings, intersecting real-world sensing with large-scale network simulation, thus enabling safer and smarter next-generation vehicular systems. Full article

Cybersecurity has become a critical concern in the automotive sector, where the increasing connectivity and complexity of modern vehicles—particularly in the context of autonomous driving—have significantly expanded the attack surface. In response to these challenges, this paper presents the Welcome To The Machine (WTTM) framework, developed to support proactive and structured cyber risk management throughout the entire vehicle lifecycle. Specifically tailored to the automotive domain, the framework encompasses four core actions: detection, analysis, response, and remediation. A central element of WTTM is the WTTM Questionnaire, designed to assess the organizational cybersecurity maturity of automotive manufacturers and suppliers. The questionnaire addresses six key areas: Governance, Risk Management, Concept and Design, Security Requirements, Validation and Testing, and Supply Chain. This paper focuses on the development and validation of WTTM-Q. Statistical validation was performed using responses from 43 participants, demonstrating high internal consistency (Cronbach’s alpha > 0.70) and strong construct validity (CFI = 0.94, RMSEA = 0.061). A supervised classifier (XGBoost), trained on 115 hypothetical response configurations, was employed to predict a priori risk classes, achieving 78% accuracy and a ROC AUC of 0.84. The WTTM framework, supported by a Vehicle Security Operations Center, provides a scalable, standards-aligned solution for enhancing cybersecurity in the automotive industry. Full article

This systematic literature review pioneers the synthesis of cybersecurity challenges for automotive digital twins (DTs), a critical yet underexplored frontier in connected vehicle security. The notion of digital twins, which act as simulated counterparts to real-world systems, is revolutionizing secure system design within the automotive sector. As contemporary vehicles become more dependent on interconnected electronic systems, the likelihood of cyber threats is escalating. This comprehensive literature review seeks to analyze existing research on threat modeling and security testing in automotive digital twins, aiming to pinpoint emerging patterns, evaluate current approaches, and identify future research avenues. Guided by the PRISMA framework, we rigorously analyze 23 studies from 882 publications to address three research questions: (1) How are threats to automotive DTs identified and assessed? (2) What methodologies drive threat modeling? Lastly, (3) what techniques validate threat models and simulate attacks? The novelty of this study lies in its structured classification of digital twin types (physics based, data driven, hybrid), its inclusion of a groundbreaking threat taxonomy across architectural layers (e.g., ECU tampering, CAN-Bus spoofing), the integration of the 5C taxonomy with layered architectures for DT security testing, and its analysis of domain-specific tools such as VehicleLang and embedded intrusion detection systems. The findings expose significant deficiencies in the strength and validation of threat models, highlighting the necessity for more adaptable and comprehensive testing methods. By exposing gaps in scalability, trust, and safety, and proposing actionable solutions aligned with UNECE R155, this SLR delivers a robust framework to advance secure DT development, empowering researchers and industry to fortify vehicle resilience against evolving cyber threats. Full article

The rapid development of the Internet of Things (IoT) has enabled the implementation of interconnected intelligent systems in extremely dynamic contexts with limited resources. However, traditional paradigms, such as those using ECC-based heuristics and centralised decision-making frameworks, cannot be modernised to ensure resilience, scalability and security while taking quantum threats into account. In this case, we propose a modular architecture that integrates quantum-inspired cryptography (QI), epistemic uncertainty reasoning, the multiscale blockchain MuReQua, and the quantum-inspired decentralised storage engine (DeSSE) with fragmented entropy storage. Each component addresses specific cybersecurity weaknesses of IoT devices: quantum-resistant communication on epistemic agents that facilitate cognitive decision-making under uncertainty, lightweight adaptive consensus provided by MuReQua, and fragmented entropy storage provided by DeSSE. Tested through simulations and use case analyses in industrial, healthcare and automotive networks, the architecture shows exceptional latency, decision accuracy and fault tolerance compared to conventional solutions. Furthermore, its modular nature allows for incremental integration and domain-specific customisation. By adding reasoning, trust and quantum security, it is possible to design intelligent decentralised architectures for resilient IoT ecosystems, thereby strengthening system defences alongside architectures. In turn, this work offers a specific architectural response and a broader perspective on secure decentralised computing, even for the imminent advent of quantum computers. Full article

This study conducts a detailed analysis of cybersecurity threats, including artificial intelligence (AI)-driven cyber-attacks targeting vehicle-to-vehicle (V2V) and electric vehicle (EV) communications within the rapidly evolving field of connected and autonomous vehicles (CAVs). As autonomous and electric vehicles become increasingly integrated into daily life, their susceptibility to cyber threats such as replay, jamming, spoofing, and denial-of-service (DoS) attacks necessitates the development of robust cybersecurity measures. Additionally, EV-specific threats, including battery management system (BMS) exploitation and compromised charging interfaces, introduce distinct vulnerabilities requiring specialized attention. This research proposes a comprehensive and integrated cybersecurity framework that rigorously examines current V2V, vehicle-to-everything (V2X), and EV-specific systems through systematic threat assessments, vulnerability analyses, and the deployment of advanced security controls. Unlike previous state-of-the-art approaches, which primarily focus on isolated threats or specific components such as V2V protocols, the proposed framework provides a holistic cybersecurity strategy addressing the entire communication stack, EV subsystems, and incorporates AI-driven threat detection mechanisms. This comprehensive and integrated approach addresses critical gaps found in the existing literature, making it significantly more adaptable and resilient against evolving cyber-attacks. Our framework aligns with industry standards and regulatory requirements, significantly enhancing the security, safety, and reliability of modern transportation systems. By incorporating specialized cryptographic techniques, secure protocols, and continuous monitoring mechanisms, the proposed approach ensures robust protection against sophisticated cyber threats, thereby safeguarding vehicle operations and user privacy. Full article

