KASTEL Mobility Lab: Secure Software and Systems Development

The Mobility Lab aims at developing robust, secure, and legally compliant software systems for the next generation of connected and autonomous vehicles. As the complexity of mobility systems grows, so does the potential attack surface — making cybersecurity a critical priority across the entire automotive software lifecycle.
Our research at the Karlsruhe Institute of Technology (KIT) focuses on dedicated design and development methods tailored to the specific needs of automotive applications. These include early-stage security-by-design principles, advanced architectural analysis, automated code analysis, and domain-aware test generation. By addressing vulnerabilities from the ground up, we aim to create software that is not only functional but also resilient against emerging threats. The Mobility Lab brings together interdisciplinary expertise in automotive software engineering, IT security law, and mobility systems to ensure that technical development aligns with evolving legal and regulatory requirements. This includes frameworks for secure requirements management, information flow control, and architecture-based risk assessment. Through close integration of research activities — from requirement engineering to testing — the lab supports a seamless and secure development process for future mobility platforms. The outcomes contribute to areas such as secure EV charging infrastructures and privacy-preserving mobility services. By combining innovation with legal awareness, the Mobility Lab is helping shape a safer digital future for transportation.
Learn more about the results, publications, and collaborative tools by exploring the individual contributions below.

Modular Threat Analysis and Risk Assessment in Vehicle Supply Chains

Modeling the legal framework for IT-Security in the mobility domain

Information Flow Control by-Construction for Component-based Systems

Demonstrator: ArchFlow

ArchFlow is a tool which supports designing component-based systems with strong confidentiality guarantees. In the tool, a user can define hierarchical component-based models. The individual components in the model are then equipped with an information flow specification, and when components are composed either by delegation or assembly the compatibility of the specifications are checked in the tool. If there are no errors raised by the tool, then the composition will not lead to an information leak. The tool also supports generating Java code, and will, based on the component model, generate corresponding interfaces, classes and method stubs. The functionality of the methods can then be implemented using tool support for information flow control by-constructions (IFbC).

Collaborative Legal Assessments and Confidentiality Analysis Under Uncertainty

Demonstrator: An Interconnected Mobility System

Modern mobility systems are highly interconnected and rely heavily on the exchange of potentially sensitive data. Assessing legal compliance, particularly in terms of data protection, and ensuring data confidentiality in such cyber-physical systems is challenging due to the inherent openness and uncertainty of both the system and its environment. The demonstrator illustrates that even a significantly reduced context, reflected by changes in vehicle types, infrastructure, server locations, or weather conditions, can create scenarios in which legal compliance or data confidentiality is violated. Because of uncertainties in the legal framework, system structure, and environmental conditions, the shown scenario comprises over 200 distinct states, each involving different data processing and flows.
To consider the impact of uncertainty and allow for continuous collaborative assessment of legal compliance already during the system design, the shown approaches use a scalable uncertainty-aware data flow analysis that utilizes the software architecture models to analyze the system’s legal compliance and confidentiality.

Vulnerability Discovery for Highly-Configurable Software Systems

Demonstrator: Vari-Joern

Vari-Joern is an analysis platform aimed at vulnerability discovery in high-configurable software systems. It is built around the off-the-shelf static code analysis tool Joern and offers two analysis strategies. The product-based strategy reads the system's feature model, samples configurations (i.e., specifications of software variants) using either t-wise interaction or uniform random sampling, composes the sampled configurations into actual variants, and analyzes the individual variants using Joern. The family-based strategy, on the other hand, transforms variable C code (i.e., C containing preprocessor conditionals) into plain C using so-called variability encoding and analyzes the transformed code (typically referred to as the product simulator) using Joern.
The screencast shows an analysis run of axTLS (a medium-sized variable C system realizing an SSL library) using the family-based analysis strategy. The resulting JSON report file lists a total of 119 warnings raised during the analysis of axTLS code, along with useful information such as presence conditions (i.e., features of the configurable system that need to be selected for a particular issue to arise).

Towards Architectural Pen Test Case Generation and Attack Surface Analysis to Support Secure Design