Overview

BUILDING SECURE CARS Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycleWhile increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes. Written by a seasoned automotive security expert with abundant international industry expertise, Building Secure Cars: Assuring the Automotive Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process.This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is:One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle An optimal resource to help improve software security with relevant organizational workflows and technical solutions A complete guide that covers introductory information to more advanced and practical topics Written by an established professional working at the heart of the automotive industry Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations? security postures by understanding and applying the practical technologies and solutions inside.

Full Product Details

Author:   Dennis Kengo Oka
Publisher:   John Wiley and Sons Ltd
Imprint:   Wiley-Blackwell
Dimensions:   Width: 17.20cm , Height: 2.20cm , Length: 25.00cm
Weight:   0.696kg
ISBN:  

9781119710745

ISBN 10:   111971074
Pages:   320
Publication Date:   08 April 2021
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Hardback
Publisher's Status:   Active
Availability:   To order  
Stock availability from the supplier is unknown. We will order it for you and ship this item to you once it is received by us.

Table of Contents

Preface About the Author 1. Overview of the current state of cybersecurity in the automotive industry 1.1. Cybersecurity standards, guidelines, and activities 1.2. Process changes, organizational changes, and new solutions 1.3. Results from a survey on cybersecurity practices in the automotive industry 1.3.1. Survey methods 1.3.2. Report results 1.3.2.1. Organizational challenges 1.3.2.2. Technical challenges 1.3.2.3. Product development and security testing challenges 1.3.2.4. Supply chain and third-party components challenges 1.3.3. How to address the challenges 1.3.3.1. Organizational takeaways 1.3.3.2. Technical takeaways 1.3.3.3. Product development and security testing takeaways 1.3.3.4. Supply chain and third-party components takeaways 1.3.3.5. Getting started 1.3.3.6. Practical examples of organizations who have started 1.3.3.7. 1.4. Examples of vulnerabilities in the automotive industry 1.5. Chapter summary References 2. Introduction to security in the automotive software development lifecycle 2.1. V-model software development process 2.2. Challenges in the automotive software development 2.3. Security solutions at each step in the V-model 2.3.1. Cybersecurity requirements review 2.3.2. Security design review 2.3.3. Threat analysis and risk assessment 2.3.4. Source code review 2.3.5. Static code analysis 2.3.6. Software composition analysis 2.3.7. Functional security testing 2.3.8. Vulnerability scanning 2.3.9. Fuzz testing 2.3.10. Penetration testing 2.3.11. Incident response and updates 2.3.12. Continuous cybersecurity activities 2.3.13. Overall cybersecurity management 2.4. New technical challenges 2.5. Chapter summary References 3. Automotive-grade secure hardware 3.1. Need for automotive secure hardware 3.2. Different types of HSMs 3.3. Root of trust: security features provided by automotive HSM 3.3.1. Secure boot 3.3.2. Secure onboard communication 3.3.3. Secure host flashing 3.3.4. Secure debug access 3.3.5. Secure logging 3.4. Chapter summary References 4. Need for automated security solutions in the automotive software development lifecycle 4.1. Main challenges in the automotive industry 4.2. Automated security solutions during the product development phases 4.2.1. Static code analysis 4.2.2. Software composition analysis 4.2.3. Security testing 4.2.4. Automation and traceability during software development 4.3. Solutions during operations and maintenance phases 4.3.1. Cybersecurity monitoring, vulnerability management, incident response and OTA updates 4.4. Chapter summary References 5. Static code analysis for automotive software 5.1. Introduction to MISRA and AUTOSAR coding guidelines 5.2. Problem statement: MISRA and AUTOSAR challenges 5.3. Solution: Workflow for code segmentation, guideline policies, and deviation management 5.3.1. Step one: Segmenting the codebase 5.3.2. Step two: Specify guideline policies 5.3.3. Step three: Perform the scan and plan the approach for prioritization of findings 5.3.4. Step four: Prioritize findings based on the risk categories and rules and determine how to handle each finding, e.g., fix or leave as deviation 5.3.5. Step five: Follow a defined deviation management process 5.3.6. Step six: Report on MISRA or AUTOSAR including deviations 5.4. Chapter summary References 6. Software composition analysis in the automotive industry 6.1. Software composition analysis, benefits, usage scenarios 6.2. Problem statement: Analysis of automotive software open-source software risks 6.2.1. Analysis results 6.2.1.1. zlib 6.2.1.2. libpng 6.2.1.3. Openssl 6.2.1.4. curl 6.2.1.5. Linux kernel 6.2.2. Discussion 6.3. Solution: Countermeasures on process and technical levels 6.3.1. Fully inventory open-source software 