The SHORT project, funded under the grant number 16KIS0965K, ran for 42 months from 1 April 2019 to 30 September 2022. It was coordinated by iSyst Intelligente Systeme GmbH, a German engineering firm that also led the overall project coordination and the development of automated security‑testing methods for embedded automotive systems. The consortium included the Technische Hochschule Deggendorf (THD), which supplied cutting‑edge research on AI‑driven fuzzing, and Luxoft GmbH, which provided the test object—a teleoperated vehicle control system (Teleop) that serves as the Device Under Test (DUT). Regular collaboration was maintained through bi‑weekly Microsoft Teams meetings and several in‑person workshops.

Technically, the project focused on integrating security testing into the functional test flow of automotive embedded systems using Hardware‑in‑the‑Loop (HiL) test benches. The core achievement was the incorporation of an AI‑enhanced fuzzer, specifically the BooFuzz tool combined with the cW‑GAN‑GP1 architecture, into the HiL environment. This integration enabled automated generation of test vectors and test cases that target known vulnerabilities from databases such as the Common Vulnerabilities and Exposures (CVE) list. The fuzzer’s output was fed into the HiL system, allowing real‑time evaluation of the DUT’s behavior under cryptographic and network‑based attack scenarios. The approach differed from conventional methods by automating the specification of test cases and the interpretation of results, thereby reducing manual effort and increasing coverage.

The Teleop system itself was designed as a modular, cloud‑based platform for remote control of vehicles and construction machinery. It comprises a client, a server, and a module, all deployed in Docker containers. Communication between these components uses the MQTT protocol for command and control, ZMQ for streaming sensor data, and TCP/UDP/RTP for video transmission. Google Protocol Buffers serialize messages, ensuring efficient data exchange. The HiL test bench was configured to “free‑cut” the DUT, isolating the interfaces relevant for testing: functional integrity of components, resilience of teleoperation under adverse network conditions (latency, packet loss), and cybersecurity aspects such as data protection and secure communication.

Automated evaluation mechanisms were developed to determine pass/fail status of security tests based on the DUT’s runtime behavior. Risk assessment models guided the selection of test scenarios, and the integration of vulnerability databases allowed the system to focus on high‑impact weaknesses. The project also produced a comprehensive development and test process that simultaneously addresses security and functional safety requirements, ensuring that all aspects remain testable throughout the lifecycle.

The demonstrator, built on the Teleop system, validated the integrated tools and methods. It showcased the ability to inject AI‑generated fuzzing inputs into the HiL environment, monitor the DUT’s response, and automatically classify outcomes. While specific performance metrics such as throughput or failure rates were not reported in the final documentation, the successful deployment of the fuzzer and the automated test framework demonstrates a significant step toward secure, efficient testing of automotive embedded systems. The results of the SHORT project provide a foundation for future work in secure automotive development and can be adopted by industry partners seeking to embed security testing into their existing HiL workflows.