Publications
2022
Lama J Moukahal; Mohammad Zulkernine; Martin Soukup
AVSDA: Autonomous Vehicle Security Decay Assessment Conference
The 16th International Conference on Risks and Security of Internet and Systems (CRISIS), vol. 13204, Springer, 2022.
@conference{moukahal2021AVSDA,
title = {AVSDA: Autonomous Vehicle Security Decay Assessment},
author = {Lama J Moukahal and Mohammad Zulkernine and Martin Soukup},
doi = {10.1007/978-3-031-02067-4_2},
year = {2022},
date = {2022-04-09},
urldate = {2021-01-01},
booktitle = {The 16th International Conference on Risks and Security of Internet and Systems (CRISIS)},
volume = {13204},
publisher = {Springer},
abstract = {Security practices become weaker over time as attackers’ capabilities evolve. Security decay within vehicle software systems can have devastating consequences as it can pose a direct threat to people’s lives. Thus, it is crucial to monitor the changing threat level on vehicles during their full lifespan. We present an Autonomous Vehicle Security Decay Assessment (AVSDA) framework that analyzes and predicts the system’s security risk over vehicles’ lifespan. The framework analyzes vulnerable software components periodically and estimates the security risk level to identify security decay. AVSDA employs several metrics specifically designed for autonomous vehicle systems to automatically identify potentially weak components and quantify security risk. We evaluate the framework on OpenPilot, an autonomous driving system. The case study demonstrates the effectiveness of the AVSDA framework in identifying security decay over time. The results show an accuracy rate of 94% and a recall rate of 78%, outperforming all other known metrics by at least 50%.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Security practices become weaker over time as attackers’ capabilities evolve. Security decay within vehicle software systems can have devastating consequences as it can pose a direct threat to people’s lives. Thus, it is crucial to monitor the changing threat level on vehicles during their full lifespan. We present an Autonomous Vehicle Security Decay Assessment (AVSDA) framework that analyzes and predicts the system’s security risk over vehicles’ lifespan. The framework analyzes vulnerable software components periodically and estimates the security risk level to identify security decay. AVSDA employs several metrics specifically designed for autonomous vehicle systems to automatically identify potentially weak components and quantify security risk. We evaluate the framework on OpenPilot, an autonomous driving system. The case study demonstrates the effectiveness of the AVSDA framework in identifying security decay over time. The results show an accuracy rate of 94% and a recall rate of 78%, outperforming all other known metrics by at least 50%.
Lama J Moukahal; Mohammad Zulkernine; Martin Soukup
Boosting Grey-box Fuzzing for Connected Autonomous Vehicle Systems Conference
2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C), IEEE, Hainan, China, 2022, ISBN: 978-1-6654-7836-6.
@conference{nokey,
title = {Boosting Grey-box Fuzzing for Connected Autonomous Vehicle Systems},
author = {Lama J Moukahal and Mohammad Zulkernine and Martin Soukup},
doi = {10.1109/QRS-C55045.2021.00080},
isbn = {978-1-6654-7836-6},
year = {2022},
date = {2022-04-01},
urldate = {2021-11-15},
booktitle = {2021 IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C)},
publisher = {IEEE},
address = {Hainan, China},
abstract = {Assuring the cybersecurity of Connected Autonomous Vehicles (CAVs) entails protecting the data, devices, network connectivity, and, most importantly, autonomous vehicles' software. Software security testing aims to minimize the attack surface of CAVs by identifying security vulnerabilities at an early stage. One of the most robust and efficient security testing methods is fuzzing. Though fuzz testing can validate the system with various scenarios, its blindness prevents it from exploring the deep paths of the system. Hence, the automotive industry needs a reliable security testing tool that dynamically explores the system and assures a comprehensive evaluation. This paper presents a hybrid fuzz testing framework (VulFuzz ++ ) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz ++ offloads most of the exploration process to the vulnerability-oriented fuzzer (VulFuzz) explicitly designed for automotive systems. When the fuzzer halts failing to explore different paths, VulFuzz ++ examines the untraversed branches and prioritizes them based on their potential to expose vulnerabilities. It utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. When the concolic engine discovers new system inputs, testing is handed over again to the fuzzer to perform a quick and efficient evaluation of the newly explored region. We implemented and experimented with the VulfFuzz ++ framework on a driving assistance system. VulFuzz ++ boosted the vulnerability exposure process of grey-box fuzzing, increasing the obtained crashes by 50%. It dramatically outperforms traditional concolic engines in assisting fuzzers, exposing 50 times more unique crashes. VulFuzz ++ extends the testing time moderately but assures a comprehensive examination covering 96.7% of the automotive system branches.