Preface xiAbout the Author xiii1 Overview of the Current State of Cybersecurity in the Automotive Industry 11.1 Cybersecurity Standards, Guidelines, and Activities 31.2 Process Changes, Organizational Changes, and New Solutions 61.3 Results from a Survey on Cybersecurity Practices in the Automotive Industry 81.3.1 Survey Methods 81.3.2 Report Results 91.3.2.1 Organizational Challenges 91.3.2.2 Technical Challenges 101.3.2.3 Product Development and Security Testing Challenges 111.3.2.4 Supply Chain and Third-Party Components Challenges 111.3.3 How to Address the Challenges 121.3.3.1 Organizational Takeaways 121.3.3.2 Technical Takeaways 131.3.3.3 Product Development and Security Testing Takeaways 131.3.3.4 Supply Chain and Third-Party Components Takeaways 131.3.3.5 Getting Started 141.3.3.6 Practical Examples of Organizations Who Have Started 151.4 Examples of Vulnerabilities in the Automotive Industry 161.5 Chapter Summary 18References 192 Introduction to Security in the Automotive Software Development Lifecycle 232.1 V-Model Software Development Process 242.2 Challenges in Automotive Software Development 252.3 Security Solutions at each Step in the V-Model 262.3.1 Cybersecurity Requirements Review 272.3.2 Security Design Review 272.3.3 Threat Analysis and Risk Assessment 272.3.4 Source Code Review 282.3.5 Static Code Analysis 282.3.6 Software Composition Analysis 292.3.7 Security Functional Testing 292.3.8 Vulnerability Scanning 292.3.9 Fuzz Testing 302.3.10 Penetration Testing 302.3.11 Incident Response and Updates 312.3.12 Continuous Cybersecurity Activities 322.3.13 Overall Cybersecurity Management 322.4 New Technical Challenges 322.5 Chapter Summary 34References 353 Automotive-Grade Secure Hardware 373.1 Need for Automotive Secure Hardware 393.2 Different Types of HSMs 413.3 Root of Trust: Security Features Provided by Automotive HSM 433.3.1 Secure Boot 443.3.2 Secure In-Vehicle Communication 453.3.3 Secure Host Flashing 463.3.4 Secure Debug Access 473.3.5 Secure Logging 473.4 Chapter Summary 48References 484 Need for Automated Security Solutions in the Automotive Software Development Lifecycle 514.1 Main Challenges in the Automotive Industry 534.2 Automated Security Solutions During the Product Development Phases 554.2.1 Static Code Analysis 554.2.2 Software Composition Analysis 574.2.3 Security Testing 584.2.4 Automation and Traceability During Software Development 594.3 Solutions During Operations and Maintenance Phases 594.3.1 Cybersecurity Monitoring, Vulnerability Management, Incident Response, and OTA Updates 594.4 Chapter Summary 61References 615 Static Code Analysis for Automotive Software 635.1 Introduction to MISRA and AUTOSAR Coding Guidelines 685.2 Problem Statement: MISRA and AUTOSAR Challenges 755.3 Solution: Workflow for Code Segmentation, Guideline Policies, and Deviation Management 795.3.1 Step 1: Segment the Codebase into Different Categories/Components Based on Risk 805.3.2 Step 2: Specify Guideline Policies (Set of Guidelines to Apply) Depending on Risk Categories 815.3.3 Step 3: Perform the Scan and Plan the Approach for Prioritization of Findings 825.3.4 Step 4: Prioritize Findings Based on the Risk Categories and Guideline Policies and Determine How to Handle Each Finding, e.g. Fix or Leave as Deviation 835.3.5 Step 5: Follow a Defined Deviation Management Process, Including Approval Steps 845.3.6 Step 6: Report on MISRA or AUTOSAR Coding Guidelines Compliance Including Deviations 865.4 Chapter Summary 87References 886 Software Composition Analysis in the Automotive Industry 916.1 Software Composition Analysis: Benefits and Usage Scenarios 956.2 Problem Statement: Analysis of Automotive Software Open-Source Software Risks 986.2.1 Analysis Results 986.2.1.1 zlib 996.2.1.2 libpng 996.2.1.3 OpenSSL 996.2.1.4 curl 996.2.1.5 Linux Kernel 1006.2.2 Discussion 1006.3 Solution: Countermeasures on Process and Technical Levels 1016.3.1 Fully Inventory Open-Source Software 1016.3.2 Use Appropriate Software Composition Analysis Approaches 1026.3.3 Map Open-Source Software to Known Security Vulnerabilities 1026.3.4 Identify License, Quality, and Security Risks 1036.3.5 Create and Enforce Open-Source Software Risk Policies 1046.3.6 Continuously Monitor for New Security Threats and Vulnerabilities 1046.3.7 Define and Follow Processes for Addressing Vulnerabilities in Open-Source Software 1056.3.8 How to Get Started 1066.4 Chapter Summary 107References 1087 Overview of Automotive Security Testing Approaches 1117.1 Practical Security Testing 1157.1.1 Security Functional Testing 1177.1.2 Vulnerability Scanning 1197.1.3 Fuzz Testing 1217.1.4 Penetration Testing 1227.2 Frameworks for Security Testing 1257.3 Focus on Fuzz Testing 1297.3.1 Fuzz Engine 1307.3.2 Injector 1347.3.3 Monitor 1367.4 Chapter Summary 140References 1418 Automating Fuzz Testing of In-Vehicle Systems by Integrating with Automotive Test Tools 1458.1 Overview of HIL Systems 1478.2 Problem Statement: SUT Requires External Input and Monitoring 