Modern vehicles contain a multitude of electronic control units that implement software features controlling most of the operational, entertainment, connectivity, and safety aspects of the vehicle. However, with security requirements often being an afterthought in automotive software development, incorporation of such software features with intra- and inter-vehicular connectivity requirements often opens up new attack surfaces. Demonstrations of such security vulnerabilities in past reports and literature bring in the necessity to formally analyze how secure automotive control systems really are against adversarial attacks. Modern vehicles often incorporate onboard monitoring systems that test the sanctity of data samples communicated among controllers and detect possible attack/noise insertion scenarios. The performance of such monitors against security threats also needs to be verified.

In this work, we outline a rigorous methodology for estimating the vulnerability of automotive CPSs. We provide a computer-aided design framework that considers the model-based representation of safety-critical automotive controllers and monitoring systems working in a closed loop with vehicle dynamics and verifies their safety and robustness w.r.t. false data injection attacks. Symbolically exploring all possible combinations of attack points of the input automotive CPS, the proposed framework tries to find out which sensor and/or actuation signal is vulnerable by generating stealthy and successful attacks using a formal method-based counter-example guided abstract refinement process. We also validate the efficacy of the proposed framework using a case study performed in an industry-scale simulator.