Automated Fuzzing of Automotive Control Units

Werquin, Timothy; Hubrechtsen, Mathijs; Thangarajan, Ashok Samraj; Piessens, Frank; Mühlberg, Jan Tobias

doi:10.1109/siot48044.2019.9637090

Cited by 6 publications

(2 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The security properties of the ECU were also tested by fuzzy data injection of the display ECU [ 47 ]. Werquin et al [ 48 ] developed a sensor harness to facilitate automated detection of the system’s behavior, which has significant advantages over previous manual testing approaches. Furthermore, the method has been integrated into the open-source security testing tool CaringCaribou.…”

Section: Automotive Cybersecurity Testing Methodsmentioning

confidence: 99%

Cybersecurity Testing for Automotive Domain: A Survey

Luo

Zhang

Yang

et al. 2022

Sensors

View full text Add to dashboard Cite

Modern vehicles are more complex and interconnected than ever before, which also means that attack surfaces for vehicles have increased significantly. Malicious cyberattacks will not only exploit personal privacy and property, but also affect the functional safety of electrical/electronic (E/E) safety-critical systems by controlling the driving functionality, which is life-threatening. Therefore, it is necessary to conduct cybersecurity testing on vehicles to reveal and address relevant security threats and vulnerabilities. Cybersecurity standards and regulations issued in recent years, such as ISO/SAE 21434 and UNECE WP.29 regulations (R155 and R156), also emphasize the indispensability of cybersecurity verification and validation in the development lifecycle but lack specific technical details. Thus, this paper conducts a systematic and comprehensive review of the research and practice in the field of automotive cybersecurity testing, which can provide reference and advice for automotive security researchers and testers. We classify and discuss the security testing methods and testbeds in automotive engineering. Furthermore, we identify gaps and limitations in existing research and point out future challenges.

show abstract

Section: Automotive Cybersecurity Testing Methodsmentioning

confidence: 99%

Cybersecurity Testing for Automotive Domain: A Survey

Luo

Zhang

Yang

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…By subjecting the system to such inputs, fuzz testing aims to identify potential security weaknesses, such as buffer overflows or input validation errors [158][159][160][161]. Fuzz testing can be automated and significantly enhances the security of automotive systems by identifying and fixing software vulnerabilities [162][163][164][165].…”

Section: Fuzz Testingmentioning

confidence: 99%

Formal Methods and Validation Techniques for Ensuring Automotive Systems Security

Krichen

2023

Information

View full text Add to dashboard Cite

The increasing complexity and connectivity of automotive systems have raised concerns about their vulnerability to security breaches. As a result, the integration of formal methods and validation techniques has become crucial in ensuring the security of automotive systems. This survey research paper aims to provide a comprehensive overview of the current state-of-the-art formal methods and validation techniques employed in the automotive industry for system security. The paper begins by discussing the challenges associated with automotive system security and the potential consequences of security breaches. Then, it explores various formal methods, such as model checking, theorem proving, and abstract interpretation, which have been widely used to analyze and verify the security properties of automotive systems. Additionally, the survey highlights the validation techniques employed to ensure the effectiveness of security measures, including penetration testing, fault injection, and fuzz testing. Furthermore, the paper examines the integration of formal methods and validation techniques within the automotive development lifecycle, including requirements engineering, design, implementation, and testing phases. It discusses the benefits and limitations of these approaches, considering factors such as scalability, efficiency, and applicability to real-world automotive systems. Through an extensive review of relevant literature and case studies, this survey provides insights into the current research trends, challenges, and open research questions in the field of formal methods and validation techniques for automotive system security. The findings of this survey can serve as a valuable resource for researchers, practitioners, and policymakers involved in the design, development, and evaluation of secure automotive systems.

show abstract