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Assuring the cybersecurity of Connected Autonomous Vehicles (CAVs) entails protecting the data, devices, network connectivity, and, most importantly, autonomous vehicles' software. Software security testing aims to minimize the attack surface of CAVs by identifying security vulnerabilities at an early stage. One of the most robust and efficient security testing methods is fuzzing. Though fuzz testing can validate the system with various scenarios, its blindness prevents it from exploring the deep paths of the system. Hence, the automotive industry needs a reliable security testing tool that dynamically explores the system and assures a comprehensive evaluation. This paper presents a hybrid fuzz testing framework (VulFuzz ++ ) that unites the efficiency of fuzzing and the precision of concolic execution to provide the automotive industry a reliable security testing tool. VulFuzz ++ offloads most of the exploration process to the vulnerability-oriented fuzzer (VulFuzz) explicitly designed for automotive systems. When the fuzzer halts failing to explore different paths, VulFuzz ++ examines the untraversed branches and prioritizes them based on their potential to expose vulnerabilities. It utilizes a tailored, targeted concolic engine that limits the symbolic exploration to only specific functions. When the concolic engine discovers new system inputs, testing is handed over again to the fuzzer to perform a quick and efficient evaluation of the newly explored region. We implemented and experimented with the VulfFuzz ++ framework on a driving assistance system. VulFuzz ++ boosted the vulnerability exposure process of grey-box fuzzing, increasing the obtained crashes by 50%. It dramatically outperforms traditional concolic engines in assisting fuzzers, exposing 50 times more unique crashes. VulFuzz ++ extends the testing time moderately but assures a comprehensive examination covering 96.7% of the automotive system branches.
2021
Lama J Moukahal; Mohammad Zulkernine; Martin Soukup
Towards a Secure Software Lifecycle for Autonomous Vehicles Conference
2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW), IEEE, 2021, ISBN: 978-1-6654-2603-9, (Nominated for the Best Industry Paper Award).
@conference{moukahal2021securityVul,
title = {Towards a Secure Software Lifecycle for Autonomous Vehicles},
author = {Lama J Moukahal and Mohammad Zulkernine and Martin Soukup},
url = {https://ieeexplore.ieee.org/abstract/document/9700220},
doi = {10.1109/ISSREW53611.2021.00104},
isbn = {978-1-6654-2603-9},
year = {2021},
date = {2021-10-25},
urldate = {2021-10-25},
booktitle = {2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)},
pages = {371-377},
publisher = {IEEE},
abstract = {The race for driverless vehicles is on the rise among industry players. Connected and Autonomous Vehicles (CAVs) success is founded on software integration that employs advanced technologies to offer valuable services. Software integration and network connectivity expose vehicles to numerous cyberattacks, making software security development the core factor affecting the reliability and safety of autonomous vehicles. The architecture of CAVs introduces unique challenges for automotive security development and operation that traditional security lifecycles are insufficient to manage. This paper presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. The SVSE lifecycle incorporates security activities that mitigate the development and operation challenges, reducing cybersecurity violations. It assists the automotive industry in complying with international security standards by granting security considerations throughout the development lifecycle that accommodate the requirements of industrial standards. The SVSE lifecycle promises manageability and deliverability of security practices throughout the full-life span of vehicles, making CAVs more resilient to cyberattacks.},
note = {Nominated for the Best Industry Paper Award},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
The race for driverless vehicles is on the rise among industry players. Connected and Autonomous Vehicles (CAVs) success is founded on software integration that employs advanced technologies to offer valuable services. Software integration and network connectivity expose vehicles to numerous cyberattacks, making software security development the core factor affecting the reliability and safety of autonomous vehicles. The architecture of CAVs introduces unique challenges for automotive security development and operation that traditional security lifecycles are insufficient to manage. This paper presents a Secure Vehicle Software Engineering (SVSE) lifecycle that ensures security-by-design, devoting security considerations throughout all phases of the vehicle software development process. The SVSE lifecycle incorporates security activities that mitigate the development and operation challenges, reducing cybersecurity violations. It assists the automotive industry in complying with international security standards by granting security considerations throughout the development lifecycle that accommodate the requirements of industrial standards. The SVSE lifecycle promises manageability and deliverability of security practices throughout the full-life span of vehicles, making CAVs more resilient to cyberattacks.