6.3.2. Use appropriate software composition analysis approaches 6.3.3. Map open-source software to known security vulnerabilities 6.3.4. Identify license, quality, and security risks 6.3.5. Create and enforce open-source software risk policies 6.3.6. Continuously monitor for new security threats and vulnerabilities 6.3.7. Define and follow processes for addressing vulnerabilities in open-source software 6.3.8. How to get started 6.4. Chapter summary References 7. Overview of automotive security testing approaches 7.1. Practical security testing 7.1.1. Functional security testing 7.1.2. Vulnerability scanning 7.1.3. Fuzz testing 7.1.4. Penetration testing 7.2. Frameworks for security testing 7.3. Focus on fuzz testing 7.3.1. Fuzz engine 7.3.2. Injector 7.3.3. Monitor 7.4. Chapter summary References 8. Automating fuzz testing of in-vehicle systems by integrating with automotive test tools 8.1. HIL (hardware-in-the-loop) systems 8.2. Problem statement: SUT requires external input and monitoring 8.3. Solution: Integrating fuzz testing tools with HIL systems 8.3.1. White-box approach for fuzz testing using HIL System 8.3.1.1. Example test setup using an Engine ECU 8.3.1.2. Fuzz testing setup for the Engine ECU 8.3.1.3. Fuzz test setup considerations 8.3.2. Black-box approach for fuzz testing using HIL System 8.3.2.1. Example target system setup using engine and body control modules 8.3.2.2. Fuzz testing setup using duplicate engine and body control modules 8.3.2.3. Fuzz test setup considerations 8.4. Chapter Summary References 9. Improving fuzz testing coverage by using Agent instrumentation 9.1. Introduction to Agent instrumentation 9.2. Problem statement: Undetectable vulnerabilities 9.3. Solution: Using agents to detect these vulnerabilities 9.3.1. Overview of test environment 9.3.2. Modes of operation 9.3.2.1. Synchronous mode 9.3.2.2. Asynchronous mode 9.3.3. Examples of agents 9.3.3.1. AgentCoreDump 9.3.3.2. AgentLogTailer 9.3.3.3. AgentProcessMonitor 9.3.3.4. AgentPID 9.3.3.5. AgentAddressSanitizer 9.3.3.6. AgentValgrind 9.3.3.7. An example config.json configuration file 9.3.4. Example results from Agent instrumentation 9.3.4.1. Bluetooth fuzz testing 9.3.4.2. Wi-Fi fuzz testing 9.3.4.3. MQTT fuzzing 9.3.4.4. File format fuzz testing 9.3.5. Applicability and automation 9.4. Chapter summary References 10. Automating file fuzzing over USB for automotive systems 10.1. Need for file format fuzzing 10.2. Problem statement: Manual process for file format fuzzing 10.3. Solution: Emulated filesystems to automate file format fuzzing 10.3.1. System Architecture Overview 10.3.2. Phase one implementation example: Prepare fuzzed files 10.3.3. Phase two implementation example: Automatically emulate filesystems 10.3.4. Automating user input 10.3.5. Monitor for exceptions 10.4. Chapter summary References 11. Automation and traceability by integrating application security testing tools into ALM systems 11.1. Introduction to ALM (application lifecycle management) systems 11.2. Problem statement: Tracing secure software development activities and results to requirements and automating application security testing 11.3. Solution: Integrating application security testing tools with ALM systems 11.3.1. Concept 11.3.1.1. Static code analysis - example 11.3.1.2. Software composition analysis - example 11.3.1.3. Vulnerability scanning - example 11.3.1.4. Fuzz testing - example 11.3.1.5. Concept overview 11.3.2. Example implementation 11.3.3. Considerations 11.4. Chapter summary References 12. Continuous cybersecurity monitoring, vulnerability management, incident response, and secure OTA (over-the-air) updates 12.1. Need for cybersecurity monitoring and secure OTA updates 12.2. Problem statement: Software inventory, monitoring vulnerabilities, and vulnerable vehicles 12.3. Solution: Release management, monitoring and tracking, and secure OTA updates 12.3.1. Release management 12.3.2. Monitoring and tracking 12.3.3. Secure OTA updates 12.4. Chapter summary References 13. Summary and Next Steps Index

Reviews

Author Information

Dr. Dennis Kengo Oka is an automotive cybersecurity expert with more than 15 years of global experience in the automotive industry. He received his Ph.D. in Computer Science and Engineering, with a focus on automotive security, from Chalmers University of Technology in Sweden. In the past, Dennis has worked with Volvo Car Corporation in Sweden where he bootstrapped automotive security research for remote diagnostics and over-the-air updates on vehicles. He has also worked for the Bosch Group in Japan serving both Japanese and global customers. Specifically, Dennis co-launched the automotive security practice (ESCRYPT) in Japan and was the Head of Engineering and Consulting Asia-Pacific. Dennis has also been involved in several automotive standardization activities, including the development of fuzz testing guidelines and cybersecurity testing frameworks. He has over 60 publications consisting of conference papers, journal articles, and book chapters, and is a frequent public speaker at international automotive and cybersecurity conferences and events.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions