A Fuzz Testing Methodology for Cyber-security Assurance of the Automotive CAN Bus

  • Daniel S. Fowler

Student thesis: Doctoral ThesisDoctor of Philosophy

Abstract

The cyber-physical vehicle is one of the underpinnings of modern society, however, if a vehicle’s design is faulty it carries a risk of injury to the occupants and the public. It has been demonstrated that intelligent agents can penetrate connected cars via cyber attacks and cause an unsafe state. The possibility of a cyber attack means that cyber-security testing should be performed to maintain assurance in vehicle systems. However, vehicle cyber-security testing methods are immature.

Fuzz testing is a dynamic testing method for software-based systems. Automotive industry guidelines regard it as a component in the security testing process of cyber-physical systems. The hypothesis is that fuzz testing can be used over a system’s lifecycle as part of the design and maintenance process for cyber-security. However, there are few evidential results on the application of fuzz testing to the automotive field. This applied research provides one of, if not the first, detailed contribution on fuzz testing automotive systems.

A tool to performing vehicle fuzz testing, called a fuzzer, was constructed using an iterative methodology to enable experimental observations on automotive systems and components. Using the dedicated fuzzer empirical results were gathered. The target for the fuzz testing was a lab vehicle’s Electronic Control Units, accessed via a common intra-vehicular communications bus, the Controller Area Network. The results demonstrate that fuzz testing is indeed beneficial to the design of vehicle systems and can contribute to system assurance. Furthermore, the construction of the fuzzer and its application to vehicle systems has contributed a method for the development of additional security tests for the automotive field. However, the technology within a vehicle system is a challenge for cyber-security testing, this includes the cyber-physical aspects of a car and the symbiotic interaction of a vehicle’s computational elements. There remains significant research work required before fuzz testing becomes commonly integrated into test procedures for all the systems within connected cars.
Date of AwardNov 2019
Original languageEnglish
Awarding Institution
  • Coventry University
SupervisorJeremy Bryans (Supervisor) & Siraj Shaikh (Supervisor)

Cite this

'