A laboratory construction solution for vehicle cybersecurity, OTA software updates, and automotive data security compliance. Covering standard test cases, testing tools, management platform, evidence archiving, risk rating, and remediation retesting, helping OEMs and testing institutions build executable, auditable, and reusable vehicle security testing capabilities.
标准库 + 用例库 + 工具链
测试管理平台 + 证据中心
整改闭环 + 复测验收
GB 44495 / GB 44496
UN R155 / UN R156
9 大测试能力域
Automotive cybersecurity has evolved from a "compliance item" to a "market access threshold." GB 44495, GB 44496, UN R155, and UN R156 require OEMs to maintain auditable testing capabilities. Scattered tools, ad-hoc testing processes, and missing evidence chains cannot support production compliance and export certification.
GB 44495 and GB 44496 will be progressively enforced from 2026. UN R155/R156 are already prerequisites for market access in Europe, Japan, and South Korea. Without systematic testing capabilities, vehicle models cannot be launched.
Regulatory audits and type approval require reproducible testing, archived evidence, and closed-loop defect management. Ad-hoc testing cannot produce deliverable compliance evidence packages.
Vehicle security spans in-vehicle networks, wireless, mobile apps, firmware/hardware, OTA, and data security. No single team can cover all domains without a unified orchestration platform.
Different target markets (EU, Middle East, Southeast Asia) have varying regulatory requirements. A standard clause mapping matrix and reusable test case library avoid redundant construction.
OTA updates and model year iterations require continuous regression testing. One-time outsourced testing cannot support full lifecycle compliance.
ECUs, gateways, and T-BOXes from Tier1s require security acceptance testing before integration. Labs need both component-level and system-level verification capabilities.
AutoSec Lab is Callisto's vehicle cybersecurity testing laboratory construction solution for OEMs, testing and certification institutions, automotive security labs, and R&D validation centers. Built on "standards library + test case library + tool chain + testing management platform + evidence center + remediation closure," it covers nine capability domains including vehicle cybersecurity, OTA software updates, automotive data security, in-vehicle networks, wireless communications, mobile, firmware, hardware, and penetration testing, supporting GB 44495, GB 44496, GB/T 44464, GB/T 40855/40856/40857, UN R155, and UN R156 compliance testing, evidence management, and remediation closure.
Standards Library
8+ regulation clause mapping
Test Case Library
300+ executable test cases
Tool Chain
7 specialized testing tools
Management Platform
Unified scheduling & archiving
Evidence Center
Logs/screenshots/captures/video
Remediation Closure
Defect tracking to retest
Built-in standard clause mapping matrix automatically links test cases to regulatory clauses, generating auditable compliance coverage reports
Technical Requirements for Vehicle Cybersecurity
Vehicle network security, external connections, data security, software updates
General Technical Requirements for Vehicle Software Updates
OTA update process, version management, rollback protection, user notification
General Requirements for Vehicle Data
Data classification, personal information protection, cross-border compliance
EV Remote Service & Management System Cybersecurity Technical Requirements
RSU/T-BOX data transmission, remote interaction security
In-Vehicle Information Interaction System Cybersecurity Technical Requirements
IVI communication, external interfaces, application security
Vehicle Gateway Cybersecurity Technical Requirements
Gateway routing, protocol isolation, access control
UN Regulation No. 155 - Cybersecurity Management
CSMS framework, threat identification, risk assessment, monitoring response
UN Regulation No. 156 - Software Update Management
SUMS framework, RXSWIN, update integrity, configuration management
Unified orchestration by management platform, parallel multi-domain tool integration, test case library driven execution, unified evidence center archiving
Laboratory knowledge assets and control foundation
Full-stack test objects from vehicle to component
Seven specialized testing capabilities integrated in parallel
Test execution, evidence archiving, and closure management
From asset identification to attack verification, covering the full chain of vehicle cybersecurity testing capabilities
01
Catalog hardware assets, software components, network interfaces, communication links, and external connection entries to establish a maintainable asset inventory and attack surface map.
Hardware asset inventory (ECU/Gateway/T-BOX/IVI)
Software components & SBOM
Network interfaces & protocol inventory
External connection entry profiling
02
Based on asset inventory, identify all exploitable attack entries including physical interfaces, short-range communication, remote communication, and backend interfaces.
