Improving Fuzz Testing of Infotainment Systems and Telematics Units using Agent

Presented by

Dennis Kengo Oka, Senior Solutions Architect, Synopsys & Rikke Kuipers, Product Manager, Synopsys

About this talk

In the past few years, cybersecurity has become more intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. However, with limited instrumentation, especially on systems such as in-vehicle infotainment (IVI) system and telematics units, there are several types of issues that go undetected, such as memory leaks and cases where the application crashes but restarts quickly. Since these systems are typically based on operating systems providing more functionality such as Linux and Android, it is possible to use appropriate tools to collect additional information from the system under test (SUT) to determine whether there were any exceptions detected during the fuzz testing. Furthermore, it would be possible to gather more details about the detected exceptions on the SUT which helps developers to better understand and identify the root cause of the issues and fix the problems more efficiently. To this end, we introduce the Agent Instrumentation Framework and explain how it can be used to improve fuzz testing of IVIs and telematics units. We show how additional information can be collected from the target system and used to identify whether there are exceptions on the SUT and additionally help developers identify the underlying cause of any issues detected. Finally, to showcase the effectiveness of the agent instrumentation framework we built a test bench based on this approach and performed fuzz testing on multiple SUTs. Based on our findings we highlight several examples of issues that would have not been detected unless we used agent instrumentation.
Related topics:

More from this channel

Upcoming talks (16)
On-demand talks (189)
Subscribers (58773)
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that’s best for them. Only Synopsys offers everything you need to build trust in your software.