Advertisement

Testing Security of Embedded Software Through Virtual Processor Instrumentation

  • Andreas Lauber
  • Eric Sax
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 22)

Abstract

More and more functionality that demands remote access on a vehicle is integrated into modern cars. Fleet management, infotainment, updates-over-the-air and the upcoming functionality for autonomous driving need gateways that enable a car-2-x communication. Misuse is a threat. Consequently, security mechanisms play an increasing important role. But how can we show and prove the effectiveness of these security functions?

Therefore, in this paper we will show an approach to test security aspects, based on virtual instrumentation. The approach is to use a framework that executes the application under development on a virtual model of the target micro controller. An interception library generates scenarios systematically, whereas the effects on registers and memory are monitored. We are intercepting the running software at vulnerable functions and variables to detect potential malfunctions. This will detect security vulnerabilities of all internal failure even if no malicious behavior at the interfaces occur.

Keywords

Virtual processor Security Testing 

Notes

Acknowledgement

This publication was written in the framework of the Profilregion Mobilitätssysteme Karlsruhe, which is funded by the Ministry of Science, Research and the Arts in Baden-Württemberg.

References

  1. 1.
    Kramer, J., Hillenbrand, M., Müller-Glaser, K.D., Sax, E.: Connected efficiency–a paradigm to evaluate energy efficiency in tactical vehicle-environments. In: Bargende, M., Reuss, H.C., Wiedemann, J. (eds.) 16. Internationales Stuttgarter Symposium. Proceedings, pp. 1451–1463. Springer, Wiesbaden (2016). doi: 10.1007/978-3-658-13255-2_107 CrossRefGoogle Scholar
  2. 2.
    Koscher, K., et al.: Experimental security analysis of a modern automobile. In: IEEE Symposium on Security and Privacy, pp. 447–462 (2010)Google Scholar
  3. 3.
    Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: USINEX Security Symposium (2011)Google Scholar
  4. 4.
    Bayer, S., Enderle, T., Oka, D.-K., Wolf, M.: Automotive security testing—the digital crash test. In: Langheim, J. (ed.) Energy Consumption and Autonomous Driving. LNM, pp. 13–22. Springer, Cham (2016). doi: 10.1007/978-3-319-19818-7_2 Google Scholar
  5. 5.
    Knechtel, H.: Methoden zur Umsetzung von Datensicherheit und Datenschutz im vernetzten Steuergerät. ATZ Elektronik 10(1), 26–31 (2015)CrossRefGoogle Scholar
  6. 6.
    Spillner, A., Linz, T.: Basiswissen Softwaretest: Aus- und Weiterbildung zum Certified Tester; Foundation Level nach ISTQB-Standard, 4th edn. dpunkt.verlag (2010)Google Scholar
  7. 7.
    Radzkewycz, T.: Automotive networks can benefit from security. In: Connected Vehicle Journal: Designing for Next-Generation Connected and Autonomous Vehicles (2016)Google Scholar
  8. 8.
    Wheatley, M.: Known vulnerabilities cause 44 percent of all data breaches. http://siliconangle.com/blog/2016/01/12/known-vulnerabilities-cause-44-percent-of-all-data-breaches/. Accessed 31 Oct 2016
  9. 9.
    Symantec Corporation: Internet Security Threat Report. 2013 Trends, vol. 19 (2014)Google Scholar
  10. 10.
    MITRE Corporation: Common Vulnerabilities and Exposures (CVE). https://cve.mitre.org/. Accessed 31 Oct 2016
  11. 11.
    MITRE Corporation: Common Weakness Enumeration (CWE). https://cwe.mitre.org/. Accessed 31 Oct 2016
  12. 12.
    Foster, J.C., Osipov, V., Bhalla, N.: Buffer Overflow Attacks: Detect, Exploit, Prevent. Syngress Publishing Inc., Rockland (2005)Google Scholar
  13. 13.
    Imperas Software Limited: Open Virtual Platforms: The source of Fast Processor Models & Platforms. http://www.ovpworld.org/. Accessed 15 Dec 2016
  14. 14.
    Werner, S., et al.: Cloud-based design and virtual prototyping environment for embedded systems. Int. J. Online Eng. (IJOE) 12(9), 52–60 (2016)CrossRefGoogle Scholar
  15. 15.
    Werner, S., Lauber, A., Becker, J., Sax, E.: Cloud-based remote virtual prototyping platform for embedded control applications: cloud-based infrastructure for large-scale embedded hardware-related programming laboratories. In: Proceedings of 2016 13th International Conference on Remote Engineering and Virtual Instrumentation (REV). IEEE (2016)Google Scholar
  16. 16.
    Imperas Software Limited: Imperas Binary Interception Technology: User Guide, no. V1.5.3 (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Karlsruhe Institute of TechnologyKarlsruheGermany

Personalised recommendations