Physical interfaces (OBD/USB/Debug)
Short-range (Bluetooth/NFC/UWB)
Remote (4G/5G/Wi-Fi)
Backend APIs & cloud services
03
Verify that authentication mechanisms, permission control policies, and session management across vehicle components meet regulatory requirements.
ECU diagnostic auth (UDS SecAccess)
OTA package signature verification
Backend account & permission model
Mobile login & session security
04
Test whether encryption and integrity protection for communications between vehicle/cloud and inter-vehicle components are sufficient.
TLS configuration & certificate validation
In-vehicle bus message integrity
OTA channel encryption
V2X message signature verification
05
Conduct protocol-level security testing on CAN/CAN-FD/LIN/Automotive Ethernet to identify bus injection, replay, and DoS risks.
CAN message injection & replay
DoIP diagnostic access verification
SOME/IP service security
Bus DoS & fuzzing
06
Cover attack surface verification for Bluetooth key, Wi-Fi hotspot, GNSS positioning, and V2X communication entries.
Bluetooth key relay & replay
Wi-Fi hotspot & service exposure
GNSS spoofing & jamming
V2X abnormal message verification
07
Conduct reverse analysis, communication security testing, and privacy compliance detection on vehicle control apps, covering data collection and permission usage.
APP reverse & hardcode detection
Privacy policy vs. actual collection
Out-of-scope permission detection
Data transmission & local storage security
08
Deep security analysis of ECU firmware, IVI system images, and hardware debug interfaces to identify backdoors and vulnerabilities.
Firmware reverse & sensitive info extraction
Debug port (JTAG/UART) verification
USB malicious file & media parsing
Binary vulnerability & backdoor detection
09
Cover OTA update full-process security testing and automotive data security compliance verification, supporting GB 44496 and GB/T 44464.
OTA package tampering & replay verification
Update integrity signature verification
Data classification & grading compliance
Personal information & cross-border data
12 high-frequency test scenarios distilled from real attack paths, directly reusable for regulatory testing and R&D validation
Verify whether vehicle control APIs (remote start, AC control) can be called without authorization, covering authentication, rate limiting, and command validation.
Simulate MITM tampering of OTA packages or replay of historical update requests, verifying signature verification, rollback prevention, and integrity protection.
Inject abnormal CAN messages via OBD or bus interface, verifying whether the vehicle validates source and filters exceptions for critical control commands.
Verify whether DoIP diagnostic protocol authentication, session management, and address filtering can be bypassed, assessing diagnostic interface exposure risk.
Simulate Bluetooth relay attacks and signal replay, verifying digital key system distance determination, anti-relay, and session validity mechanisms.
Scan vehicle Wi-Fi hotspot open ports and exposed services, verifying unauthorized access or default credential risks.
Deliver malicious files and abnormal media via USB, verifying IVI system file parsing security and autorun protection.
Simulate GNSS signal spoofing, assessing positioning deviation impact on navigation, trajectory recording, and location-based services.
Inject abnormal V2X messages (BSM/SPaT/MAP), verifying V2X module message validation, filtering, and fault tolerance for abnormal inputs.
Extract keys, certificates, and hardcoded credentials from ECU and IVI firmware, verifying whether JTAG/UART debug ports are effectively disabled or hardened.
Dynamically monitor vehicle control app background data collection behavior, comparing with privacy policy statements to identify out-of-scope collection.
Combine multiple vulnerabilities into complete attack chains, progressively penetrating from external entry to vehicle control permissions, verifying defense-in-depth and detection response.
8-step standardized testing process ensuring every test is plannable, executable, traceable, and retestable
Define test scope, target vehicle, regulatory basis, and acceptance criteria. Assemble testing team and resources.
Decompose regulatory clauses into testable requirements, mapping to specific test cases in the library, generating test matrix.
Set up vehicle bench or real vehicle test environment, connect bus simulation, wireless testing, and tool chain, complete environment verification.
Execute asset identification and attack surface enumeration, establish test object baseline profile, identify obvious risks.
Execute standard test cases across nine capability domains, recording results, raw logs, and process screenshots.
Conduct in-depth attack verification on identified risks, reproduce vulnerabilities, and assess actual impact.
Log discovered issues into defect library, track remediation progress, verify fix effectiveness.
