Building Secure Cars: Assuring the Automotive Software Development Lifecycle by

Description: Building Secure Cars by Dennis Kengo Oka BUILDING SECURE CARS Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycleWhile increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes. Written by a seasoned automotive security expert with abundant international industry expertise, Building Secure Cars: Assuring the Automotive Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process.This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is:One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycleAn optimal resource to help improve software security with relevant organizational workflows and technical solutionsA complete guide that covers introductory information to more advanced and practical topicsWritten by an established professional working at the heart of the automotive industryFully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experienceThis book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations security postures by understanding and applying the practical technologies and solutions inside. FORMAT Hardcover LANGUAGE English CONDITION Brand New Back Cover Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle While increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes. Written by a seasoned automotive security expert with abundant international industry expertise, Building Secure Cars: Assuring the Automotive Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process. This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is: One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle An optimal resource to help improve software security with relevant organizational workflows and technical solutions A complete guide that covers introductory information to more advanced and practical topics Written by an established professional working at the heart of the automotive industry Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations security postures by understanding and applying the practical technologies and solutions inside. Flap Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle While increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes. Written by a seasoned automotive security expert with abundant international industry expertise, Building Secure Cars: Assuring the Automotive Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process. This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is: One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle An optimal resource to help improve software security with relevant organizational workflows and technical solutions A complete guide that covers introductory information to more advanced and practical topics Written by an established professional working at the heart of the automotive industry Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations security postures by understanding and applying the practical technologies and solutions inside. Author Biography Dr. Dennis Kengo Oka is an automotive cybersecurity expert with more than 15 years of global experience in the automotive industry. He received his Ph.D. in Computer Science and Engineering, with a focus on automotive security, from Chalmers University of Technology in Sweden. In the past, Dennis has worked with Volvo Car Corporation in Sweden where he bootstrapped automotive security research for remote diagnostics and over-the-air updates on vehicles. He has also worked for the Bosch Group in Japan serving both Japanese and global customers. Specifically, Dennis co-launched the automotive security practice (ESCRYPT) in Japan and was the Head of Engineering and Consulting Asia-Pacific. Dennis has also been involved in several automotive standardization activities, including the development of fuzz testing guidelines and cybersecurity testing frameworks. He has over 60 publications consisting of conference papers, journal articles, and book chapters, and is a frequent public speaker at international automotive and cybersecurity conferences and events. Table of Contents Preface xi About the Author xiii 1 Overview of the Current State of Cybersecurity in the Automotive Industry 1 1.1 Cybersecurity Standards, Guidelines, and Activities 3 1.2 Process Changes, Organizational Changes, and New Solutions 6 1.3 Results from a Survey on Cybersecurity Practices in the Automotive Industry 8 1.3.1 Survey Methods 8 1.3.2 Report Results 9 1.3.2.1 Organizational Challenges 9 1.3.2.2 Technical Challenges 10 1.3.2.3 Product Development and Security Testing Challenges 11 1.3.2.4 Supply Chain and Third-Party Components Challenges 11 1.3.3 How