skip to main content
10.1145/3385958.3430480acmconferencesArticle/Chapter ViewAbstractPublication PagescscsConference Proceedingsconference-collections
research-article

Grey-box Analysis and Fuzzing of Automotive Electronic Components via Control-Flow Graph Extraction

Published: 04 December 2020 Publication History

Abstract

Electronic Control Units are embedded systems which control the functionality of a modern vehicle. The growing number of Electronic Control Units in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security.
To this end, we present EffCAN, a tool for ECU firmware fuzzing via Controller Area Network. EffCAN operates on the Control Flow Graph, which we extract from the firmware. The Control Flow Graph is a platform independent representation, which allows us to abstract from the often obscure underlying architecture. The Control Flow Graph is annotated with information about static data comparisons that affect the control flow of the firmware. This information is used to create initial seeds for the fuzzer. It is also used to adapt the input messages in order to cover hard to reach execution paths. We have evaluated EffCAN on three Electronic Control Units, from different manufacturers. The fuzzer was able to crash two of the units. To our knowledge, this is the first approach that uses static analysis to guide the fuzzing of automotive Electronic Control Units.

References

[1]
[n.d.]. Tools for Automotive Repairing. http://www.usprog.ru/index.php/en/news/usp.html
[2]
2000. CDC 32xxG – Car Dashboard Controllers. http://pdf.datasheetcatalog.com/datasheet/MicronasIntermetall/mXvsrxz.pdf
[3]
Dennis Andriesse, Asia Slowinska, and Herbert Bos. 2017. Compiler-agnostic function detection in binaries. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 177–189.
[4]
Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. 2014. BYTEWEIGHT: Learning to Recognize Functions in Binary Code. In 23rd USENIX Security Symposium (USENIX Security 14). 845–860.
[5]
Stephanie Bayer and Alexander Ptok. 2015. Don’t Fuss about Fuzzing: Fuzzing Controllers in Vehicular Networks. (2015).
[6]
David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward J Schwartz. 2011. BAP: A binary analysis platform. In International Conference on Computer Aided Verification. Springer, 463–469.
[7]
Danilo Bruschi, Lorenzo Martignoni, and Mattia Monga. 2006. Detecting self-mutating malware using control-flow graph matching. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 129–143.
[8]
Jan Van den Herrewegen and Flavio D. Garcia. 2018. Beneath the Bonnet: A Breakdown of Diagnostic Security. In 23rd European Symposium on Research in Computer Security (ESORICS 2018), Proceedings, Part I(Lecture Notes in Computer Science, Vol. 11098). Springer, 305–324. https://doi.org/10.1007/978-3-319-99073-6
[9]
Valgrind Developers. 2017. Valgrind supported architectures. http://www.valgrind.org/info/platforms.html
[10]
Alessandro Di Federico, Mathias Payer, and Giovanni Agosta. 2017. rev. ng: a unified binary analysis framework to recover CFGs and function boundaries. In Proceedings of the 26th International Conference on Compiler Construction. 131–141.
[11]
Daniel S Fowler, Jeremy Bryans, and Siraj Shaikh. 2017. Automating fuzz test generation to improve the security of the Controller Area Network. (2017).
[12]
Daniel S Fowler, Jeremy Bryans, Siraj Ahmed Shaikh, and Paul Wooderson. 2018. Fuzz Testing for Automotive Cyber-Security. In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). IEEE, 239–246.
[13]
Flavio D. Garcia, David Oswald, Timo Kasper, and Pierre Pavlidès. 2016. Lock It and Still Lose It - On the (In)Security of Automotive Remote Keyless Entry Systems. In 25nd USENIX Security Symposium (USENIX Security 2016), to appear. USENIX Association.
[14]
Eric Gustafson, Marius Muench, Chad Spensky, Nilo Redini, Aravind Machiry, Yanick Fratantonio, Davide Balzarotti, Aurélien Francillon, Yung Ryn Choe, Christophe Kruegel, 2019. Toward the Analysis of Embedded Firmware through Automated Re-hosting. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019). 135–150.
[15]
Steve Hanna, Ling Huang, Edward Wu, Saung Li, Charles Chen, and Dawn Song. 2012. Juxtapp: A scalable system for detecting code reuse among android applications. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 62–81.
[16]
Christopher Hicks, Flavio D Garcia, and David Oswald. 2018. Dismantling the AUT64 Automotive Cipher. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018), 46–69.
[17]
ISO. 2013. 14229: 2013 – Road Vehicles – Unified diagnostic services (UDS). Standard. International Organization for Standardization.
[18]
Johannes Kinder and Helmut Veith. 2008. Jakstab: A static analysis platform for binaries. In International Conference on Computer Aided Verification. Springer, 423–427.
[19]
Hyeryun Lee, Kyunghee Choi, Kihyun Chung, Jaein Kim, and Kangbin Yim. 2015. Fuzzing can packets into automobiles. In 2015 IEEE 29th International Conference on Advanced Information Networking and Applications. IEEE, 817–821.
[20]
Charlie Miller and Chris Valasek. 2015. Remote Exploitation of an Unaltered Passenger Vehicle. http://illmatics.com/Remote%20Car%20Hacking.pdf
[21]
Marius Muench, Jan Stijohann, Frank Kargl, Aurélien Francillon, and Davide Balzarotti. 2018. What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices. In NDSS.
[22]
Minh Hai Nguyen, Thien Binh Nguyen, Thanh Tho Quan, and Mizuhito Ogawa. 2013. A hybrid approach for control flow graph construction from binary code. In 2013 20th Asia-Pacific Software Engineering Conference (APSEC), Vol. 2. IEEE, 159–164.
[23]
Pranav Patki, Ajey Gotkhindikar, and Sunil Mane. 2018. Intelligent Fuzz Testing Framework for Finding Hidden Vulnerabilities in Automotive Environment. In 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA). IEEE, 1–4.
[24]
Nam H Pham, Tung Thanh Nguyen, Hoan Anh Nguyen, and Tien N Nguyen. 2010. Detection of recurring software vulnerabilities. In Proceedings of the IEEE/ACM international conference on Automated software engineering. ACM, 447–456.
[25]
Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In NDSS, Vol. 17. 1–14.
[26]
Jan Ruge, Jiska Classen, Francesco Gringoli, and Matthias Hollick. 2020. Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets. In 29th USENIX Security Symposium (USENIX Security 20). 19–36.
[27]
Eui Chul Richard Shin, Dawn Song, and Reza Moazzezi. 2015. Recognizing functions in binaries with neural networks. In 24th USENIX Security Symposium (USENIX Security 15). 611–626.
[28]
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2016. Driller: Augmenting Fuzzing Through Selective Symbolic Execution. In NDSS, Vol. 16. 1–16.
[29]
Infineon Technologies. 2003. TriCore Compiler Writer’s Guide. https://www.infineon.com/dgdl/inf0010_v1_4Dec2003_1.pdf?fileId=db3a304412b407950112b40f8aad1423
[30]
Roel Verdult, Flavio D. Garcia, and Barış Ege. 2015. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. In 22nd USENIX Security Symposium (USENIX Security 2013). USENIX Association, 703–718.
[31]
Pei Xia, Makoto Matsushita, Norihiro Yoshida, and Katsuro Inoue. 2014. Studying reuse of out-dated third-party code in open source projects. Information and Media Technologies 9, 2 (2014), 155–161.
[32]
Michal Zalewski. 2014. American fuzzy lop. http://lcamtuf.coredump.cx/afl

