Название: Building Secure Cars: Assuring the Automotive Software Development Lifecycle Автор: Dennis Kengo Oka Издательство: Wiley Год: 2021 Страниц: 323 Язык: английский Формат: pdf (true) Размер: 10.1 MB
Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle
While increased connectivity and advanced software-based automotive systems provide tremendous benefits and improved user experiences, they also make the modern vehicle highly susceptible to cybersecurity attacks. In response, the automotive industry is investing heavily in establishing cybersecurity engineering processes.
Written by a seasoned automotive expert with abundant international industry expertise, Building Secure Cars: Assuring the Software Development Lifecycle introduces readers to various types of cybersecurity activities, measures, and solutions that can be applied at each stage in the typical automotive development process.
This book aims to assist auto industry insiders build more secure cars by incorporating key security measures into their software development lifecycle. Readers will learn to better understand common problems and pitfalls in the development process that lead to security vulnerabilities. To overcome such challenges, this book details how to apply and optimize various automated solutions, which allow software development and test teams to identify and fix vulnerabilities in their products quickly and efficiently. This book balances technical solutions with automotive technologies, making implementation practical. Building Secure Cars is:
One of the first books to explain how the automotive industry can address the increased risks of cyberattacks, and how to incorporate security into the software development lifecycle An optimal resource to help improve software security with relevant organizational workflows and technical solutions A complete guide that covers introductory information to more advanced and practical topics Written by an established professional working at the heart of the automotive industry Fully illustrated with tables and visuals, plus real-life problems and suggested solutions to enhance the learning experience
This book is written for software development process owners, security policy owners, software developers and engineers, and cybersecurity teams in the automotive industry. All readers will be empowered to improve their organizations' security postures by understanding and applying the practical technologies and solutions inside.
Contents:
Preface About the Author 1. Overview of the current state of cybersecurity in the automotive industry 1.1. Cybersecurity standards, guidelines, and activities 1.2. Process changes, organizational changes, and new solutions 1.3. Results from a survey on cybersecurity practices in the automotive industry 2. Introduction to security in the automotive software development lifecycle 2.1. V-model software development process 2.2. Challenges in the automotive software development 3. Automotive-grade secure hardware 3.1. Need for automotive secure hardware 3.2. Different types of HSMs 3.3. Root of trust: security features provided by automotive HSM 4. Need for automated security solutions in the automotive software development lifecycle 4.1. Main challenges in the automotive industry 4.2. Automated security solutions during the product development phases 4.2.1. Static code analysis 4.2.2. Software composition analysis 4.2.3. Security testing 4.2.4. Automation and traceability during software development 4.3. Solutions during operations and maintenance phases 5. Static code analysis for automotive software 5.1. Introduction to MISRA and AUTOSAR coding guidelines 5.2. Problem statement: MISRA and AUTOSAR challenges 5.3. Solution: Workflow for code segmentation, guideline policies, and deviation management 6. Software composition analysis in the automotive industry 6.1. Software composition analysis, benefits, usage scenarios 6.2. Problem statement: Analysis of automotive software open-source software risks 6.2.1. Analysis results 6.2.1.1. zlib 6.2.1.2. libpng 6.2.1.3. Openssl 6.2.1.4. curl 6.2.1.5. Linux kernel 6.3. Solution: Countermeasures on process and technical levels 6.3.1. Fully inventory open-source software 7. Overview of automotive security testing approaches 7.1. Practical security testing 7.1.1. Functional security testing 7.1.2. Vulnerability scanning 7.1.3. Fuzz testing 7.1.4. Penetration testing 7.2. Frameworks for security testing 7.3. Focus on fuzz testing 8. Automating fuzz testing of in-vehicle systems by integrating with automotive test tools 8.1. HIL (hardware-in-the-loop) systems 8.2. Problem statement: SUT requires external input and monitoring 8.3. Solution: Integrating fuzz testing tools with HIL systems 9. Improving fuzz testing coverage by using Agent instrumentation 9.1. Introduction to Agent instrumentation 9.2. Problem statement: Undetectable vulnerabilities 9.3. Solution: Using agents to detect these vulnerabilities 10. Automating file fuzzing over USB for automotive systems 10.1. Need for file format fuzzing 10.2. Problem statement: Manual process for file format fuzzing 10.3. Solution: Emulated filesystems to automate file format fuzzing 11. Automation and traceability by integrating application security testing tools into ALM systems 12. Continuous cybersecurity monitoring, vulnerability management, incident response, and secure OTA (over-the-air) updates 13. Summary and Next Steps Index
Скачать Building Secure Cars: Assuring the Automotive Software Development Lifecycle
|