Fuzz Testing Software-Defined Vehicles Using Agent Instrumentation

Cybersecurity has become intertwined into each step of the automotive development process. In particular, fuzz testing has proven to be a powerful approach to detect unknown vulnerabilities in automotive systems. But with limited instrumentation, especially on software-heavy systems such as high-performance computers (HPCs), several types of issues go undetected, including memory leaks and cases when the application crashes then restarts quickly.

Because these automotive systems are based on operating systems such as Linux and Android, it’s possible to collect information from the system under test (SUT) to determine whether any exceptions were detected during fuzz testing. Details about the detected exceptions help developers better understand and identify the root cause of the issues and fix the problems more efficiently.

This paper introduces the Agent Instrumentation Framework and explains how it can be used to improve the fuzz testing of HPCs. It also shows how information can be collected from the target system to identify exceptions on the SUT to help developers detect the underlying cause of any issues found. And it includes a test bench based on this approach and the findings of fuzz testing performed against multiple SUTs. Based on the findings, the paper highlights several examples of issues that would not have been detected without the Agent Instrumentation Framework.

Download the white paper today