VehicleLang: A probabilistic modeling and simulation language for modern vehicle IT infrastructures

Abstract

Attack simulations are a feasible means of assessing the cyber security of various systems. Simulations can replicate the steps taken by an attacker to compromise sensitive system assets, and the time required for the acquisition of assets of interests can be calculated. One widely accepted approach to such simulations is the modelling of attack steps and their dependencies in a formal manner using attack graphs. To reduce the effort of creating new attack graphs for each system in a given domain, one can employ domain-specific attack-modeling languages to codify common attack logic. The Meta Attack Language has been proposed as a framework for developing domain-specific attack languages. In this article, we propose vehicleLang as a domain-specific language for modeling vehicles in the context of corresponding information technology infrastructures and analyzing weaknesses related to known attacks. To model domain-specific attributes, we reviewed existing literature to develop a comprehensive language, which was then verified through a series of interviews with domain experts from the automotive industry. Specifically, a systematic literature review was performed to identify possible attacks against vehicles. The identified attacks served as a blueprint for the evaluation of vehicleLang’s simulation capabilities. Finally, the language was validated using the Feigenbaum test methodology.