| Title | A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Fowler, Daniel S., Bryans, Jeremy, Cheah, Madeline, Wooderson, Paul, Shaikh, Siraj A. |
| Conference Name | 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C) |
| Keywords | automobiles, automotive cybersecurity tests, automotive electronics, Automotive engineering, automotive engineers, automotive field, automotive security tooling, black-box fuzz testing, black-box testing, CAN fuzz testing example, connected car systems, controller area network, controller area network fuzz testing, controller area network security, controller area networks, Cyber-physical systems, cybersecurity testing, dynamic security test, dynamic software testing, Embedded systems, Fuzz Testing, fuzzing, Internet of Things, laboratory vehicle, program debugging, program testing, Protocols, Prototypes, pubcrawl, Resiliency, SAE J3061, secure-by-design, security, security of data, Software, system security |
| Abstract | There is a need for new tools and techniques to aid automotive engineers performing cybersecurity testing on connected car systems. This is in order to support the principle of secure-by-design. Our research has produced a method to construct useful automotive security tooling and tests. It has been used to implement Controller Area Network (CAN) fuzz testing (a dynamic security test) via a prototype CAN fuzzer. The black-box fuzz testing of a laboratory vehicle's display ECU demonstrates the value of a fuzzer in the automotive field, revealing bugs in the ECU software, and weaknesses in the vehicle's systems design. |
| DOI | 10.1109/QRS-C.2019.00015 |
| Citation Key | fowler_method_2019 |
A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example