查看文章

The cyber-physical vehicle is one of the underpinnings of modern society, however, if a vehicle’s design is faulty it carries a risk of injury to the occupants and the public. It has been demonstrated that intelligent agents can penetrate connected cars via cyber attacks and cause an unsafe state. The possibility of a cyber attack means that cyber-security testing should be performed to maintain assurance in vehicle systems. However, vehicle cyber-security testing methods are immature. Fuzz testing is a dynamic testing method for software-based systems. Automotive industry guidelines regard it as a component in the security testing process of cyber-physical systems. The hypothesis is that fuzz testing can be used over a system’s lifecycle as part of the design and maintenance process for cyber-security. However, there are few evidential results on the application of fuzz testing to the automotive field. This applied research provides one of, if not the first, detailed contribution on fuzz testing automotive systems.

A tool to performing vehicle fuzz testing, called a fuzzer, was constructed using an iterative methodology to enable experimental observations on automotive systems and components. Using the dedicated fuzzer empirical results were gathered. The target for the fuzz testing was a lab vehicle’s Electronic Control Units, accessed via a common intra-vehicular communications bus, the Controller Area Network. The results demonstrate that fuzz testing is indeed beneficial to the design of vehicle systems and can contribute to system assurance. Furthermore, the construction of the fuzzer and its application to vehicle systems has contributed a method …