A Study of Security Vulnerabilities and Software Weaknesses in Vehicles

被引:8
|
作者
Xiong, Wenjun [1 ]
Gulsever, Melek [1 ]
Kaya, Koray Mustafa [1 ]
Lagerstrom, Robert [1 ]
机构
[1] KTH Royal Inst Technol, Sch Elect Engn & Comp Sci, Stockholm, Sweden
来源
SECURE IT SYSTEMS, NORDSEC 2019 | 2019年 / 11875卷
关键词
Vehicles; Cyber security; Vulnerabilities; Weaknesses;
D O I
10.1007/978-3-030-35055-0_13
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, we conduct an empirical study with the purpose of identifying common security vulnerabilities discovered in vehicles. The vulnerability information is gathered for 60 vehicle OEMs (Original Equipment Manufacturers) and common vehicle components from the National Vulnerability Database (NVD). Each vulnerability (CVE) is analyzed with respect to its software weakness type (CWE) and severity score (CVSS). 44 unique CVEs were found in NVD and analyzed. The analysis results show that about 50% of the vulnerabilities fall into the medium severity category, and the three most common software weaknesses reported are protection mechanism failure, buffer errors, and information disclosure.
引用
收藏
页码:204 / 218
页数:15
相关论文
共 50 条
  • [31] A practical framework for dynamically immunizing software security vulnerabilities
    Lin, Zhiqiang
    Mao, Bing
    Xie, Li
    FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2006, : 348 - +
  • [32] The Appilication of Fuzzing in Web software security vulnerabilities Test
    Li, Li
    Dong, Qiu
    Liu, Dan
    Zhu, Leilei
    2013 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS (ITA), 2013, : 130 - 133
  • [33] Security vulnerabilities in healthcare: an analysis of medical devices and software
    Mejia-Granda, Carlos M.
    Fernandez-Aleman, Jose L.
    Carrillo-de-Gea, Juan M.
    Garcia-Berna, Jose A.
    MEDICAL & BIOLOGICAL ENGINEERING & COMPUTING, 2024, 62 (01) : 257 - 273
  • [34] Managing Publicly Known Security Vulnerabilities in Software Systems
    Mahrous, Hesham
    Malhotra, Baljeet
    2018 16TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2018, : 247 - 256
  • [35] Measuring, analyzing and predicting security vulnerabilities in software systems
    Alhazmi, O. H.
    Malaiya, Y. K.
    Ray, I.
    COMPUTERS & SECURITY, 2007, 26 (03) : 219 - 228
  • [36] Improving Prioritization of Software Weaknesses using Security Models with AVUS
    Renatus, Stephan
    Bartelheimer, Corrie
    Eichler, Jorn
    2015 IEEE 15TH INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM), 2015, : 259 - 264
  • [37] A classification methodology for security patterns to help fix software weaknesses
    Regainia, Loukmen
    Salva, Sebastien
    Bouhours, Cedric
    2016 IEEE/ACS 13TH INTERNATIONAL CONFERENCE OF COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2016,
  • [38] A Preliminary Study Examining Relationships Between Nano-Patterns and Software Security Vulnerabilities
    Sultana, Kazi Zakia
    Deo, Ajay
    Williams, Byron J.
    PROCEEDINGS 2016 IEEE 40TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS, VOL 1, 2016, : 257 - 262
  • [39] Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries
    Harzevili, Nima Shiri
    Shin, Jiho
    Wang, Junjie
    Wang, Song
    Nagappan, Nachiappan
    2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, 2023, : 27 - 38
  • [40] Security vulnerabilities in computer software testing technology and its application
    Lan, Jiang
    INFORMATION TECHNOLOGY AND INDUSTRIAL ENGINEERING, VOLS 1 & 2, 2014, : 541 - 545
12345