Conduct regression retesting on remediated versions, generate compliance test reports and evidence packages, archive to evidence center.
Complete delivery package from planning to operations, ensuring the lab can operate independently and iterate continuously
Lab positioning, capability planning, site layout, staffing, and construction roadmap.
Test equipment list, tool capability matrix, integration solution, and procurement recommendations.
Correspondence between regulatory standards and test cases, supporting compliance coverage analysis.
300+ executable test cases covering nine capability domains, supporting parameterization and scenarios.
12 high-frequency attack scenario test scripts with steps, tools, and expected results.
Standardized testing execution process, evidence collection specifications, and archiving templates.
Compliance test report templates for GB 44495/44496, UN R155/R156.
Defect fix verification and regression retest report templates, supporting closure management.
Operation manuals, training courseware, and handover documentation ensuring team can independently undertake testing.
Lab daily operations, test case library updates, tool upgrades, and regulatory tracking mechanisms.
AutoSec Lab is not an isolated testing tool, but the verification foundation of Callisto's automotive security product ecosystem
Receives risk events discovered in testing and operational closure, converting test results into continuous monitoring rules.
Provides threat intelligence, vulnerability intelligence, and attack scenario updates, driving test case library evolution.
Supports USB malicious file, vehicle virus protection, and malware detection test verification.
Supports threat modeling and risk analysis, providing input for test prioritization.
Supports data security and compliance test report generation, linking to regulatory clause mapping.
Supports test data analysis, report generation, and risk insights, improving testing efficiency.
AutoSec Lab targets OEM cybersecurity labs, R&D validation centers, testing and certification institutions, automotive security testing labs, Tier1 security testing teams, as well as connected vehicle, cockpit, T-BOX, OTA platform teams, and regulatory compliance and export certification teams. Whether building a lab from scratch or supplementing existing testing capabilities, this solution enables rapid construction of systematic vehicle security testing capabilities.
Traditional testing services are typically project-based one-time deliveries that end when testing concludes. AutoSec Lab delivers a "capability system" — including standards library, test case library, tool chain, management platform, evidence center, and remediation closure mechanism. Customers can continuously conduct testing independently based on this system, supporting production iteration and regulatory updates, rather than relying on external vendors each time.
Yes. AutoSec Lab has built-in standard clause mapping matrices for GB 44495—2024 (Vehicle Cybersecurity Technical Requirements) and GB 44496—2024 (Vehicle Software Update General Technical Requirements). Test cases correspond one-to-one with regulatory clauses, directly generating compliance test reports and evidence packages for type approval.
Yes. AutoSec Lab's standards library covers UN R155 (Cybersecurity Management) and UN R156 (Software Update Management). Test cases support CSMS and SUMS framework requirements, helping OEMs complete certification testing for EU, Japan, South Korea, and other markets, generating evidence materials that meet certification body requirements.
Yes. AutoSec Lab supports modular construction. Customers can choose which capability domains to build first based on priority. We typically recommend building "Asset Identification + Attack Surface Enumeration + In-Vehicle Network Testing + OTA Compliance Testing" as foundational capabilities first, then gradually expanding to wireless, mobile, firmware/hardware, and penetration testing. Callisto provides a phased construction roadmap.
Callisto maintains a dedicated regulatory tracking team that continuously monitors domestic and international automotive cybersecurity regulatory developments. When new regulations are published or existing ones revised, the standards library is updated with clause mappings, and corresponding test cases are added or adjusted in the test case library. These are synchronized to customer labs through the operations upgrade mechanism, ensuring testing capabilities always cover the latest regulatory requirements.
Risk events, attack paths, and detection rules discovered during AutoSec Lab testing can be synchronized to the S3-VSOC Security Operations Center, converting into continuous monitoring rules for vehicles. This way, issues verified in the lab are also detected and responded to in real-time during production vehicle operations, forming a complete "testing-operations-retesting" closed loop.
It depends on construction scope and existing foundations. Basic capability domains (4 domains + management platform) typically take 3-4 months to build with initial testing capability. Full nine-domain construction typically takes 6-9 months. Callisto provides a phased delivery plan with clear milestones and acceptance criteria for each phase, ensuring a controllable and visible construction process.
From standard test cases to evidence closure, AutoSec Lab helps you build executable, auditable, and reusable vehicle security testing capabilities.