Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet
With the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and...
Saved in:
Published in | 2020 27th Asia-Pacific Software Engineering Conference (APSEC) pp. 495 - 499 |
---|---|
Main Authors | , , , , , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.12.2020
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | With the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and capability, SOME/IP is getting adopted by more and more automotive devices. Subsequently, the security of SOME/IP applications becomes crucial. However, previous security testing techniques cannot fit the scenario of vulnerability detection SOME/IP applications due to miscellaneous challenges such as the difficulty of server-side testing programs in parallel, etc. By addressing these challenges, we propose Ori - a greybox fuzzer for SOME/IP applications, which features two key innovations: the attach fuzzing mode and structural mutation. The attach fuzzing mode enables Ori to test server programs efficiently, and the structural mutation allows Ori to generate valid SOME/IP packets to reach deep paths of the target program effectively. Our evaluation shows that Ori can detect vulnerabilities in SOME/IP applications effectively and efficiently. |
---|---|
ISSN: | 2640-0715 |
DOI: | 10.1109/APSEC51365.2020.00063 |