1508.3 Solution: Integrating Fuzz Testing Tools with HIL Systems 1528.3.1 White-Box Approach for Fuzz Testing Using HIL System 1578.3.1.1 Example Test Setup Using an Engine ECU 1598.3.1.2 Fuzz Testing Setup for the Engine ECU 1618.3.1.3 Fuzz Testing Setup Considerations 1658.3.2 Black-Box Approach for Fuzz Testing Using HIL System 1668.3.2.1 Example Target System Setup Using Engine and Body Control Modules 1688.3.2.2 Fuzz Testing Setup Using Duplicate Engine and Body Control Modules 1718.3.2.3 Fuzz Testing Setup Considerations 1758.4 Chapter Summary 176References 1779 Improving Fuzz Testing Coverage by Using Agent Instrumentation 1799.1 Introduction to Agent Instrumentation 1829.2 Problem Statement: Undetectable Vulnerabilities 1839.2.1 Memory Leaks 1849.2.2 Core Dumps and Zombie Processes 1859.2.3 Considerations for Addressing Undetectable Vulnerabilities 1879.3 Solution: Using Agents to Detect Undetectable Vulnerabilities 1879.3.1 Overview of the Test Environment 1889.3.2 Modes of Operation 1899.3.2.1 Synchronous Mode 1909.3.2.2 Asynchronous Mode 1919.3.2.3 Hybrid Approach 1929.3.3 Examples of Agents 1939.3.3.1 Agent Core Dump 1939.3.3.2 Agent Log Tailer 1949.3.3.3 Agent Process Monitor 1949.3.3.4 Agent PID 1949.3.3.5 Agent Address Sanitizer 1959.3.3.6 Agent Valgrind 1959.3.3.7 An Example config.json Configuration File 1969.3.4 Example Results from Agent Instrumentation 1979.3.4.1 Bluetooth Fuzz Testing 1989.3.4.2 Wi-Fi Fuzz Testing 1999.3.4.3 MQTT Fuzz Testing 2019.3.4.4 File Format Fuzz Testing 2039.3.5 Applicability and Automation 2069.4 Chapter Summary 207References 20810 Automating File Fuzzing over USB for Automotive Systems 21110.1 Need for File Format Fuzzing 21310.2 Problem Statement: Manual Process for File Format Fuzzing 21510.3 Solution: Emulated Filesystems to Automate File Format Fuzzing 21610.3.1 System Architecture Overview 21710.3.2 Phase One Implementation Example: Prepare Fuzzed Files 21910.3.3 Phase Two Implementation Example: Automatically Emulate Filesystems 22310.3.4 Automating User Input 22810.3.5 Monitor for Exceptions 23110.4 Chapter Summary 236References 23711 Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems 24111.1 Introduction to ALM Systems 24211.2 Problem Statement: Tracing Secure Software Development Activities and Results to Requirements and Automating Application Security Testing 24511.3 Solution: Integrating Application Security Testing Tools with ALM Systems 24811.3.1 Concept 24911.3.1.1 Static Code Analysis - Example 24911.3.1.2 Software Composition Analysis - Example 25011.3.1.3 Vulnerability Scanning - Example 25011.3.1.4 Fuzz Testing - Example 25011.3.1.5 Concept Overview 25111.3.2 Example Implementation 25211.3.2.1 Defensics 25211.3.2.2 code Beamer ALM 25211.3.2.3 Jenkins 25211.3.2.4 SUT 25311.3.2.5 Implementation Overview 25311.3.3 Considerations 25811.4 Chapter Summary 262References 26412 Continuous Cybersecurity Monitoring, Vulnerability Management, Incident Response, and Secure OTA Updates 26712.1 Need for Cybersecurity Monitoring and Secure OTA Updates 26812.2 Problem Statement: Software Inventory, Monitoring Vulnerabilities, and Vulnerable Vehicles 27112.3 Solution: Release Management, Monitoring and Tracking, and Secure OTA Updates 27212.3.1 Release Management 27312.3.2 Monitoring and Tracking 27612.3.2.1 Solutions in Other Industries 27612.3.2.2 Solutions in the Automotive Industry 27712.3.2.3 Example Automotive SOC Overview 27712.3.2.4 Example Automotive SOC Workflow 27912.3.2.5 Newly Detected Vulnerabilities in Open-Source Software - Example 27912.3.3 Secure OTA Updates 28012.3.3.1 Identify Vulnerable Vehicles Targeted for OTA Updates 28112.3.3.2 Perform Secure OTA Updates 28112.3.3.3 Target Systems for OTA Updates 28212.3.3.4 Overview of Secure OTA Update Process for ECUs 28312.3.3.5 Standardization and Frameworks for OTA Updates 28412.4 Chapter Summary 285References 28613 Summary and Next Steps 289Index 293

Dr. Dennis Kengo Oka is an automotive cybersecurity expert with more than 15 years of global experience in the automotive industry. He received his Ph.D. in Computer Science and Engineering, with a focus on automotive security, from Chalmers University of Technology in Sweden. In the past, Dennis has worked with Volvo Car Corporation in Sweden where he bootstrapped automotive security research for remote diagnostics and over-the-air updates on vehicles. He has also worked for the Bosch Group in Japan serving both Japanese and global customers. Specifically, Dennis co-launched the automotive security practice (ESCRYPT) in Japan and was the Head of Engineering and Consulting Asia-Pacific. Dennis has also been involved in several automotive standardization activities, including the development of fuzz testing guidelines and cybersecurity testing frameworks. He has over 60 publications consisting of conference papers, journal articles, and book chapters, and is a frequent public speaker at international automotive and cybersecurity conferences and events.