Abstract
More and more functionality that demands remote access on a vehicle is integrated into modern cars. Fleet management, infotainment, updates-over-the-air and the upcoming functionality for autonomous driving need gateways that enable a car-2-x communication. Misuse is a threat. Consequently, security mechanisms play an increasing important role. But how can we show and prove the effectiveness of these security functions?
Therefore, in this paper we will show an approach to test security aspects, based on virtual instrumentation. The approach is to use a framework that executes the application under development on a virtual model of the target micro controller. An interception library generates scenarios systematically, whereas the effects on registers and memory are monitored. We are intercepting the running software at vulnerable functions and variables to detect potential malfunctions. This will detect security vulnerabilities of all internal failure even if no malicious behavior at the interfaces occur.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kramer, J., Hillenbrand, M., Müller-Glaser, K.D., Sax, E.: Connected efficiency–a paradigm to evaluate energy efficiency in tactical vehicle-environments. In: Bargende, M., Reuss, H.C., Wiedemann, J. (eds.) 16. Internationales Stuttgarter Symposium. Proceedings, pp. 1451–1463. Springer, Wiesbaden (2016). doi:10.1007/978-3-658-13255-2_107
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy, pp. 447–462 (2010)
Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USINEX Security Symposium (2011)
Bayer, S., Enderle, T., Oka, D.-K., Wolf, M.: Automotive security testing—the digital crash test. In: Langheim, J. (ed.) Energy Consumption and Autonomous Driving. LNM, pp. 13–22. Springer, Cham (2016). doi:10.1007/978-3-319-19818-7_2
Knechtel, H.: Methoden zur Umsetzung von Datensicherheit und Datenschutz im vernetzten Steuergerät. ATZ Elektronik 10(1), 26–31 (2015)
Spillner, A., Linz, T.: Basiswissen Softwaretest: Aus- und Weiterbildung zum Certified Tester; Foundation Level nach ISTQB-Standard, 4th edn. dpunkt.verlag (2010)
Radzkewycz, T.: Automotive networks can benefit from security. In: Connected Vehicle Journal: Designing for Next-Generation Connected and Autonomous Vehicles (2016)
Wheatley, M.: Known vulnerabilities cause 44 percent of all data breaches. http://siliconangle.com/blog/2016/01/12/known-vulnerabilities-cause-44-percent-of-all-data-breaches/. Accessed 31 Oct 2016
Symantec Corporation: Internet Security Threat Report. 2013 Trends, vol. 19 (2014)
MITRE Corporation: Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 31 Oct 2016
MITRE Corporation: Common Weakness Enumeration (CWE). https://cwe.mitre.org/. Accessed 31 Oct 2016
Foster, J.C., Osipov, V., Bhalla, N.: Buffer Overflow Attacks: Detect, Exploit, Prevent. Syngress Publishing Inc., Rockland (2005)
Imperas Software Limited: Open Virtual Platforms: The source of Fast Processor Models & Platforms. http://www.ovpworld.org/. Accessed 15 Dec 2016
Werner, S., et al.: Cloud-based design and virtual prototyping environment for embedded systems. Int. J. Online Eng. (IJOE) 12(9), 52–60 (2016)
Werner, S., Lauber, A., Becker, J., Sax, E.: Cloud-based remote virtual prototyping platform for embedded control applications: cloud-based infrastructure for large-scale embedded hardware-related programming laboratories. In: Proceedings of 2016 13th International Conference on Remote Engineering and Virtual Instrumentation (REV). IEEE (2016)
Imperas Software Limited: Imperas Binary Interception Technology: User Guide, no. V1.5.3 (2016)
Acknowledgement
This publication was written in the framework of the Profilregion Mobilitätssysteme Karlsruhe, which is funded by the Ministry of Science, Research and the Arts in Baden-Württemberg.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Lauber, A., Sax, E. (2018). Testing Security of Embedded Software Through Virtual Processor Instrumentation. In: Auer, M., Zutin, D. (eds) Online Engineering & Internet of Things. Lecture Notes in Networks and Systems, vol 22. Springer, Cham. https://doi.org/10.1007/978-3-319-64352-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-64352-6_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64351-9
Online ISBN: 978-3-319-64352-6
eBook Packages: EngineeringEngineering (R0)