A Study of Security Vulnerabilities and Software Weaknesses in Vehicles

被引:10
作者
Xiong, Wenjun [1 ]
Gulsever, Melek [1 ]
Kaya, Koray Mustafa [1 ]
Lagerstrom, Robert [1 ]
机构
[1] KTH Royal Inst Technol, Sch Elect Engn & Comp Sci, Stockholm, Sweden
来源
SECURE IT SYSTEMS, NORDSEC 2019 | 2019年 / 11875卷
关键词
Vehicles; Cyber security; Vulnerabilities; Weaknesses;
D O I
10.1007/978-3-030-35055-0_13
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, we conduct an empirical study with the purpose of identifying common security vulnerabilities discovered in vehicles. The vulnerability information is gathered for 60 vehicle OEMs (Original Equipment Manufacturers) and common vehicle components from the National Vulnerability Database (NVD). Each vulnerability (CVE) is analyzed with respect to its software weakness type (CWE) and severity score (CVSS). 44 unique CVEs were found in NVD and analyzed. The analysis results show that about 50% of the vulnerabilities fall into the medium severity category, and the three most common software weaknesses reported are protection mechanism failure, buffer errors, and information disclosure.
引用
收藏
页码:204 / 218
页数:15
相关论文
共 16 条
  • [1] Automated Generation of Attack Graphs Using NVD
    Aksu, M. Ugur
    Bicakci, Kemal
    Dilek, M. Hadi
    Ozbayoglu, A. Murat
    Tatli, E. Islam
    [J]. PROCEEDINGS OF THE EIGHTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY'18), 2018, : 135 - 142
  • [2] Buttigieg R, 2017, I C SCI TECH AUTO CO, P93, DOI 10.1109/STA.2017.8314877
  • [3] Checkoway S., 2011, P 20 USENIX C SEC SE, P6
  • [4] Currie R., 2017, HACKING CAN BUS BASI
  • [5] Security Evaluation of an Airbag-ECU by Reusing Threat Modeling Artefacts
    Duerrwang, Juergen
    Braun, Johannes
    Rumez, Marcel
    Kriesten, Reiner
    [J]. PROCEEDINGS 2017 INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND COMPUTATIONAL INTELLIGENCE (CSCI), 2017, : 37 - 43
  • [6] Gulsever M., 2019, STUDY VULNERABILITIE
  • [7] Jajodia Sushil., 2007, ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security, P2
  • [8] Can the Common Vulnerability Scoring System be Trusted? A Bayesian Analysis
    Johnson, Pontus
    Lagerstrom, Robert
    Ekstedt, Mathias
    Franke, Ulrik
    [J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2018, 15 (06) : 1002 - 1015
  • [9] Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language
    Katsikeas, Sotirios
    Johnson, Pontus
    Hacks, Simon
    Lagerstrom, Robert
    [J]. PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2019, : 175 - 182
  • [10] Kaya K.M., 2019, STUDY VULNERABILITIE
12