The vehicle is quickly becoming part of the internet of things (IoT). While this enables exciting new features and business models, it also increases the attack surface for cyber security threats. As part of a holistic security engineering process, security testing methods play an important role to make vehicles more secure. In this paper we propose an efficient approach for automotive fuzz testing. The concept uses existing automotive testing frameworks as a user front end and handles the automotive-specific processing and communication tasks. Our approach aims at extending existing testing tools and frameworks by integrating open source fuzzing engines, which are well established in classical IT security testing. Knowledge about automotive communication databases, including DBC, CDD, ODX, LDF, FIBEX, and AUTOSAR SD are used to automatically derive configurations for the fuzzing engine. CANoe as a robust automotive testing framework is used as message publisher and target monitor. The approach has the potential to provide OEMs, suppliers, and security service providers with an additional highly efficient building block for their security testing strategy.
Lapczynski et al. (Sun,) studied this question.