A Study of Security Vulnerabilities and Software Weaknesses in Vehicles

被引：8

作者：

Xiong, Wenjun ^{[1
]}

Gulsever, Melek ^{[1
]}

Kaya, Koray Mustafa ^{[1
]}

Lagerstrom, Robert ^{[1
]}

机构：

[1] KTH Royal Inst Technol, Sch Elect Engn & Comp Sci, Stockholm, Sweden

来源：

SECURE IT SYSTEMS, NORDSEC 2019 | 2019年 / 11875卷

关键词：

Vehicles; Cyber security; Vulnerabilities; Weaknesses;

D O I：

10.1007/978-3-030-35055-0_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we conduct an empirical study with the purpose of identifying common security vulnerabilities discovered in vehicles. The vulnerability information is gathered for 60 vehicle OEMs (Original Equipment Manufacturers) and common vehicle components from the National Vulnerability Database (NVD). Each vulnerability (CVE) is analyzed with respect to its software weakness type (CWE) and severity score (CVSS). 44 unique CVEs were found in NVD and analyzed. The analysis results show that about 50% of the vulnerabilities fall into the medium severity category, and the three most common software weaknesses reported are protection mechanism failure, buffer errors, and information disclosure.

引用

页码：204 / 218

页数：15

共 50 条

[1] On Privacy Weaknesses and Vulnerabilities in Software Systems
Sangaroonsilp, Pattaraporn
Dam, Hoa Khanh
Ghose, Aditya
[J]. 2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ICSE, 2023, : 1071 - 1083
[2] Architectural Security Weaknesses in Industrial Control Systems (ICS) An Empirical Study based on Disclosed Software Vulnerabilities
Gonzalez, Danielle
Alhenaki, Fawaz
Mirakhorli, Mehdi
[J]. 2019 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE (ICSA), 2019, : 31 - 40
[3] Finding Security Vulnerabilities in Unmanned Aerial Vehicles Using Software Verification
Alhawi, Omar M.
Mustafa, Mustafa A.
Cordiro, Lucas C.
[J]. 2019 INTERNATIONAL WORKSHOP ON SECURE INTERNET OF THINGS (SIOT 2019), 2019, : 9 - 17
[4] Critical Software Security Weaknesses
Gueye, Assane
Galhardo, Carlos Eduardo C.
Bojanova, Irena
[J]. IT PROFESSIONAL, 2023, 25 (04) : 11 - 16
[5] Software Metrics and Security Vulnerabilities: Dataset and Exploratory Study
Alves, Henrique
Fonseca, Baldoino
Antunes, Nuno
[J]. 2016 12TH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2016), 2016, : 37 - 44
[6] Labeling Software Security Vulnerabilities
Bojanova, Irena
Guerrerio, John J.
[J]. IT PROFESSIONAL, 2023, 25 (05) : 64 - 70
[7] Security Vulnerabilities of Unmanned Aerial Vehicles and Countermeasures: An Experimental Study
Dey, Vishal
Pudi, Vikramkumar
Chattopadhyay, Anupam
Elovici, Yuval
[J]. 2018 31ST INTERNATIONAL CONFERENCE ON VLSI DESIGN AND 2018 17TH INTERNATIONAL CONFERENCE ON EMBEDDED SYSTEMS (VLSID & ES), 2018, : 398 - 403
[8] Security Vulnerabilities in Raspberry Pi-Analysis of the System Weaknesses
Sainz-Raso, Jorge
Martin, Sergio
Diaz, Gabriel
Castro, Manuel
[J]. IEEE CONSUMER ELECTRONICS MAGAZINE, 2019, 8 (06) : 47 - 52
[9] Software Metrics as Indicators of Security Vulnerabilities
Medeiros, Nadia
Ivaki, Naghmeh
Costa, Pedro
Vieira, Marco
[J]. 2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 216 - 227
[10] The Research on Software Security Vulnerabilities Mining
Liu Shuyu
Kong Weiguang
Yang Diwei
[J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT AND INNOVATION (TMI 2010), 2010, : 333 - 335

← 1 2 3 4 5 →