東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Security Enhancement of Vehicle Software Systems.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Security Enhancement of Vehicle Software Systems./
作者:	Moukahal, Lama J. .
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	219 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-10, Section: B.
Contained By:	Dissertations Abstracts International83-10B.
標題:	Global positioning systems--GPS. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29005963
ISBN:	9798209916796

Security Enhancement of Vehicle Software Systems.
Moukahal, Lama J. .

Security Enhancement of Vehicle Software Systems. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 219 p.

Source: Dissertations Abstracts International, Volume: 83-10, Section: B.

Thesis (Ph.D.)--Queen's University (Canada), 2021.

This item must not be sold to any third party vendors.

In an era of connectivity and automation, the vehicle industry is adopting various technologies to transfer driver-centric vehicles to intelligent mechanical devices driven by software components. However, software integration and network connectivity inherit numerous security issues. This thesis offers methods and tools that collaboratively enhance vehicle software security, making vehicles more resilient to cyber incidents. The uniqueness of Connected Autonomous Vehicles (CAVs) invites challenges for Vehicle Software Engineering (VSE) that render traditional software development models and practical solutions less effective for automotive software development. This research presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. We also introduce novel security enhancement techniques to be employed during the SVSE lifecycle. We propose security vulnerability metrics tailored to identify complexity within vehicle software systems that open the door for malicious behavior. These metrics are utilized with grey-box fuzzing to offer a vulnerability-oriented fuzz testing (VulFuzz) framework explicitly designed to address vehicle security testing challenges. Using the vulnerability scores, VulFuzz systematically directs and prioritizes the fuzz testing toward the most vulnerable components. Depending on the component under test, fuzz testing may not be sufficient to assure a reliable system. Fuzz testing blindness prevents it from exploring the deep paths of the system, which is critical to evaluate for safety-critical components. As a result, we present a hybrid fuzz testing framework (VulFuzz++) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz++ utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. While security testing can identify many vulnerabilities and enhance security, vehicles' resilience against attacks might change during their operational lifespan. We introduce a security decay assessment framework that monitors vehicles' security risks and recognizes security failure. We have implemented and evaluated the security enhancement techniques on OpenPilot, an automotive Autopilot system. The results show the effectiveness of the proposed techniques in strengthening vehicles' resilience by identifying vulnerabilities at an early stage.

ISBN: 9798209916796Subjects--Topical Terms:

3559357
Global positioning systems--GPS.

Security Enhancement of Vehicle Software Systems.
LDR:03733nmm a2200397 4500 001 2347713
005 20220823142339.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798209916796
035 $a (MiAaPQ)AAI29005963
035 $a (MiAaPQ)QueensUCan_197429846
035 $a AAI29005963
040 $a MiAaPQ $c MiAaPQ
100 1 $a Moukahal, Lama J. . $3 3687002
245 1 0 $a Security Enhancement of Vehicle Software Systems.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 219 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-10, Section: B.
500 $a Advisor: Zulkernine, Mohammad.
502 $a Thesis (Ph.D.)--Queen's University (Canada), 2021.
506 $a This item must not be sold to any third party vendors.
520 $a In an era of connectivity and automation, the vehicle industry is adopting various technologies to transfer driver-centric vehicles to intelligent mechanical devices driven by software components. However, software integration and network connectivity inherit numerous security issues. This thesis offers methods and tools that collaboratively enhance vehicle software security, making vehicles more resilient to cyber incidents. The uniqueness of Connected Autonomous Vehicles (CAVs) invites challenges for Vehicle Software Engineering (VSE) that render traditional software development models and practical solutions less effective for automotive software development. This research presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. We also introduce novel security enhancement techniques to be employed during the SVSE lifecycle. We propose security vulnerability metrics tailored to identify complexity within vehicle software systems that open the door for malicious behavior. These metrics are utilized with grey-box fuzzing to offer a vulnerability-oriented fuzz testing (VulFuzz) framework explicitly designed to address vehicle security testing challenges. Using the vulnerability scores, VulFuzz systematically directs and prioritizes the fuzz testing toward the most vulnerable components. Depending on the component under test, fuzz testing may not be sufficient to assure a reliable system. Fuzz testing blindness prevents it from exploring the deep paths of the system, which is critical to evaluate for safety-critical components. As a result, we present a hybrid fuzz testing framework (VulFuzz++) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz++ utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. While security testing can identify many vulnerabilities and enhance security, vehicles' resilience against attacks might change during their operational lifespan. We introduce a security decay assessment framework that monitors vehicles' security risks and recognizes security failure. We have implemented and evaluated the security enhancement techniques on OpenPilot, an automotive Autopilot system. The results show the effectiveness of the proposed techniques in strengthening vehicles' resilience by identifying vulnerabilities at an early stage.
590 $a School code: 0283.
650 4 $a Global positioning systems--GPS. $3 3559357
650 4 $a Standards. $3 3560310
650 4 $a Software reliability. $3 3687003
650 4 $a Open systems. $3 3566212
650 4 $a Security management. $3 3562413
650 4 $a Communication. $3 524709
650 4 $a ISO standards. $3 3558997
650 4 $a Computer security. $3 540555
650 4 $a Mutation. $3 837917
650 4 $a Traffic accidents & safety. $3 3564559
650 4 $a Autonomous vehicles. $3 2179092
650 4 $a Sensors. $3 3549539
650 4 $a Internet of Things. $3 3538511
650 4 $a Design. $3 518875
650 4 $a International organizations. $3 1998637
650 4 $a Co authorship. $3 3687004
650 4 $a Ablation. $3 3562462
650 4 $a Software engineering. $3 559826
650 4 $a Engineers. $3 681868
650 4 $a Computer science. $3 523869
650 4 $a Engineering. $3 586835
650 4 $a Information technology. $3 532993
650 4 $a Transportation. $3 555912
690 $a 0389
690 $a 0459
690 $a 0984
690 $a 0537
690 $a 0489
690 $a 0510
690 $a 0629
690 $a 0454
690 $a 0709
710 2 $a Queen's University (Canada). $3 1017786
773 0 $t Dissertations Abstracts International $g 83-10B.
790 $a 0283
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=29005963