國立虎尾科技大學 |

Security Enhancement of Vehicle Software Systems.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Security Enhancement of Vehicle Software Systems./
Author:	Moukahal, Lama J. .
Published:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
Description:	219 p.
Notes:	Source: Dissertations Abstracts International, Volume: 83-10, Section: B.
Contained By:	Dissertations Abstracts International83-10B.
Subject:	Global positioning systems--GPS. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29005963
ISBN:	9798209916796

Security Enhancement of Vehicle Software Systems.
Moukahal, Lama J. .

Security Enhancement of Vehicle Software Systems. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 219 p.

Source: Dissertations Abstracts International, Volume: 83-10, Section: B.

Thesis (Ph.D.)--Queen's University (Canada), 2021.

This item must not be sold to any third party vendors.

In an era of connectivity and automation, the vehicle industry is adopting various technologies to transfer driver-centric vehicles to intelligent mechanical devices driven by software components. However, software integration and network connectivity inherit numerous security issues. This thesis offers methods and tools that collaboratively enhance vehicle software security, making vehicles more resilient to cyber incidents. The uniqueness of Connected Autonomous Vehicles (CAVs) invites challenges for Vehicle Software Engineering (VSE) that render traditional software development models and practical solutions less effective for automotive software development. This research presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. We also introduce novel security enhancement techniques to be employed during the SVSE lifecycle. We propose security vulnerability metrics tailored to identify complexity within vehicle software systems that open the door for malicious behavior. These metrics are utilized with grey-box fuzzing to offer a vulnerability-oriented fuzz testing (VulFuzz) framework explicitly designed to address vehicle security testing challenges. Using the vulnerability scores, VulFuzz systematically directs and prioritizes the fuzz testing toward the most vulnerable components. Depending on the component under test, fuzz testing may not be sufficient to assure a reliable system. Fuzz testing blindness prevents it from exploring the deep paths of the system, which is critical to evaluate for safety-critical components. As a result, we present a hybrid fuzz testing framework (VulFuzz++) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz++ utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. While security testing can identify many vulnerabilities and enhance security, vehicles’ resilience against attacks might change during their operational lifespan. We introduce a security decay assessment framework that monitors vehicles’ security risks and recognizes security failure. We have implemented and evaluated the security enhancement techniques on OpenPilot, an automotive Autopilot system. The results show the effectiveness of the proposed techniques in strengthening vehicles’ resilience by identifying vulnerabilities at an early stage.

ISBN: 9798209916796Subjects--Topical Terms:

1372831
Global positioning systems--GPS.

Security Enhancement of Vehicle Software Systems.
LDR:03739nam a2200397 4500 001 1067291
005 20220823142339.5
008 221020s2021 ||||||||||||||||| ||eng d
020 $a 9798209916796
035 $a (MiAaPQ)AAI29005963
035 $a (MiAaPQ)QueensUCan_197429846
035 $a AAI29005963
040 $a MiAaPQ $c MiAaPQ
100 1 $a Moukahal, Lama J. . $3 1372830
245 1 0 $a Security Enhancement of Vehicle Software Systems.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 219 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-10, Section: B.
500 $a Advisor: Zulkernine, Mohammad.
502 $a Thesis (Ph.D.)--Queen's University (Canada), 2021.
506 $a This item must not be sold to any third party vendors.
520 $a In an era of connectivity and automation, the vehicle industry is adopting various technologies to transfer driver-centric vehicles to intelligent mechanical devices driven by software components. However, software integration and network connectivity inherit numerous security issues. This thesis offers methods and tools that collaboratively enhance vehicle software security, making vehicles more resilient to cyber incidents. The uniqueness of Connected Autonomous Vehicles (CAVs) invites challenges for Vehicle Software Engineering (VSE) that render traditional software development models and practical solutions less effective for automotive software development. This research presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. We also introduce novel security enhancement techniques to be employed during the SVSE lifecycle. We propose security vulnerability metrics tailored to identify complexity within vehicle software systems that open the door for malicious behavior. These metrics are utilized with grey-box fuzzing to offer a vulnerability-oriented fuzz testing (VulFuzz) framework explicitly designed to address vehicle security testing challenges. Using the vulnerability scores, VulFuzz systematically directs and prioritizes the fuzz testing toward the most vulnerable components. Depending on the component under test, fuzz testing may not be sufficient to assure a reliable system. Fuzz testing blindness prevents it from exploring the deep paths of the system, which is critical to evaluate for safety-critical components. As a result, we present a hybrid fuzz testing framework (VulFuzz++) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz++ utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. While security testing can identify many vulnerabilities and enhance security, vehicles’ resilience against attacks might change during their operational lifespan. We introduce a security decay assessment framework that monitors vehicles’ security risks and recognizes security failure. We have implemented and evaluated the security enhancement techniques on OpenPilot, an automotive Autopilot system. The results show the effectiveness of the proposed techniques in strengthening vehicles’ resilience by identifying vulnerabilities at an early stage.
590 $a School code: 0283.
650 4 $a Global positioning systems--GPS. $3 1372831
650 4 $a Standards. $3 1372832
650 4 $a Software reliability. $3 1372833
650 4 $a Open systems. $3 1372834
650 4 $a Security management. $3 1372835
650 4 $a Communication. $3 556422
650 4 $a ISO standards. $3 1372836
650 4 $a Computer security. $3 557122
650 4 $a Mutation. $3 893992
650 4 $a Traffic accidents & safety. $3 1372837
650 4 $a Autonomous vehicles. $3 981632
650 4 $a Sensors. $3 1003702
650 4 $a Internet of Things. $3 1048478
650 4 $a Design. $3 595500
650 4 $a International organizations. $3 960237
650 4 $a Co authorship. $3 1372838
650 4 $a Ablation. $3 1372839
650 4 $a Software engineering. $3 562952
650 4 $a Engineers. $3 573913
650 4 $a Computer science. $3 573171
650 4 $a Engineering. $3 561152
650 4 $a Information technology. $3 559429
650 4 $a Transportation. $3 558117
690 $a 0389
690 $a 0459
690 $a 0984
690 $a 0537
690 $a 0489
690 $a 0510
690 $a 0629
690 $a 0454
690 $a 0709
710 2 $a Queen's University (Canada). $3 1148613
773 0 $t Dissertations Abstracts International $g 83-10B.
790 $a 0283
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29005963