A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example

Daniel S. Fowler; Jeremy Bryans; Madeline Cheah; Paul Wooderson; Siraj Shaikh

doi:10.1109/QRS-C.2019.00015

A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example

Daniel S. Fowler, Jeremy Bryans, Madeline Cheah, Paul Wooderson, Siraj Shaikh

Institute for Future Transport and Cities

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding

51 Downloads (Pure)

Abstract

There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.

Original language	English
Title of host publication	Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019
Publisher	IEEE Computer Society
Number of pages	8
ISBN (Electronic)	9781728139258
ISBN (Print)	9781728139265
DOIs	https://doi.org/10.1109/QRS-C.2019.00015
Publication status	Published - 7 Oct 2019
Event	IEEE International Conference on Software Quality, Reliability and Security Companion - Sofia, Bulgaria Duration: 22 Jul 2019 → 26 Jul 2019 Conference number: 19th

Conference

Conference	IEEE International Conference on Software Quality, Reliability and Security Companion
Abbreviated title	QRS Companion 2019
Country	Bulgaria
City	Sofia
Period	22/07/19 → 26/07/19

Fingerprint

Black-box testing

Controllers

Testing

Railroad cars

Systems analysis

Display devices

Engineers

Bibliographical note

2019 IEEE. Personal use of this material is permitted. Permission from IEEE must
be obtained for all other uses, in any current or future media, including
reprinting/republishing this material for advertising or promotional purposes,
creating new collective works, for resale or redistribution to servers or lists, or
reuse of any copyrighted component of this work in other works.

Keywords

SAE J3061
automotive engineering
black-box testing
controller area network
cybersecurity testing
dynamic software testing
embedded systems
fuzz testing
system security

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Law
Artificial Intelligence
Computer Networks and Communications
Software

Cite this

Fowler, D. S., Bryans, J., Cheah, M., Wooderson, P., & Shaikh, S. (2019). A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. In Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019 [8859491] IEEE Computer Society. https://doi.org/10.1109/QRS-C.2019.00015

A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. / Fowler, Daniel S.; Bryans, Jeremy; Cheah, Madeline; Wooderson, Paul; Shaikh, Siraj.

Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019. IEEE Computer Society, 2019. 8859491.

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding

Fowler, DS, Bryans, J, Cheah, M, Wooderson, P & Shaikh, S 2019, A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. in Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019., 8859491, IEEE Computer Society, IEEE International Conference on Software Quality, Reliability and Security Companion , Sofia, Bulgaria, 22/07/19. https://doi.org/10.1109/QRS-C.2019.00015

Fowler DS, Bryans J, Cheah M, Wooderson P, Shaikh S. A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. In Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019. IEEE Computer Society. 2019. 8859491 https://doi.org/10.1109/QRS-C.2019.00015

Fowler, Daniel S. ; Bryans, Jeremy ; Cheah, Madeline ; Wooderson, Paul ; Shaikh, Siraj. / A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019. IEEE Computer Society, 2019.

@inproceedings{0f60daddce2e42f2a8cfdb15df22b9ed,

title = "A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example",

abstract = "There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.",

keywords = "SAE J3061, automotive engineering, black-box testing, controller area network, cybersecurity testing, dynamic software testing, embedded systems, fuzz testing, system security",

author = "Fowler, {Daniel S.} and Jeremy Bryans and Madeline Cheah and Paul Wooderson and Siraj Shaikh",

note = "2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.",

year = "2019",

month = "10",

day = "7",

doi = "10.1109/QRS-C.2019.00015",

language = "English",

isbn = "9781728139265",

booktitle = "Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019",

publisher = "IEEE Computer Society",

}

TY - GEN

T1 - A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example

AU - Fowler, Daniel S.

AU - Bryans, Jeremy

AU - Cheah, Madeline

AU - Wooderson, Paul

AU - Shaikh, Siraj

N1 - 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

PY - 2019/10/7

Y1 - 2019/10/7

N2 - There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.

AB - There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design.

KW - SAE J3061

KW - automotive engineering

KW - black-box testing

KW - controller area network

KW - cybersecurity testing

KW - dynamic software testing

KW - embedded systems

KW - fuzz testing

KW - system security

UR - http://www.scopus.com/inward/record.url?scp=85073880711&partnerID=8YFLogxK

U2 - 10.1109/QRS-C.2019.00015

DO - 10.1109/QRS-C.2019.00015

M3 - Conference proceeding

SN - 9781728139265

BT - Proceedings - Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019

PB - IEEE Computer Society

ER -

Access to Document

10.1109/QRS-C.2019.00015

Post-PrintAccepted author manuscript, 1 MB

Link to publication in Scopus