This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Deep Learning Based Real Time Vulnerability Fixes Verification Mechanism for Automotive Firmware/Software
ISSN: 0148-7191, e-ISSN: 2688-3627
Published April 06, 2021 by SAE International in United States
Annotation ability available
Event: SAE WCX Digital Summit
Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification. Hence, in this regard, a novel machine learning based intelligent verification technique is proposed which is free from human intervention to verify the certain number and type of vulnerabilities fixes in the embedded binary image. The technique involves training the machine learning models for software/firmware patched binaries and inferring the application of patches on the verification binary image by using the trained machine-learning model. The technique verifies the vulnerability fixes for all the given number of vulnerabilities in a given package from the whole binary image. Hence, the proposed approach resolves the vulnerability patches verification issue using an intelligent artificial intelligence-based technique among OEMs and 1st tier supplier, which is free from human interference.
CitationAnsari, A., Ameen Alimohideen, M., and P.C., K., "Deep Learning Based Real Time Vulnerability Fixes Verification Mechanism for Automotive Firmware/Software," SAE Technical Paper 2021-01-0183, 2021, https://doi.org/10.4271/2021-01-0183.
- Altaf , I. , Rashid , F.u. , Dar , J.A. , and Rafiq , M. Vulnerability Assessment and Patching Management 2015 International Conference on Soft Computing Techniques and Implementations (ICSCTI)
- Fanping , Z. et al. Vulnerability Testing of Software Using Extended EAI Model Software Engineering 2009. WCSE'09. WRI World Congress on 4 2009
- Bing , D. , Zhang , Y. , and Gu , D. An Easy-to-Deploy Penetration Testing Platform Young Computer Scientists 2008, ICYCS 2008, The 9th International Conference 2008
- Yves , T. et al. Security Vulnerabilities Assessment of the X. 509 Protocol by Syntax-Based Testing Military Communications Conference 2004 3 2004
- Xue , Q. et al. An Automated Method of Penetration Testing Computing Communications and IT Applications Conference (ComComAp) 2014 IEEE 2014
- Alexandre , V. Research Questions for Model-Based Vulnerability Testing of Web Applications Software Testing Verification and Validation (ICST) 2013 IEEE Sixth International Conference 2013
- Riccardo , F. , Luccio , F.L. , and Squarcina , M. Fast SQL Blind Injections in High Latency Networks Satellite Telecommunications (ESTEL) 2012 IEEE First AESS European Conference 2012
- Xu , Z. , Chen , B. , Chandramohan , M. , Liu , Y. , and Song , F. SPAIN: Security Patch Analysis for Binaries towards Understanding the Pain and Pills 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE) Buenos Aires 2017 462472
- Piantadosi , V. , Scalabrino , S. , and Oliveto , R. Fixing of Security Vulnerabilities in Open Source Projects: A Case Study of Apache HTTP Server and Apache Tomcat 2019 12th IEEE Conference on Software Testing, Validation and Verification (ICST) Xi'an, China 2019 68 78