Domain-Specific Modeling Language for Security Analysis of EV Charging Infrastructure

Electric vehicles (EVs) and their ecosystem have unquestionably made significant technological strides. Indeed, EVs have evolved into sophisticated computer systems with extensive internal and external communication capabilities. This interconnection raises concerns about security, privacy, and the expanding risk of cyber-attacks within the electric vehicle landscape. In particular, the charging infrastructure plays a crucial role in the electric mobility ecosystem. With the proliferation of charging points, new attack vectors are opened up for cybercriminals. The threat landscape targeting charging systems encompasses various types of attacks ranging from physical attacks to data breaches including customer information. In this paper, we aim to leverage the power of model-driven engineering to model and analyze EV charging systems at early stages. We employ domain-specific modeling language (DSML) techniques for the early security modeling and analysis of EV charging infrastructure. We accomplish this by integrating the established EMSA model for electric mobility, which encapsulates all key stakeholders in the ecosystem. To our knowledge, this represents the first instance in the literature of applying DSML within the electric mobility ecosystem, highlighting its innovative nature. Moreover, as our formalization based on DSML is an iterative, continuous, and evolving process, this approach guarantees that our proposed framework adeptly tackles the evolving cyber threats confronting the EV industry. Specifically, we use the Object Constraint Language (OCL) for precise specification and verification of security threats as properties of a modeled system. To validate our framework, we explore a set of representative threats targeting EV charging systems from real-world scenarios. To the best of our knowledge, this is the first attempt to provide a comprehensive security modeling framework for the electric mobility ecosystem.