An important step toward automation and digitization in Industry 4.0 is the automobile sector’s use of smart manufacturing integrated systems (SMISs). Although this change increases productivity and competitiveness, it also creates new hazards for workplace safety. Key issues include ergonomic and cognitive strain from greater human–machine interactions, particularly with collaborative robots (cobots), and cybersecurity threats from the IIoT and cyber–physical systems. This paper looks at these hazards and stresses the value of safety precautions like predictive maintenance, traceability, and real-time monitoring. This case study investigates how the integration of smart manufacturing integrated systems (SMISs) and cyber–physical systems (CPSs) within Industry 4.0 frameworks enhances workplace safety in the automotive sector. Through a comprehensive case study of the final assembly line, this research explores how these technologies contribute to predictive maintenance, real-time monitoring, and human–machine collaboration, leading to significant reductions in ergonomic and cybersecurity risks. Full article

The proliferation of cyber–physical systems in modern vehicles, characterized by densely interconnected Electronic Control Units (ECUs) and heterogeneous communication networks, has significantly expanded the automotive attack surface. Traditional Threat Analysis and Risk Assessment (TARA) methodologies remain predominantly manual processes that exhibit limitations in scalability, and comprehensive threat identification. This research addresses these limitations by developing a formalized framework for automating attack path analysis within the automotive architecture. While attack graph methodologies have demonstrated efficacy in conventional information technology domains, their application within automotive cybersecurity contexts presents unique challenges stemming from domain-specific architectural constraints. We propose a novel Graph-based Attack Path Prioritization (GAPP) methodology that integrates Extended Finite State Machine (EFSM) modeling. Our implementation employs the Neo4j property graph database architecture to establish the mappings between architectural components, security states, and exploitation vectors. This research contributes a systematic approach to automotive security assessment, enhancing vulnerability identification capabilities while reducing analytical complexity. Full article

The incorporation of Driver Monitoring Systems (DMSs) in vehicles is fundamental to enhancing road safety by continuously assessing driver behavior and identifying signs of fatigue or distraction. However, as these technologies evolve, they also present considerable cybersecurity challenges. This research undertakes an extensive Threat Analysis and Risk Assessment (TARA) of DMSs, adhering to the ISO/SAE 21434 standard, to methodically detect and assess potential security threats. A total of 115 threats were recognized and classified into 95 low-risk, 16 medium-risk, and 4 high-risk scenarios, underscoring key vulnerabilities in data transmission, sensor reliability, and communication frameworks. To mitigate these risks, we suggest a range of countermeasures, including enhanced encryption techniques, stringent authentication protocols, and reinforced access control mechanisms, designed to strengthen the security posture of DMSs in practical applications. This study introduces a structured framework for evaluating and addressing cybersecurity threats in alignment with industry regulations, facilitating the dependable and safeguarded implementation of DMSs in future vehicle architectures while contributing to ongoing progress in automotive cybersecurity. Full article

The increasing number and complexity of cyber–physical systems in vehicles necessitate a rigorous approach to identifying functional safety and cybersecurity hazards during the concept phase of product development. This study establishes a systematic method for identifying safety and security requirements for E/E components in the automotive sector, utilizing the SysML language within the CAMEO environment. The method’s activities and work products are grounded in the ISO 26262:2018 and ISO/SAE 21434:2021 standards. Comprehensive requirements were defined for the method’s application environment and activities, including generic methods detailing the creation of work products. The method’s metamodel was developed using the MagicGrid framework and validated through an application example. Synergies between the two foundational standards were identified and integrated into the method. The solution generation was systematically described by detailing activities for result generation and the production of standard-compliant work products. To facilitate practical implementation, a method template in SysML was created, incorporating predefined stereotypes, relationships, and tables to streamline the application and enhance consistency. Full article

