Visible to the public Security Vulnerability Metrics for Connected Vehicles

TitleSecurity Vulnerability Metrics for Connected Vehicles
Publication TypeConference Paper
Year of Publication2019
AuthorsMoukahal, Lama, Zulkernine, Mohammad
Conference Name2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C)
PublisherIEEE
ISBN Number978-1-7281-3925-8
Keywordsautomobiles, Automotive engineering, Autopilot feature, complex software functionalities, connected vehicles, Couplings, Measurement, Measurement and Metrics Texting, Metrics, metrics testing, OpenPilot, program testing, pubcrawl, security, security metrics, security of data, security testing, security vulnerabilities, security vulnerability metrics, software engineering, software integration, Software systems, software testers, vehicle manufacturers, vehicle software system, vulnerability predication, vulnerable function assessment
Abstract

Software integration in modern vehicles is continuously expanding. This is due to the fact that vehicle manufacturers are always trying to enhance and add more innovative and competitive features that may rely on complex software functionalities. However, these features come at a cost. They amplify the security vulnerabilities in vehicles and lead to more security issues in today's automobiles. As a result, the need for identifying vulnerable components in a vehicle software system has become crucial. Security experts need to know which components of the vehicle software system can be exploited for attacks and should focus their testing and inspection efforts on it. Nevertheless, it is a challenging and costly task to identify these weak components in a vehicle's system. In this paper, we propose some security vulnerability metrics for connected vehicles that aim to assist software testers during the development life-cycle in order to identify the frail links that put the vehicle at highsecurity risks. Vulnerable function assessment can give software testers a good idea about which components in a connected vehicle need to be prioritized in order to mitigate the risk and hence secure the vehicle. The proposed metrics were applied to OpenPilot - a software that provides Autopilot feature - and has been integrated with 48 different vehicles.. The application shows how the defined metrics can be effectively used to quantitatively measure the vulnerabilities of a vehicle software system.

URLhttps://ieeexplore.ieee.org/document/8859489
DOI10.1109/QRS-C.2019.00017
Citation Keymoukahal_security_2019