A Model-Based Approach to Automotive Security Analysis:Cross-Domain Application of the Cybersecurity Toolbox

Simon Eschlberger; Katharina Polanec; Thomas Ploner; Bernhard Braschel; Christian Neureiter

A Model-Based Approach to Automotive Security Analysis:Cross-Domain Application of the Cybersecurity Toolbox

Simon Eschlberger
, Katharina Polanec
, Thomas Ploner (Contributor)
, Bernhard Braschel (Contributor)
, Christian Neureiter (Contributor)

Research output: Contribution to conference › Paper › peer-review

Abstract

As modern vehicles become increasingly complex and connected, integrating cybersecurity into early design stages is crucial. This paper presents the adaptation of the Cybersecurity Toolbox, a graphical domain-specific language (DSL) originally developed for smart grids, to the automotive domain.
The DSL was reviewed and aligned with automotive standards like ISO/SAE 21434 and compliments the applicability of cybersecurity guidance normatives like UN R155.
A controlled experiment about a FlexRay-based braking system validated the generic method and applicability of the Cybersecurity Toolbox in this cross-domain use case.
In synergy with the ARAM Toolbox for creating a high-level architecture description, traceability across systems architecture and cybersecurity views was achieved by an abstraction pattern.
The study demonstrates the DSL's usability, semantic clarity, and automation potential, validated by students who conducted a well-structured, specification-compliant security analysis based on publicly available documentation of the Cybersecurity Toolbox.

Original language	English
Publication status	Accepted/In press - 2025
Event	2025 IEEE International Symposium on Systems Engineering: IEEE ISSE 2025 - ENSTA Paris, France, Paris, France Duration: 28 Oct 2025 → 30 Oct 2025 https://2025.ieeeisse.org/

Conference

Conference	2025 IEEE International Symposium on Systems Engineering
Country/Territory	France
City	Paris
Period	28/10/25 → 30/10/25
Internet address	https://2025.ieeeisse.org/

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy
SDG 9 Industry, Innovation, and Infrastructure

Keywords

Automotive Cybersecurity
Model-Based Systems Engineering
Domain-Specific Language
Systems architecture

Classification according to Österreichische Systematik der Wissenschaftszweige (ÖFOS 2012)

102016 IT security

Applied Research Level (ARL)

ARL Level 3 - Proof of the functionality of a principle

Research focus/foci

Industrial Informatics

Cite this

@conference{00d725c06e1e4e508550e0b82a6ec542,

title = "A Model-Based Approach to Automotive Security Analysis:Cross-Domain Application of the Cybersecurity Toolbox",

abstract = "As modern vehicles become increasingly complex and connected, integrating cybersecurity into early design stages is crucial. This paper presents the adaptation of the Cybersecurity Toolbox, a graphical domain-specific language (DSL) originally developed for smart grids, to the automotive domain. The DSL was reviewed and aligned with automotive standards like ISO/SAE 21434 and compliments the applicability of cybersecurity guidance normatives like UN R155. A controlled experiment about a FlexRay-based braking system validated the generic method and applicability of the Cybersecurity Toolbox in this cross-domain use case. In synergy with the ARAM Toolbox for creating a high-level architecture description, traceability across systems architecture and cybersecurity views was achieved by an abstraction pattern. The study demonstrates the DSL's usability, semantic clarity, and automation potential, validated by students who conducted a well-structured, specification-compliant security analysis based on publicly available documentation of the Cybersecurity Toolbox.",

keywords = "Automotive Cybersecurity, Model-Based Systems Engineering, Domain-Specific Language, Systems architecture",

author = "Simon Eschlberger and Katharina Polanec and Thomas Ploner and Bernhard Braschel and Christian Neureiter",

year = "2025",

language = "English",

note = "2025 IEEE International Symposium on Systems Engineering ; Conference date: 28-10-2025 Through 30-10-2025",

url = "https://2025.ieeeisse.org/",

}

TY - CONF

T1 - A Model-Based Approach to Automotive Security Analysis:Cross-Domain Application of the Cybersecurity Toolbox

AU - Eschlberger, Simon

AU - Polanec, Katharina

A2 - Ploner, Thomas

A2 - Braschel, Bernhard

A2 - Neureiter, Christian

PY - 2025

Y1 - 2025

N2 - As modern vehicles become increasingly complex and connected, integrating cybersecurity into early design stages is crucial. This paper presents the adaptation of the Cybersecurity Toolbox, a graphical domain-specific language (DSL) originally developed for smart grids, to the automotive domain. The DSL was reviewed and aligned with automotive standards like ISO/SAE 21434 and compliments the applicability of cybersecurity guidance normatives like UN R155. A controlled experiment about a FlexRay-based braking system validated the generic method and applicability of the Cybersecurity Toolbox in this cross-domain use case. In synergy with the ARAM Toolbox for creating a high-level architecture description, traceability across systems architecture and cybersecurity views was achieved by an abstraction pattern. The study demonstrates the DSL's usability, semantic clarity, and automation potential, validated by students who conducted a well-structured, specification-compliant security analysis based on publicly available documentation of the Cybersecurity Toolbox.

AB - As modern vehicles become increasingly complex and connected, integrating cybersecurity into early design stages is crucial. This paper presents the adaptation of the Cybersecurity Toolbox, a graphical domain-specific language (DSL) originally developed for smart grids, to the automotive domain. The DSL was reviewed and aligned with automotive standards like ISO/SAE 21434 and compliments the applicability of cybersecurity guidance normatives like UN R155. A controlled experiment about a FlexRay-based braking system validated the generic method and applicability of the Cybersecurity Toolbox in this cross-domain use case. In synergy with the ARAM Toolbox for creating a high-level architecture description, traceability across systems architecture and cybersecurity views was achieved by an abstraction pattern. The study demonstrates the DSL's usability, semantic clarity, and automation potential, validated by students who conducted a well-structured, specification-compliant security analysis based on publicly available documentation of the Cybersecurity Toolbox.

KW - Automotive Cybersecurity

KW - Model-Based Systems Engineering

KW - Domain-Specific Language

KW - Systems architecture

UR - https://www.researchgate.net/publication/396229807_A_Model-Based_Approach_to_Automotive_Security_Analysis_Cross-Domain_Application_of_the_Cybersecurity_Toolbox

M3 - Paper

T2 - 2025 IEEE International Symposium on Systems Engineering

Y2 - 28 October 2025 through 30 October 2025

ER -

A Model-Based Approach to Automotive Security Analysis:Cross-Domain Application of the Cybersecurity Toolbox

Abstract

Conference

UN SDGs

Keywords

Classification according to Österreichische Systematik der Wissenschaftszweige (ÖFOS 2012)

Applied Research Level (ARL)

Research focus/foci

Other files and links

Fingerprint

Cite this