Your browser doesn't support javascript. This means that the content or functionality of our website will be limited or unavailable. If you need more information about Vinnova, please contact us.

Our e-services for applications, projects and assessments close on Thursday 25 April at 4:30pm because of system upgrades. We expect to open them again on Friday 26 April at 8am the latest.

THREAT MOVE (THREAT MOdeling and simulation of VEhicle IT)

Reference number
Coordinator Kungliga Tekniska Högskolan - KTH EES
Funding from Vinnova SEK 5 776 310
Project duration October 2017 - September 2022
Status Completed
End-of-project report 2017-03087eng.pdf (pdf, 263 kB)

Purpose and goal

The project "Threat modeling and simulation of vehicle IT" 2017-2022, had the purpose to develop a method that can model and simulate the cyber security of the internal IT environments in vehicles. KTH and Foreseeti have previously developed a framework that formed the basis for the work in this project. Using this framework, the project developed a domain-specific threat modeling and attack simulation language for vehicle IT, called vehicleLang. The language has been tested through both academic and practical activities. A tested vehicleLang was the main deliverable in the project.

Expected results and effects

The project has produced more than eight academic articles, sixteen theses, thirteen vulnerabilities, and multitudes of media appearances. For example: Katsikeas, Johnsson, Hacks, & Lagerström, "VehicleLang: A probabilistic modeling and simulation language for modern vehicle IT infrastructures," in Computers & Security, vol. 117, 2022. van der Schoot, “Validating vehicleLang, a domain-specific threat modeling language, from an attacker and industry perspective,” KTH, 2020. CVE-2019-12941 Svt Nyheter, 11 Oct. 2020, "Warning: Connected cars can be hacked and taken over".

Planned approach and implementation

The project was led by the Royal Institute of Technology and was a collaboration between Foreseeti, WithSecure, Scania, and Volvo Cars. It was very successful bringing the entire value chain from research, via innovative companies, to end users. In addition to the main deliverable, vehicleLang, another focus has been on penetration tests of vehicle equipment. To examine how resilient various components are against IT attacks. These tests have both provided insights directly applicable to its developers and input to the modeling language.

External links

The project description has been provided by the project members themselves and the text has not been looked at by our editors.

Last updated 28 June 2023

Reference number 2017-03087

Page statistics