We propose a framework for vehicle penetration tests. Vehicle penetration tests are here intended as tests aimed to analyze the security of the Cyber Physical systems integrated in vehicles. The framework proposed here is based on two types of attacks: generic, i.e. not depending on the vehicle, and specific, i.e. depending on the vehicle. This framework has a large field of application: it has been successfully used on motorbikes, passenger cars and commercial vehicles.It is assumed that some information on the vehicle are available (Electric and Electronic architecture description and networks descriptions) and that the tester has full access to the vehicle. Access to the vehicle is used to craft and test viruses interacting with vehicle Cyber Physical systems.The output of a penetration test done using this framework is a report summarizing attacks and their risk.
Bragaglia et al. (Sun,) studied this question.