Abstract
There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.
Original language | English |
---|---|
Title of host publication | Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019 |
Publisher | IEEE Computer Society |
Number of pages | 8 |
ISBN (Electronic) | 9781728139258 |
ISBN (Print) | 9781728139265 |
DOIs | |
Publication status | Published - 7 Oct 2019 |
Event | IEEE International Conference on Software Quality, Reliability and Security Companion - Sofia, Bulgaria Duration: 22 Jul 2019 → 26 Jul 2019 Conference number: 19th |
Conference
Conference | IEEE International Conference on Software Quality, Reliability and Security Companion |
---|---|
Abbreviated title | QRS Companion 2019 |
Country/Territory | Bulgaria |
City | Sofia |
Period | 22/07/19 → 26/07/19 |
Bibliographical note
2019 IEEE. Personal use of this material is permitted. Permission from IEEE mustbe obtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes,
creating new collective works, for resale or redistribution to servers or lists, or
reuse of any copyrighted component of this work in other works.
Keywords
- SAE J3061
- automotive engineering
- black-box testing
- controller area network
- cybersecurity testing
- dynamic software testing
- embedded systems
- fuzz testing
- system security
ASJC Scopus subject areas
- Safety, Risk, Reliability and Quality
- Law
- Artificial Intelligence
- Computer Networks and Communications
- Software