This study investigates the integration of smart card readers into vehicle ignition systems as a multifaceted solution to enhance security, regulatory compliance, and road safety. By implementing real-time driver verification, encryption protocols (AES-256, RSA), and multifactor authentication, the system significantly reduces unauthorized vehicle use and improves accident prevention. A critical advancement of this research is the incorporation of automated drug and impairment detection to prevent driving under the influence of substances, including illicit drugs and prescription medications. Risk models estimate that drug-related accidents could be reduced by 7.65% through the integration of these technologies into vehicle ignition systems, assuming high compliance rates. The study evaluates drug applications leveraging the same sensor-based monitoring technologies as used for impairment detection. These systems can facilitate the real-time tracking of medication intake and physiological responses, offering new possibilities for safety applications in medical transportation and assisted driving technologies. High-performance polymers such as polyetheretherketone (PEEK) enhance the durability and thermal stability of smart card readers, while blockchain-based verification strengthens data security and regulatory compliance. Despite challenges related to cost (USD 100–300 per unit) and adherence to ISO standards, these innovations position smart card-based ignition systems as a comprehensive, technology-driven approach to vehicle security, impairment prevention, and medical monitoring. Full article

To ensure security and stable quality, deeper cybersecurity evaluations are essential for the development of safety features and functionalities in vehicles. Among these, the AEB system is the most relevant. This research presents a comprehensive TARA of the AEB system, emphasizing the identification, validation, and mitigation of major cybersecurity threats and risks. We systematically examine potential attack vectors by utilizing the STRIDE threat model. This approach enables a detailed analysis of each security threat associated with AEB systems, providing insights into how malicious actors could use the attack paths. The assessment aligns with ISO/SAE 21434, which offers a robust framework for risk management in automotive cybersecurity and IT security, ensuring a thorough evaluation of a system’s architecture. By assessing the AEB system’s architecture against these standards, we identify key components and communication pathways that may be particularly prone to cyberattacks. The results of this analysis highlight critical flaws within the AEB framework and propose corrective measures to enhance cybersecurity resilience. This article provides a structured methodology for assessing and mitigating automotive cybersecurity risks in compliance with industry standards, aiming to facilitate the safe implementation of AEB technology and ultimately improve overall vehicle security and safety. Full article

The rapid integration of connected technologies in modern vehicles has introduced significant cybersecurity challenges, particularly in securing critical systems against advanced threats such as IP spoofing and rule manipulation. This study investigates the application of CHERI (Capability Hardware Enhanced RISC Instructions) to enhance the security of Intrusion Detection Systems (IDSs) in automotive networks. By leveraging CHERI’s fine-grained memory protection and capability-based access control, the IDS ensures the robust protection of rule configurations against unauthorized access and manipulation. Experimental results demonstrate a 100% detection rate for spoofed IP packets and unauthorized rule modification attempts. The CHERI-enabled IDS framework achieves latency well within the acceptable limits defined by automotive standards for real-time applications, ensuring it remains suitable for safety-critical operations. The implementation on the ARM Morello board highlights CHERI’s practical applicability and low-latency performance in real-world automotive scenarios. This research underscores the potential of hardware-enforced memory safety in mitigating complex cyber threats and provides a scalable solution for securing increasingly connected and autonomous vehicles. Future work will focus on optimizing CHERI for resource-constrained environments and expanding its applications to broader automotive security use cases. Full article

The evolution of Electrical and Electronic (E/E) architectures in the automotive industry has been a significant factor in the transformation of vehicles from traditional mechanical systems to sophisticated, software-defined machines. With increasing vehicle connectivity and the growing threats from cyberattacks that could compromise safety and violate user privacy, the incorporation of cybersecurity into the automotive development process is becoming imperative. As vehicles evolve into sophisticated interconnected systems, understanding their vulnerabilities becomes essential to improve cybersecurity. This paper also discusses the role of evolving standards and regulations, such as ISO 26262 and ISO/SAE 21434, in ensuring both the safety and cybersecurity of modern vehicles. This paper offers a comprehensive review of the current challenges in automotive cybersecurity, with a focus on the vulnerabilities of the Controller Area Network (CAN) protocol. Additionally, we explore state-of-the-art countermeasures, focusing on Intrusion Detection Systems (IDSs), which are increasingly leveraging artificial intelligence and machine learning techniques to detect anomalies and prevent attacks in real time. Through an analysis of publicly available CAN datasets, we evaluate the effectiveness of IDS frameworks in mitigating these threats. Full article

Numerous attempts have been made to create a secure system that meets the criteria and requirements of the automotive vehicle development life cycle. However, a critical gap exists in the secure development lifecycle, particularly concerning the development and maintenance of software after the vehicle has been sold by the manufacturer. This step is often overlooked by original equipment manufacturers (OEMs), especially after the expiration of the vehicle warranty period, given the cost that it will require to update and test the software in their vehicles. This paper addresses the issues that affect current and future vehicle cybersecurity, during the maintenance of cybersecurity, and how the neglect of it could end up creating hazards for the vehicle owner or other road users. To accomplish this, we will employ the technology adoption model (TAM) as a theoretical framework, which is used to understand and predict how organizations adopt technology. Thus, through qualitative and quantitative research, including text mining, we identify the challenges in the adoption and diffusion of cybersecurity maintenance in the automotive sector and its supply chain. In addition, we propose possible solutions on how to maintain a level of security that will benefit road users, OEMs and regulators, covering the cybersecurity needs for the vehicle’s usable life, taking into account the vehicle’s heterogeneity of components and technology, connectivity, environmental impact and cost of production and maintenance of a vehicle. Full article