Cybersecurity has become intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. But with limited instrumentation, especially on software-heavy systems such as high-performance computers (HPCs), several types of issues go undetected, including memory leaks and cases when the application crashes then restarts quickly.
Because these automotive systems are based on operating systems such as Linux and Android, it’s possible to collect information from the system under test (SUT) to determine whether any exceptions were detected during fuzz testing. Details about the detected exceptions help developers better understand and identify the root cause of the issues and fix the problems more efficiently.
This paper introduces the Agent Instrumentation Framework and explains how it can be used to improve the fuzz testing of HPCs. It also shows how information can be collected from the target system to identify exceptions on the SUT to help developers detect the underlying cause of any issues found. And it includes a test bench based on this approach and the findings of fuzz testing performed against multiple SUTs. Based on the findings, the paper highlights several examples of issues that would not have been detected without the Agent Instrumentation Framework.
Uncover more about fuzzing
Securing 5G and IoT with Fuzzing
Commonly asked questions on fuzz testing
Get RFC specification coverage, test tool features, and tool-specific information for our 300+ test suites.
What is fuzzing?
5G: Vast potential, but better security needed
Improving Fuzz Testing of Infotainment Systems and Telematics Units