to Address the Challenges 12 1.3.3.1 Organizational Takeaways 12 1.3.3.2 Technical Takeaways 13 1.3.3.3 Product Development and Security Testing Takeaways 13 1.3.3.4 Supply Chain and Third-Party Components Takeaways 13 1.3.3.5 Getting Started 14 1.3.3.6 Practical Examples of Organizations Who Have Started 15 1.4 Examples of Vulnerabilities in the Automotive Industry 16 1.5 Chapter Summary 18 References 19 2 Introduction to Security in the Automotive Software Development Lifecycle 23 2.1 V-Model Software Development Process 24 2.2 Challenges in Automotive Software Development 25 2.3 Security Solutions at each Step in the V-Model 26 2.3.1 Cybersecurity Requirements Review 27 2.3.2 Security Design Review 27 2.3.3 Threat Analysis and Risk Assessment 27 2.3.4 Source Code Review 28 2.3.5 Static Code Analysis 28 2.3.6 Software Composition Analysis 29 2.3.7 Security Functional Testing 29 2.3.8 Vulnerability Scanning 29 2.3.9 Fuzz Testing 30 2.3.10 Penetration Testing 30 2.3.11 Incident Response and Updates 31 2.3.12 Continuous Cybersecurity Activities 32 2.3.13 Overall Cybersecurity Management 32 2.4 New Technical Challenges 32 2.5 Chapter Summary 34 References 35 3 Automotive-Grade Secure Hardware 37 3.1 Need for Automotive Secure Hardware 39 3.2 Different Types of HSMs 41 3.3 Root of Trust: Security Features Provided by Automotive HSM 43 3.3.1 Secure Boot 44 3.3.2 Secure In-Vehicle Communication 45 3.3.3 Secure Host Flashing 46 3.3.4 Secure Debug Access 47 3.3.5 Secure Logging 47 3.4 Chapter Summary 48 References 48 4 Need for Automated Security Solutions in the Automotive Software Development Lifecycle 51 4.1 Main Challenges in the Automotive Industry 53 4.2 Automated Security Solutions During the Product Development Phases 55 4.2.1 Static Code Analysis 55 4.2.2 Software Composition Analysis 57 4.2.3 Security Testing 58 4.2.4 Automation and Traceability During Software Development 59 4.3 Solutions During Operations and Maintenance Phases 59 4.3.1 Cybersecurity Monitoring, Vulnerability Management, Incident Response, and OTA Updates 59 4.4 Chapter Summary 61 References 61 5 Static Code Analysis for Automotive Software 63 5.1 Introduction to MISRA and AUTOSAR Coding Guidelines 68 5.2 Problem Statement: MISRA and AUTOSAR Challenges 75 5.3 Solution: Workflow for Code Segmentation, Guideline Policies, and Deviation Management 79 5.3.1 Step 1: Segment the Codebase into Different Categories/Components Based on Risk 80 5.3.2 Step 2: Specify Guideline Policies (Set of Guidelines to Apply) Depending on Risk Categories 81 5.3.3 Step 3: Perform the Scan and Plan the Approach for Prioritization of Findings 82 5.3.4 Step 4: Prioritize Findings Based on the Risk Categories and Guideline Policies and Determine How to Handle Each Finding, e.g. Fix or Leave as Deviation 83 5.3.5 Step 5: Follow a Defined Deviation Management Process, Including Approval Steps 84 5.3.6 Step 6: Report on MISRA or AUTOSAR Coding Guidelines Compliance Including Deviations 86 5.4 Chapter Summary 87 References 88 6 Software Composition Analysis in the Automotive Industry 91 6.1 Software Composition Analysis: Benefits and Usage Scenarios 95 6.2 Problem Statement: Analysis of Automotive Software Open-Source Software Risks 98 6.2.1 Analysis Results 98 6.2.1.1 zlib 99 6.2.1.2 libpng 99 6.2.1.3 OpenSSL 99 6.2.1.4 curl 99 6.2.1.5 Linux Kernel 100 6.2.2 Discussion 100 6.3 Solution: Countermeasures on Process and Technical Levels 101 6.3.1 Fully Inventory Open-Source Software 101 6.3.2 Use Appropriate Software Composition Analysis Approaches 102 6.3.3 Map Open-Source Software to Known Security Vulnerabilities 102 6.3.4 Identify License, Quality, and Security Risks 103 6.3.5 Create and Enforce Open-Source Software Risk Policies 104 6.3.6 Continuously Monitor for New Security Threats and Vulnerabilities 104 6.3.7 Define and Follow Processes for Addressing Vulnerabilities in Open-Source Software 105 6.3.8 How to Get Started 106 6.4 Chapter Summary 107 References 108 7 Overview of Automotive Security Testing Approaches 111 7.1 Practical Security Testing 115 7.1.1 Security Functional Testing 117 7.1.2 Vulnerability Scanning 119 7.1.3 Fuzz Testing 121 7.1.4 Penetration Testing 122 7.2 Frameworks for Security Testing 125 7.3 Focus on Fuzz Testing 129 7.3.1 Fuzz Engine 130 7.3.2 Injector 134 7.3.3 Monitor 136 7.4 Chapter Summary 140 References 141 8 Automating Fuzz Testing of In-Vehicle Systems by Integrating with Automotive Test Tools 145 8.1 Overview of HIL Systems 147 8.2 Problem Statement: SUT Requires External Input and Monitoring 150 8.3 Solution: Integrating Fuzz Testing Tools with HIL Systems 152 8.3.1 White-Box Approach for Fuzz