By Dr. Dennis Kengo Oka
Principal Automotive Security Strategist, Synopsys
The rapid development of more advanced technologies and complex software solutions has transformed the automotive industry. A typical modern vehicle contains more than 100 million lines of code, and there are millions of connected and autonomous vehicles being rolled out in the next decade. More vehicles on the roads, with more complex software, more connectivity interfaces, and more critical and sensitive in vehicles, lead to these vehicles becoming increasingly more lucrative targets for cyber attackers. To combat cybersecurity risks in vehicles, the automotive industry has diligently worked on several standards such as ISO/SAE 21434 Cybersecurity Engineering [1] and Automotive SPICE for Cybersecurity [2]. These standards provide requirements on performing validation of the developed component where penetration testing is mentioned. Moreover, fuzz testing is mentioned as
a recommended test approach. Previous research has also shown that fuzz testing results can be used as input to allow for more effective penetration testing [3].
One common challenge with fuzz testing of advanced automotive systems, such as infotainment systems, connectivity units, and digital cockpits, is to be able to properly monitor the target system for exceptions, which can then be further analyzed to identify vulnerabilities. Often in-band instrumentation is used to monitor the target system, i.e., the same protocol being fuzzed is used for instrumentation. For example, using valid-case instrumentation, where a correct valid message is sent to the....
Author
Latest Articles
