Master´s Thesis - Cybersecurity Verification and Validation in a Cyber Resilient Vehicle Architecture


The automotive industry has been influenced by a dramatic advancement in technology in recent years; connected, automated and autonomous vehicles are making their ways into our lives. Although the presence of such vehicles would add to the ease of life, new security challenges would also be introduced to the automotive industry. Attackers using vulnerability scanning tools as well as a range of simple to complex attack vectors would try to gain access to these automated vehicles and even worse, perform malicious activities that may consequently put the life of the drivers, pedestrians and other road users in danger.

During recent years, several researches have been carried out in order to come up with a set of design principles and mechanisms to prevent the occurrence of such attacks. However, it could be a big achievement if these vehicles were also resilient to attacks, meaning that they could recover and reconfigure themselves either completely or partially, once an attack happened. Now, in order to achieve this, what should be done when an intrusion is detected by the system? How should the vehicle be designed in order to minimize the impacts of such attacks and/or to recover from it? Moreover, what appropriate measures should be taken in order not to jeopardize the safety of the road users?

Thesis scope

Once a secure, resilient system is designed, the next step is to apply necessary verification and validation processes in order to make sure that the system is working as intended. In this thesis, we investigate what the existing validation and verification strategies in different industries are, and which one(s) is best suited for the automotive industry while focusing on verification and validation of a cyber-resilient vehicle? What do the existing standards in safety and security indicate about verification and validation? What are the best practices in this domain? And, what would the probable challenges be, regarding both security and safety, when verifying and validating a vehicle architecture for its resilience?

Once the best-suited V&V technique was found, how this technique can be used in a Proof of Concept (PoC) will be demonstrated by means of one or more use cases.


  • Good knowledge of cybersecurity concepts
  • Familiarity with cybersecurity design principles
  • Familiarity with Verification and Validation (V&V) techniques


  • Knowledge about resilient, fault-tolerant systems
  • Knowledge regarding security and safety standards (ISO 26262, etc.)

Additional information

The thesis can be done by 1 or 2 students.

Start date: January 2021

Contact persons

Salah Hashemi, salahaddin.hashemi@combitech.s

Reza Esmaeili,

About us

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats. We continually develop methods and concepts that contribute to our clients’ security and efficiency.

Autonomous vehicles or vehicles with self-driving functions will need to be verified and tested in order to satisfy governmental requirements regarding safety and security. Combitech is one of the first companies that offers full support to vehicle OEMs and their suppliers in order to comply with these requirements. Our team of experts is involved in the entire development process of these vehicles, from the requirements and design stage to the deployment stage.