| Title | Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Li, Yuekang, Chen, Hongxu, Zhang, Cen, Xiong, Siyang, Liu, Chaoyi, Wang, Yi |
| Conference Name | 2020 27th Asia-Pacific Software Engineering Conference (APSEC) |
| Keywords | automotive, Automotive engineering, Collaboration, composability, Ethernet, fuzzing, ip privacy, policy-based governance, Protocols, pubcrawl, resilience, Resiliency, security, software engineering, SOME/IP, Testing |
| Abstract | With the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and capability, SOME/IP is getting adopted by more and more automotive devices. Subsequently, the security of SOME/IP applications becomes crucial. However, previous security testing techniques cannot fit the scenario of vulnerability detection SOME/IP applications due to miscellaneous challenges such as the difficulty of server-side testing programs in parallel, etc. By addressing these challenges, we propose Ori - a greybox fuzzer for SOME/IP applications, which features two key innovations: the attach fuzzing mode and structural mutation. The attach fuzzing mode enables Ori to test server programs efficiently, and the structural mutation allows Ori to generate valid SOME/IP packets to reach deep paths of the target program effectively. Our evaluation shows that Ori can detect vulnerabilities in SOME/IP applications effectively and efficiently. |
| DOI | 10.1109/APSEC51365.2020.00063 |
| Citation Key | li_ori_2020 |
Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet