1 option
Vulnerability analysis of DoIP implementation based on model learning Tongji University
- Format:
- Book
- Conference/Event
- Author/Creator:
- Luo, Feng, author.
- Conference Name:
- WCX SAE World Congress Experience (2024-04-16 : Detroit, Michigan, United States)
- Language:
- English
- Physical Description:
- 1 online resource cm
- Place of Publication:
- Warrendale, PA SAE International 2024
- Summary:
- The software installed in Electronic Control Units (ECUs) has witnessed a significant scale expansion as the functionality of Intelligent Connected Vehicles (ICVs) has become more sophisticated. To seek convenient long-term functional maintenance, stakeholders want to access ECUs data or update software from anywhere via diagnostic. Accordingly, as one of the external interfaces, Diagnostics over Internet Protocol (DoIP) is inevitably prone to malicious attacks. It is essential to note that cybersecurity threats not only arise from inherent protocol defects but also consider software implementation vulnerabilities. When implementing a specification, developers have considerable freedom to decide how to proceed. Differences between protocol specifications and implementations are often unavoidable, which can result in security vulnerabilities and potential attacks exploiting them. Considering the security risks and technology trends of vehicles, this paper uses model learning for the first time to infer the protocol implementation state model against DoIP and aims to explore the unexpected state transitions that may occur during the interaction of diagnostic services. This is an automated black-box technique that provides the possibility to obtain a corresponding model of the observed implementation behavior. To achieve this, we construct a framework for applying model learning against DoIP implementation and utilize it to learn the state model. The experimental results demonstrate that the proposed vulnerability analysis method can effectively and accurately obtain the state model of specific protocol implementation. Software developers can visually spot the presence of such superfluous states or transitions by examining the obtained state model, further avoiding potential attacks that could exploit these vulnerabilities
- Notes:
- Vendor supplied data
- Publisher Number:
- 2024-01-2807
- Access Restriction:
- Restricted for use by site license
The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.