A Study of Security Vulnerabilities and Software Weaknesses in Vehicles

被引：10

作者：

Xiong, Wenjun ^{[1
]}

Gulsever, Melek ^{[1
]}

Kaya, Koray Mustafa ^{[1
]}

Lagerstrom, Robert ^{[1
]}

机构：

[1] KTH Royal Inst Technol, Sch Elect Engn & Comp Sci, Stockholm, Sweden

来源：

SECURE IT SYSTEMS, NORDSEC 2019 | 2019年 / 11875卷

关键词：

Vehicles; Cyber security; Vulnerabilities; Weaknesses;

D O I：

10.1007/978-3-030-35055-0_13

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we conduct an empirical study with the purpose of identifying common security vulnerabilities discovered in vehicles. The vulnerability information is gathered for 60 vehicle OEMs (Original Equipment Manufacturers) and common vehicle components from the National Vulnerability Database (NVD). Each vulnerability (CVE) is analyzed with respect to its software weakness type (CWE) and severity score (CVSS). 44 unique CVEs were found in NVD and analyzed. The analysis results show that about 50% of the vulnerabilities fall into the medium severity category, and the three most common software weaknesses reported are protection mechanism failure, buffer errors, and information disclosure.

引用

页码：204 / 218

页数：15

共 50 条

[21] Security vulnerabilities in software systems: A quantitative perspective
Alhazmi, O
Malaiya, Y
Ray, I
DATA AND APPLICATIONS SECURITY XIX, PROCEEDINGS, 2005, 3654 : 281 - 294
[22] Evidentiary Implications of Potential Security Weaknesses in Forensic Software
Ridder, Chris K.
INTERNATIONAL JOURNAL OF DIGITAL CRIME AND FORENSICS, 2009, 1 (03) : 80 - 91
[23] Survey of Security Protocols and Vulnerabilities in Unmanned Aerial Vehicles
Shafique, Arslan
Mehmood, Abid
Elhadef, Mourad
IEEE ACCESS, 2021, 9 : 46927 - 46948
[24] E-Learning Software Security Tested for Security Vulnerabilities & Issues
Violettas, George E.
Theodorou, Tryfon L.
Stephanides, George C.
2013 FOURTH INTERNATIONAL CONFERENCE ON E-LEARNING "BEST PRACTICES IN MANAGEMENT, DESIGN AND DEVELOPMENT OF E-COURSES: STANDARDS OF EXCELLENCE AND CREATIVITY, 2013, : 233 - 240
[25] Architectural Solutions to Mitigate Security Vulnerabilities in Software Systems
Anand, Priya
Ryoo, Jungwoo
13TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY (ARES 2018), 2019,
[26] Understanding Software Security Vulnerabilities in Cloud Server Systems
Tunde-Onadele, Olufogorehan
Lin, Yuhang
Gu, Xiaohui
He, Jingzhu
2022 IEEE INTERNATIONAL CONFERENCE ON CLOUD ENGINEERING (IC2E 2022), 2022, : 245 - 252
[27] Do Software Security Practices Yield Fewer Vulnerabilities?
Zahan, Nusrat
Shohan, Shohanuzzaman
Harris, Dan
Williams, Laurie
2023 IEEE/ACM 45TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: SOFTWARE ENGINEERING IN PRACTICE, ICSE-SEIP, 2023, : 292 - 303
[28] Tracking Known Security Vulnerabilities in Proprietary Software Systems
Cadariu, Mircea
Bouwers, Eric
Visser, Joost
van Deursen, Arie
2015 22ND INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), 2015, : 516 - 519
[29] Software Security: Vulnerabilities and Countermeasures for Two Attacker Models
Piessens, Frank
Verbauwhede, Ingrid
PROCEEDINGS OF THE 2016 DESIGN, AUTOMATION & TEST IN EUROPE CONFERENCE & EXHIBITION (DATE), 2016, : 990 - 999
[30] A software security assessment system based on analysis of vulnerabilities
Sui, Chenmeng
Liu, Yanzhao
Liu, Yun
Journal of Convergence Information Technology, 2012, 7 (06) : 211 - 219

← 1 2 3 4 5 →