Lama J Moukahal; Mohammad Zulkernine; Martin Soukup
Vulnerability-Oriented Fuzz Testing for Connected Autonomous Vehicle Systems Journal Article
In: IEEE Transactions on Reliability (ToR), vol. 70, no. 4, pp. 1422-1437, 2021, ISSN: 1558-1721.
@article{VulOrientedFuzzTest,
title = {Vulnerability-Oriented Fuzz Testing for Connected Autonomous Vehicle Systems},
author = {Lama J Moukahal and Mohammad Zulkernine and Martin Soukup},
url = {https://ieeexplore.ieee.org/document/9557794},
doi = {10.1109/TR.2021.3112538},
issn = {1558-1721},
year = {2021},
date = {2021-10-04},
urldate = {2021-10-04},
journal = {IEEE Transactions on Reliability (ToR)},
volume = {70},
number = {4},
pages = {1422-1437},
publisher = {IEEE},
abstract = {In an era of connectivity and automation, the vehicle industry is adopting numerous technologies to transform driver-centric vehicles into intelligent mechanical devices driven by software components. Software integration and network connectivity inherit numerous security issues that open the door for malicious attacks. Software security testing is a scalable and practical approach to identify systems’ weaknesses and vulnerabilities at an early stage and throughout their life-cycle. Security specialists recommend fuzz testing to identify vulnerabilities within vehicle software systems. Nevertheless, the randomness and blindness of fuzzing hinder it from becoming a reliable security tool. This article presents a vulnerability-oriented fuzz (VulFuzz) testing framework that utilizes security vulnerability metrics designed particularly for connected and autonomous vehicles to direct and prioritize the fuzz testing toward the most vulnerable components. While most gray-box fuzzing techniques aim solely to expand code coverage, the proposed approach assigns weights to ensure a thorough examination of the most vulnerable components. Moreover, we employ an input structure-aware mutation technique that can bypass vehicle software systems’ input formats to boost test performance and avoid dropped test cases. Such a testing technique will contribute to the quality assurance of vehicle software engineering. We implemented the proposed approach on OpenPilot, a driver assistance system, and compared our results to American fuzzy lop (AFL) and an unguided mutation-based fuzzer. Within 16.8 h, VulFuzz exposed 335 crashes, 41 times more than AFL and two times more than an unguided mutation-based fuzzer. VulFuzz is explicitly efficient for automotive systems, reaching the same code coverage as AFL but with more exposed crashes and fewer dropped messages.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
In an era of connectivity and automation, the vehicle industry is adopting numerous technologies to transform driver-centric vehicles into intelligent mechanical devices driven by software components. Software integration and network connectivity inherit numerous security issues that open the door for malicious attacks. Software security testing is a scalable and practical approach to identify systems’ weaknesses and vulnerabilities at an early stage and throughout their life-cycle. Security specialists recommend fuzz testing to identify vulnerabilities within vehicle software systems. Nevertheless, the randomness and blindness of fuzzing hinder it from becoming a reliable security tool. This article presents a vulnerability-oriented fuzz (VulFuzz) testing framework that utilizes security vulnerability metrics designed particularly for connected and autonomous vehicles to direct and prioritize the fuzz testing toward the most vulnerable components. While most gray-box fuzzing techniques aim solely to expand code coverage, the proposed approach assigns weights to ensure a thorough examination of the most vulnerable components. Moreover, we employ an input structure-aware mutation technique that can bypass vehicle software systems’ input formats to boost test performance and avoid dropped test cases. Such a testing technique will contribute to the quality assurance of vehicle software engineering. We implemented the proposed approach on OpenPilot, a driver assistance system, and compared our results to American fuzzy lop (AFL) and an unguided mutation-based fuzzer. Within 16.8 h, VulFuzz exposed 335 crashes, 41 times more than AFL and two times more than an unguided mutation-based fuzzer. VulFuzz is explicitly efficient for automotive systems, reaching the same code coverage as AFL but with more exposed crashes and fewer dropped messages.
