Visible to the public Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet

TitleOri: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet
Publication TypeConference Paper
Year of Publication2020
AuthorsLi, Yuekang, Chen, Hongxu, Zhang, Cen, Xiong, Siyang, Liu, Chaoyi, Wang, Yi
Conference Name2020 27th Asia-Pacific Software Engineering Conference (APSEC)
Keywordsautomotive, Automotive engineering, Collaboration, composability, Ethernet, fuzzing, ip privacy, policy-based governance, Protocols, pubcrawl, resilience, Resiliency, security, software engineering, SOME/IP, Testing
AbstractWith the emergence of smart automotive devices, the data communication between these devices gains increasing importance. SOME/IP is a light-weight protocol to facilitate inter- process/device communication, which supports both procedural calls and event notifications. Because of its simplicity and capability, SOME/IP is getting adopted by more and more automotive devices. Subsequently, the security of SOME/IP applications becomes crucial. However, previous security testing techniques cannot fit the scenario of vulnerability detection SOME/IP applications due to miscellaneous challenges such as the difficulty of server-side testing programs in parallel, etc. By addressing these challenges, we propose Ori - a greybox fuzzer for SOME/IP applications, which features two key innovations: the attach fuzzing mode and structural mutation. The attach fuzzing mode enables Ori to test server programs efficiently, and the structural mutation allows Ori to generate valid SOME/IP packets to reach deep paths of the target program effectively. Our evaluation shows that Ori can detect vulnerabilities in SOME/IP applications effectively and efficiently.
Citation Keyli_ori_2020