This work addresses the escalating security challenges in connected vehicle networks by proposing a scalable formal verification approach that integrates formal methods with process mining. By introducing Attack-Resilience Hyperproperties (ARH) and a domain-specific, strongly proactive attacker model, the authors devise a verification orchestration algorithm that systematically identifies and aggregates counterexample traces leading to violations of safety properties, thereby enabling fine-grained attribution from security breaches to compromised components. A prototype implementation based on battery management system data transmission demonstrates the feasibility and effectiveness of the proposed method within realistic automotive architectures.

The automotive domain is transitioning: vehicles act as rolling servers, persistently connected to numerous external entities. This connectivity, combined with rising on-board computing power for advanced driver assistance systems and similar use cases, creates escalating challenges for securing automotive network architectures. This work advances the security analysis of internet-connected automotive network architectures and their protocols. We introduce a strong, active adversary model tailored to the automotive domain. We substantially extend security protocol verification possible based on Attack Resilience Hyperproperties (ARHs) by introducing a verification-orchestration algorithm. Furthermore, we provide methods for comparative attribution of security property invalidations to specific, ne-grained component compromises. We present a novel integration of formal verification and process mining. By utilizing ARH counterexample traces for process mining, we systematically identify and aggregate attacker behavior that causes security property invalidations. This pipeline enables in-depth understanding of root causes and attack paths leading to protocol-security invalidations. We demonstrate real-world applicability through a prototype and case study on the secure transmission of battery management system data within an automotive network architecture.