A Study of Security Vulnerabilities and Software Weaknesses in Vehicles

被引:8
|
作者
Xiong, Wenjun [1 ]
Gulsever, Melek [1 ]
Kaya, Koray Mustafa [1 ]
Lagerstrom, Robert [1 ]
机构
[1] KTH Royal Inst Technol, Sch Elect Engn & Comp Sci, Stockholm, Sweden
来源
SECURE IT SYSTEMS, NORDSEC 2019 | 2019年 / 11875卷
关键词
Vehicles; Cyber security; Vulnerabilities; Weaknesses;
D O I
10.1007/978-3-030-35055-0_13
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper, we conduct an empirical study with the purpose of identifying common security vulnerabilities discovered in vehicles. The vulnerability information is gathered for 60 vehicle OEMs (Original Equipment Manufacturers) and common vehicle components from the National Vulnerability Database (NVD). Each vulnerability (CVE) is analyzed with respect to its software weakness type (CWE) and severity score (CVSS). 44 unique CVEs were found in NVD and analyzed. The analysis results show that about 50% of the vulnerabilities fall into the medium severity category, and the three most common software weaknesses reported are protection mechanism failure, buffer errors, and information disclosure.
引用
收藏
页码:204 / 218
页数:15
相关论文
共 50 条
  • [41] Analysis of Software Vulnerabilities, Measures for Prevention and Protection and Security Testing
    Nakov, Ognian
    Trifonov, Roumen
    Pavlova, Galya
    Nakov, Plamen
    2021 29TH NATIONAL CONFERENCE WITH INTERNATIONAL PARTICIPATION (TELECOM), 2021, : 73 - 76
  • [42] Assessing and Extracting Software Security Vulnerabilities in SOFL Formal Specifications
    Emeka, Busalire Onesmus
    Liu, Shaoying
    2018 INTERNATIONAL CONFERENCE ON ELECTRONICS, INFORMATION, AND COMMUNICATION (ICEIC), 2018, : 374 - 377
  • [43] Detecting Software Security Vulnerabilities Via Requirements Dependency Analysis
    Wang, Wentao
    Dumont, Faryn
    Niu, Nan
    Horton, Glen
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (05) : 1665 - 1675
  • [44] Automated Risk Management Based Software Security Vulnerabilities Management
    Althar, Raghavendra Rao
    Samanta, Debabrata
    Kaur, Manjit
    Singh, Dilbag
    Lee, Heung-No
    IEEE ACCESS, 2022, 10 : 90597 - 90608
  • [45] Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities
    Bojanova, Irena
    Galhardo, Carlos Eduardo C.
    IT PROFESSIONAL, 2023, 25 (01) : 7 - 12
  • [46] On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids
    Mathas, Christos-Minas
    Vassilakis, Costas
    Kolokotronis, Nicholas
    Zarakovitis, Charilaos C.
    Kourtis, Michail-Alexandros
    ENERGIES, 2021, 14 (10)
  • [47] Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities
    Howard, Michael
    IEEE SECURITY & PRIVACY, 2009, 7 (03) : 68 - 71
  • [48] Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities
    Sadeghi, Alireza
    Esfahani, Naeem
    Malek, Sam
    FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2014, 2014, 8411 : 155 - 169
  • [49] An Approach to Obtain Software Security Vulnerabilities Based on Vertical Search
    Li, Xiaohong
    Hu, Chang
    Feng, Zhiyong
    Du, Hongwei
    Ding, Ganggang
    MEMS, NANO AND SMART SYSTEMS, PTS 1-6, 2012, 403-408 : 3203 - 3206
  • [50] A Study on Web Application Security and Detecting Security Vulnerabilities
    Kumar, Sandeep
    Mahajan, Renuka
    Kumar, Naresh
    Khatri, Sunil Kumar
    2017 6TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (TRENDS AND FUTURE DIRECTIONS) (ICRITO), 2017, : 451 - 455
12345