A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example

Daniel S. Fowler, Jeremy Bryans, Madeline Cheah, Paul Wooderson, Siraj Shaikh

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    35 Citations (Scopus)
    1181 Downloads (Pure)

    Abstract

    There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.
    Original languageEnglish
    Title of host publicationProceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019
    PublisherIEEE Computer Society
    Number of pages8
    ISBN (Electronic)9781728139258
    ISBN (Print)9781728139265
    DOIs
    Publication statusPublished - 7 Oct 2019
    EventIEEE International Conference on Software Quality, Reliability and Security Companion - Sofia, Bulgaria
    Duration: 22 Jul 201926 Jul 2019
    Conference number: 19th

    Conference

    ConferenceIEEE International Conference on Software Quality, Reliability and Security Companion
    Abbreviated titleQRS Companion 2019
    Country/TerritoryBulgaria
    CitySofia
    Period22/07/1926/07/19

    Bibliographical note

    2019 IEEE. Personal use of this material is permitted. Permission from IEEE must
    be obtained for all other uses, in any current or future media, including
    reprinting/republishing this material for advertising or promotional purposes,
    creating new collective works, for resale or redistribution to servers or lists, or
    reuse of any copyrighted component of this work in other works.

    Keywords

    • SAE J3061
    • automotive engineering
    • black-box testing
    • controller area network
    • cybersecurity testing
    • dynamic software testing
    • embedded systems
    • fuzz testing
    • system security

    ASJC Scopus subject areas

    • Safety, Risk, Reliability and Quality
    • Law
    • Artificial Intelligence
    • Computer Networks and Communications
    • Software

    Fingerprint

    Dive into the research topics of 'A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example'. Together they form a unique fingerprint.

    Cite this