Cited By

View all
  • (2022)Cybersecurity Testing for Automotive Domain: A SurveySensors10.3390/s2223921122:23(9211)Online publication date: 26-Nov-2022
  • (2022)Efficient ECU Analysis Technology Through Structure-Aware CAN FuzzingIEEE Access10.1109/ACCESS.2022.315135810(23259-23271)Online publication date: 2022
  • (2021)Vulnerability-Oriented Fuzz Testing for Connected Autonomous Vehicle SystemsIEEE Transactions on Reliability10.1109/TR.2021.311253870:4(1422-1437)Online publication date: Dec-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CSCS '20: Proceedings of the 4th ACM Computer Science in Cars Symposium
December 2020
115 pages
ISBN:9781450376211
DOI:10.1145/3385958
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2020

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. automotive
  2. electronic control unit
  3. fuzzing

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

CSCS '20
Sponsor:
CSCS '20: Computer Science in Cars Symposium
December 2, 2020
Feldkirchen, Germany

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)62
  • Downloads (Last 6 weeks)6
Reflects downloads up to 25 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Cybersecurity Testing for Automotive Domain: A SurveySensors10.3390/s2223921122:23(9211)Online publication date: 26-Nov-2022
  • (2022)Efficient ECU Analysis Technology Through Structure-Aware CAN FuzzingIEEE Access10.1109/ACCESS.2022.315135810(23259-23271)Online publication date: 2022
  • (2021)Vulnerability-Oriented Fuzz Testing for Connected Autonomous Vehicle SystemsIEEE Transactions on Reliability10.1109/TR.2021.311253870:4(1422-1437)Online publication date: Dec-2021
  • (2021)Boosting Grey-box Fuzzing for Connected Autonomous Vehicle Systems2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C55045.2021.00080(516-527)Online publication date: Dec-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media