2020
Lama J Moukahal; Marwa A Elsayed; Mohammad Zulkernine
Vehicle Software Engineering (VSE): Research and Practice Journal Article
In: IEEE Internet of Things Journal, vol. 7, no. 10, pp. 10137–10149, 2020, ISSN: 2327-4662.
@article{moukahal2020vehicle,
title = {Vehicle Software Engineering (VSE): Research and Practice},
author = {Lama J Moukahal and Marwa A Elsayed and Mohammad Zulkernine},
url = {https://ieeexplore.ieee.org/document/9112168},
doi = {10.1109/JIOT.2020.3001026},
issn = {2327-4662},
year = {2020},
date = {2020-01-01},
urldate = {2020-01-01},
journal = {IEEE Internet of Things Journal},
volume = {7},
number = {10},
pages = {10137--10149},
publisher = {IEEE},
abstract = {The Internet of Things (IoT) is shaping the future of the automotive industry. Grounded on the advances in everything from sensors, electronic controllers, artificial intelligence, data analytics, to network connectivity, intelligent connected autonomous vehicles (CAVs) have become the essence in IoT applications. The software in CAVs lies at the core of this digital transformation. Faulty software remains the main reason behind the vast number of safety recalls and reputation damage witnessed recently in the automotive industry. The uniqueness of CAVs originates challenges for vehicle software engineering (VSE) that render traditional models and practical solutions for software development ineffective and inapplicable. Despite the raised necessity to adopt a software engineering model that can handle these challenges, there is a lack of studies recognizing the importance of VSE. This article presents an in-depth and comprehensive analysis to perceive the existing software engineering processes detailing their strengths and limitations in the context of CAVs. It also reviews current practical software solutions, including standards, tools, languages, and research efforts to understand the evolution, trends, and current practice in this article area. This article will enable automakers and software providers to better assess and differentiate among the existing software engineering processes and current practical solutions for vehicle software system development. Hence, they would be able to adopt a VSE model and follow best practices that can better meet their challenging needs.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) is shaping the future of the automotive industry. Grounded on the advances in everything from sensors, electronic controllers, artificial intelligence, data analytics, to network connectivity, intelligent connected autonomous vehicles (CAVs) have become the essence in IoT applications. The software in CAVs lies at the core of this digital transformation. Faulty software remains the main reason behind the vast number of safety recalls and reputation damage witnessed recently in the automotive industry. The uniqueness of CAVs originates challenges for vehicle software engineering (VSE) that render traditional models and practical solutions for software development ineffective and inapplicable. Despite the raised necessity to adopt a software engineering model that can handle these challenges, there is a lack of studies recognizing the importance of VSE. This article presents an in-depth and comprehensive analysis to perceive the existing software engineering processes detailing their strengths and limitations in the context of CAVs. It also reviews current practical software solutions, including standards, tools, languages, and research efforts to understand the evolution, trends, and current practice in this article area. This article will enable automakers and software providers to better assess and differentiate among the existing software engineering processes and current practical solutions for vehicle software system development. Hence, they would be able to adopt a VSE model and follow best practices that can better meet their challenging needs.
2019
Lama Moukahal; Mohammad Zulkernine
Security vulnerability metrics for connected vehicles Conference
2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), IEEE, 2019, ISBN: 978-1-7281-3926-5.
