Automotive Vulnerability Detection System

In [1] we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPSs). It used the attacker’s point of view by collecting a target system’s vulnerability information from varied sources and populating an Attack Point (AP) database. From these APs, a Hierarchical Task Network (HTN) generated the set of composite device-level attack scenarios. The VDS used Alloy [2], a Satisfiability (SAT) planner to reduce the cardinality of the generated space by evaluating the feasibility of each attack. In [3], we specialized the VDS for the automobile domain. This paper further 1) specializes our prior research by submitting the generated prioritized list to an Automotive-specific Attack Evaluation Process (AAEP) and 2) enhances our prior research with a method to discover and test vulnerabilities by reverse engineering the actual binary code. With a combination of simulation and vehicle instrumented real-time execution, the AAEP confirms each candidate attack. The AAEP’s output is used as feedback to refine the SAT constraint model model. A novel part of AAEP is our Automated Reverse Engineering (ARE) system, which greatly reduces the search space for software bugs. The VDS is designed to support short product release cycles. A. Knowledge Acquisition