PRESENTATION:

Fuzz Testing Automotive Software With Dependencies

The Context:
The new ISO/SAE 21434 increases the requirement for security testing in the automotive domain. Car manufacturers must now provide advanced security tests for each software component, as part of the validation process. This includes either, penetration testing, vulnerability scanning and/or fuzz testing. But especially the early adoption of fuzz testing is currently becoming best practice among German car manufacturers. 

This has two reasons: (1) Integrating fuzzing into their CI/CD helps them to achieve ISO 21434 compliance, and (2) fuzz testing enables them to cope with the growing dependencies in automotive software. Continental HMI for instance used white-box fuzzing approaches, to simulate their hardware dependencies. This specific fuzz testing approach, which my colleagues and I developed, enabled them to achieve a code coverage of more than 95% in most of their modules [1].

During the session, I will demonstrate how we improved Continentals HMI’s code coverage, and we will also discuss strategies how you can apply these fuzz testing approaches to your own software. 

Related Articles:
[1] How Continental Managed to Test 18.000 Lines of Code Within Only One Week https://www.code-intelligence.com/fuzzing-use-case-automtive-continental

PRESENTER:

Khaled Yakdan

Khaled Yakdan is Co-Founder & Chief Scientist at Code Intelligence. He drives the customer-oriented development of the CI Fuzz security testing platform. As a malware analyst, he is an expert in binary code analysis, with over 7 years of experience in reverse engineering and penetration testing.