Using a Cyber Digital Twin for Continuous Automotive Security Requirements Verification

A Digital Twin (DT) is a digital representation of a physical object used to simulate it before it is built or to predict failures after the object is deployed. The DT concept was originally applied to manufacturing but has been gaining attention in other areas. In this article, we introduce a novel concept called Cyber Digital Twin (CDT), which transfers the idea of the DT to automotive software for the purpose of security analysis. In our approach, the ECU software (i.e., firmware) is transformed into a CDT, which contains automatically extracted, security-relevant information from the firmware. With this, we can evaluate automotive security requirements through automated security requirements verification using policy enforcement checks and detection of security vulnerabilities. The evaluation can be done continuously using newly integrated checks and published security vulnerabilities.