This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Deep Learning based Real Time Vulnerability fixes Verification Mechanism for Automotive firmware/Software
ISSN: 0148-7191, e-ISSN: 2688-3627
To be published on April 06, 2021 by SAE International in United States
Event: SAE WCX Digital Summit
Software vulnerability management is one of the most critical and crucial security techniques, which analyzes the automotive software/firmware across the digital cockpit, ADAS, V2X, etc. domains for vulnerabilities, and provides security patches for the concerned Common Vulnerabilities and Exposures (CVE). The process of automotive SW/FW vulnerability management system between the OEMs and vendors happen through a channel of fixing a certain number of vulnerabilities by 1st tier supplier which needs to be verified in front of OEMs for the fixed number and type of patches in there deliverable SW/FW. The gap of verification between for the fixed patches between the OEMs and 1st tier supplier requires a reliable human independent intelligent technique to have a trustworthiness of verification. Hence, in this regard, a novel machine learning based intelligent verification technique is proposed which is free from human intervention to verify the certain number and type of vulnerabilities fixes in the embedded binary image. The technique involves training the machine learning models for software/firmware patched binaries and inferring the application of patches on the verification binary image by using the trained machine-learning model. The technique verifies the vulnerability fixes for all the given number of vulnerabilities in a given package from the whole binary image. Hence, the proposed approach resolves the vulnerability patches verification issue using an intelligent artificial intelligence based technique among OEMs and 1st tier supplier, which is free from human interference.