systematic security testing of ECU components. An example use case regarding Over-The-
Air software updates demonstrates the potential of our approach. Initial results confirm
application code implemented in a typical automotive development environment can be
translated into machine-readable format for the FDR refinement checker to formally verify
security functions and identify any existing security flaws. Although still early stage work, the …