Testing Using HIL System 157 8.3.1.1 Example Test Setup Using an Engine ECU 159 8.3.1.2 Fuzz Testing Setup for the Engine ECU 161 8.3.1.3 Fuzz Testing Setup Considerations 165 8.3.2 Black-Box Approach for Fuzz Testing Using HIL System 166 8.3.2.1 Example Target System Setup Using Engine and Body Control Modules 168 8.3.2.2 Fuzz Testing Setup Using Duplicate Engine and Body Control Modules 171 8.3.2.3 Fuzz Testing Setup Considerations 175 8.4 Chapter Summary 176 References 177 9 Improving Fuzz Testing Coverage by Using Agent Instrumentation 179 9.1 Introduction to Agent Instrumentation 182 9.2 Problem Statement: Undetectable Vulnerabilities 183 9.2.1 Memory Leaks 184 9.2.2 Core Dumps and Zombie Processes 185 9.2.3 Considerations for Addressing Undetectable Vulnerabilities 187 9.3 Solution: Using Agents to Detect Undetectable Vulnerabilities 187 9.3.1 Overview of the Test Environment 188 9.3.2 Modes of Operation 189 9.3.2.1 Synchronous Mode 190 9.3.2.2 Asynchronous Mode 191 9.3.2.3 Hybrid Approach 192 9.3.3 Examples of Agents 193 9.3.3.1 Agent Core Dump 193 9.3.3.2 Agent Log Tailer 194 9.3.3.3 Agent Process Monitor 194 9.3.3.4 Agent PID 194 9.3.3.5 Agent Address Sanitizer 195 9.3.3.6 Agent Valgrind 195 9.3.3.7 An Example config.json Configuration File 196 9.3.4 Example Results from Agent Instrumentation 197 9.3.4.1 Bluetooth Fuzz Testing 198 9.3.4.2 Wi-Fi Fuzz Testing 199 9.3.4.3 MQTT Fuzz Testing 201 9.3.4.4 File Format Fuzz Testing 203 9.3.5 Applicability and Automation 206 9.4 Chapter Summary 207 References 208 10 Automating File Fuzzing over USB for Automotive Systems 211 10.1 Need for File Format Fuzzing 213 10.2 Problem Statement: Manual Process for File Format Fuzzing 215 10.3 Solution: Emulated Filesystems to Automate File Format Fuzzing 216 10.3.1 System Architecture Overview 217 10.3.2 Phase One Implementation Example: Prepare Fuzzed Files 219 10.3.3 Phase Two Implementation Example: Automatically Emulate Filesystems 223 10.3.4 Automating User Input 228 10.3.5 Monitor for Exceptions 231 10.4 Chapter Summary 236 References 237 11 Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems 241 11.1 Introduction to ALM Systems 242 11.2 Problem Statement: Tracing Secure Software Development Activities and Results to Requirements and Automating Application Security Testing 245 11.3 Solution: Integrating Application Security Testing Tools with ALM Systems 248 11.3.1 Concept 249 11.3.1.1 Static Code Analysis – Example 249 11.3.1.2 Software Composition Analysis – Example 250 11.3.1.3 Vulnerability Scanning – Example 250 11.3.1.4 Fuzz Testing – Example 250 11.3.1.5 Concept Overview 251 11.3.2 Example Implementation 252 11.3.2.1 Defensics 252 11.3.2.2 code Beamer ALM 252 11.3.2.3 Jenkins 252 11.3.2.4 SUT 253 11.3.2.5 Implementation Overview 253 11.3.3 Considerations 258 11.4 Chapter Summary 262 References 264 12 Continuous Cybersecurity Monitoring, Vulnerability Management, Incident Response, and Secure OTA Updates 267 12.1 Need for Cybersecurity Monitoring and Secure OTA Updates 268 12.2 Problem Statement: Software Inventory, Monitoring Vulnerabilities, and Vulnerable Vehicles 271 12.3 Solution: Release Management, Monitoring and Tracking, and Secure OTA Updates 272 12.3.1 Release Management 273 12.3.2 Monitoring and Tracking 276 12.3.2.1 Solutions in Other Industries 276 12.3.2.2 Solutions in the Automotive Industry 277 12.3.2.3 Example Automotive SOC Overview 277 12.3.2.4 Example Automotive SOC Workflow 279 12.3.2.5 Newly Detected Vulnerabilities in Open-Source Software – Example 279 12.3.3 Secure OTA Updates 280 12.3.3.1 Identify Vulnerable Vehicles Targeted for OTA Updates 281 12.3.3.2 Perform Secure OTA Updates 281 12.3.3.3 Target Systems for OTA Updates 282 12.3.3.4 Overview of Secure OTA Update Process for ECUs 283 12.3.3.5 Standardization and Frameworks for OTA Updates 284 12.4 Chapter Summary 285 References 286 13 Summary and Next Steps 289 Index 293 Details ISBN111971074X Short Title Building Secure Cars Language English Year 2021 ISBN-10 111971074X ISBN-13 9781119710745 Format Hardcover Subtitle Assuring the Automotive Software Development Lifecycle Pages 320 Country of Publication United States Publication Date 2021-04-08 UK Release Date 2021-04-08 AU Release Date 2021-05-17 NZ Release Date 2021-05-17 Author Dennis Kengo Oka Publisher John Wiley & Sons Inc Imprint John Wiley & Sons Inc Place of Publication New York DEWEY 629.2/72 Audience Professional & Vocational US Release Date 2021-04-08 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! TheNile_Item_ID:131441257;

Price: 233.64 AUD

Location: Melbourne

End Time: 2024-11-21T03:45:09.000Z

Shipping Cost: 13.22 AUD