@conference{moukahal2019security,
title = {Security vulnerability metrics for connected vehicles},
author = {Lama Moukahal and Mohammad Zulkernine},
url = {https://ieeexplore.ieee.org/document/8859489},
doi = {10.1109/QRS-C.2019.00017},
isbn = {978-1-7281-3926-5},
year = {2019},
date = {2019-01-01},
urldate = {2019-01-01},
booktitle = {2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C)},
pages = {17--23},
publisher = {IEEE},
abstract = {Software integration in modern vehicles is continuously expanding. This is due to the fact that vehicle manufacturers are always trying to enhance and add more innovative and competitive features that may rely on complex software functionalities. However, these features come at a cost. They amplify the security vulnerabilities in vehicles and lead to more security issues in today's automobiles. As a result, the need for identifying vulnerable components in a vehicle software system has become crucial. Security experts need to know which components of the vehicle software system can be exploited for attacks and should focus their testing and inspection efforts on it. Nevertheless, it is a challenging and costly task to identify these weak components in a vehicle's system. In this paper, we propose some security vulnerability metrics for connected vehicles that aim to assist software testers during the development life-cycle in order to identify the frail links that put the vehicle at highsecurity risks. Vulnerable function assessment can give software testers a good idea about which components in a connected vehicle need to be prioritized in order to mitigate the risk and hence secure the vehicle. The proposed metrics were applied to OpenPilot - a software that provides Autopilot feature - and has been integrated with 48 different vehicles.. The application shows how the defined metrics can be effectively used to quantitatively measure the vulnerabilities of a vehicle software system.},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Software integration in modern vehicles is continuously expanding. This is due to the fact that vehicle manufacturers are always trying to enhance and add more innovative and competitive features that may rely on complex software functionalities. However, these features come at a cost. They amplify the security vulnerabilities in vehicles and lead to more security issues in today's automobiles. As a result, the need for identifying vulnerable components in a vehicle software system has become crucial. Security experts need to know which components of the vehicle software system can be exploited for attacks and should focus their testing and inspection efforts on it. Nevertheless, it is a challenging and costly task to identify these weak components in a vehicle's system. In this paper, we propose some security vulnerability metrics for connected vehicles that aim to assist software testers during the development life-cycle in order to identify the frail links that put the vehicle at highsecurity risks. Vulnerable function assessment can give software testers a good idea about which components in a connected vehicle need to be prioritized in order to mitigate the risk and hence secure the vehicle. The proposed metrics were applied to OpenPilot - a software that provides Autopilot feature - and has been integrated with 48 different vehicles.. The application shows how the defined metrics can be effectively used to quantitatively measure the vulnerabilities of a vehicle software system.
2016
Ramzi A Haraty; Nashat Mansour; Lama Moukahal; Iman Khalil
Regression Test Cases Prioritization Using Clustering and Code Change Relevance Journal Article
In: International Journal of Software Engineering and Knowledge Engineering, vol. 26, no. 05, pp. 733–768, 2016.
@article{haraty2016regression,
title = {Regression Test Cases Prioritization Using Clustering and Code Change Relevance},
author = {Ramzi A Haraty and Nashat Mansour and Lama Moukahal and Iman Khalil},
url = {https://www.worldscientific.com/doi/abs/10.1142/S0218194016500248},
doi = {10.1142/S0218194016500248},
year = {2016},
date = {2016-01-01},
urldate = {2016-01-01},
journal = {International Journal of Software Engineering and Knowledge Engineering},
volume = {26},
number = {05},
pages = {733--768},
publisher = {World Scientific},
abstract = {Regression testing is important for maintaining software quality. However, the cost of regression testing is relatively high. Test case prioritization is one way to reduce this cost. Test case prioritization techniques sort test cases for regression testing based on their importance. In this paper, we design and implement a test case prioritization method based on the location of a change. The method consists of three steps: (1) clustering test cases, (2) prioritizing the clusters with respect to the relevance of the clusters to a code change, and (3) test case prioritization within each cluster based on metrics. We propose a metric for measuring test case importance based on Requirement Complexity, Code Complexity, and Code Coverage. To evaluate our method, we apply it on a launch interceptor problem program, and measure the inclusiveness and precision for clusters of test cases with respect to code change in specific test cases. Our results show that our proposed change-based prioritization method increases the likelihood of executing more relevant test cases earlier.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Regression testing is important for maintaining software quality. However, the cost of regression testing is relatively high. Test case prioritization is one way to reduce this cost. Test case prioritization techniques sort test cases for regression testing based on their importance. In this paper, we design and implement a test case prioritization method based on the location of a change. The method consists of three steps: (1) clustering test cases, (2) prioritizing the clusters with respect to the relevance of the clusters to a code change, and (3) test case prioritization within each cluster based on metrics. We propose a metric for measuring test case importance based on Requirement Complexity, Code Complexity, and Code Coverage. To evaluate our method, we apply it on a launch interceptor problem program, and measure the inclusiveness and precision for clusters of test cases with respect to code change in specific test cases. Our results show that our proposed change-based prioritization method increases the likelihood of executing more relevant test cases earlier.