{"product_id":"building-secure-cars-9781119710745","title":"Building Secure Cars","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003ePreface xi\u003c\/p\u003e \u003cp\u003eAbout the Author xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Overview of the Current State of Cybersecurity in the Automotive Industry \u003c\/b\u003e\u003cb\u003e1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1.1 Cybersecurity Standards, Guidelines, and Activities 3\u003c\/p\u003e \u003cp\u003e1.2 Process Changes, Organizational Changes, and New Solutions 6\u003c\/p\u003e \u003cp\u003e1.3 Results from a Survey on Cybersecurity Practices in the Automotive Industry 8\u003c\/p\u003e \u003cp\u003e1.3.1 Survey Methods 8\u003c\/p\u003e \u003cp\u003e1.3.2 Report Results 9\u003c\/p\u003e \u003cp\u003e1.3.2.1 Organizational Challenges 9\u003c\/p\u003e \u003cp\u003e1.3.2.2 Technical Challenges 10\u003c\/p\u003e \u003cp\u003e1.3.2.3 Product Development and Security Testing Challenges 11\u003c\/p\u003e \u003cp\u003e1.3.2.4 Supply Chain and Third-Party Components Challenges 11\u003c\/p\u003e \u003cp\u003e1.3.3 How to Address the Challenges 12\u003c\/p\u003e \u003cp\u003e1.3.3.1 Organizational Takeaways 12\u003c\/p\u003e \u003cp\u003e1.3.3.2 Technical Takeaways 13\u003c\/p\u003e \u003cp\u003e1.3.3.3 Product Development and Security Testing Takeaways 13\u003c\/p\u003e \u003cp\u003e1.3.3.4 Supply Chain and Third-Party Components Takeaways 13\u003c\/p\u003e \u003cp\u003e1.3.3.5 Getting Started 14\u003c\/p\u003e \u003cp\u003e1.3.3.6 Practical Examples of Organizations Who Have Started 15\u003c\/p\u003e \u003cp\u003e1.4 Examples of Vulnerabilities in the Automotive Industry 16\u003c\/p\u003e \u003cp\u003e1.5 Chapter Summary 18\u003c\/p\u003e \u003cp\u003eReferences 19\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Introduction to Security in the Automotive Software Development Lifecycle \u003c\/b\u003e\u003cb\u003e23\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e2.1 V-Model Software Development Process 24\u003c\/p\u003e \u003cp\u003e2.2 Challenges in Automotive Software Development 25\u003c\/p\u003e \u003cp\u003e2.3 Security Solutions at each Step in the V-Model 26\u003c\/p\u003e \u003cp\u003e2.3.1 Cybersecurity Requirements Review 27\u003c\/p\u003e \u003cp\u003e2.3.2 Security Design Review 27\u003c\/p\u003e \u003cp\u003e2.3.3 Threat Analysis and Risk Assessment 27\u003c\/p\u003e \u003cp\u003e2.3.4 Source Code Review 28\u003c\/p\u003e \u003cp\u003e2.3.5 Static Code Analysis 28\u003c\/p\u003e \u003cp\u003e2.3.6 Software Composition Analysis 29\u003c\/p\u003e \u003cp\u003e2.3.7 Security Functional Testing 29\u003c\/p\u003e \u003cp\u003e2.3.8 Vulnerability Scanning 29\u003c\/p\u003e \u003cp\u003e2.3.9 Fuzz Testing 30\u003c\/p\u003e \u003cp\u003e2.3.10 Penetration Testing 30\u003c\/p\u003e \u003cp\u003e2.3.11 Incident Response and Updates 31\u003c\/p\u003e \u003cp\u003e2.3.12 Continuous Cybersecurity Activities 32\u003c\/p\u003e \u003cp\u003e2.3.13 Overall Cybersecurity Management 32\u003c\/p\u003e \u003cp\u003e2.4 New Technical Challenges 32\u003c\/p\u003e \u003cp\u003e2.5 Chapter Summary 34\u003c\/p\u003e \u003cp\u003eReferences 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Automotive-Grade Secure Hardware \u003c\/b\u003e\u003cb\u003e37\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e3.1 Need for Automotive Secure Hardware 39\u003c\/p\u003e \u003cp\u003e3.2 Different Types of HSMs 41\u003c\/p\u003e \u003cp\u003e3.3 Root of Trust: Security Features Provided by Automotive HSM 43\u003c\/p\u003e \u003cp\u003e3.3.1 Secure Boot 44\u003c\/p\u003e \u003cp\u003e3.3.2 Secure In-Vehicle Communication 45\u003c\/p\u003e \u003cp\u003e3.3.3 Secure Host Flashing 46\u003c\/p\u003e \u003cp\u003e3.3.4 Secure Debug Access 47\u003c\/p\u003e \u003cp\u003e3.3.5 Secure Logging 47\u003c\/p\u003e \u003cp\u003e3.4 Chapter Summary 48\u003c\/p\u003e \u003cp\u003eReferences 48\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Need for Automated Security Solutions in the Automotive Software Development Lifecycle \u003c\/b\u003e\u003cb\u003e51\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e4.1 Main Challenges in the Automotive Industry 53\u003c\/p\u003e \u003cp\u003e4.2 Automated Security Solutions During the Product Development Phases 55\u003c\/p\u003e \u003cp\u003e4.2.1 Static Code Analysis 55\u003c\/p\u003e \u003cp\u003e4.2.2 Software Composition Analysis 57\u003c\/p\u003e \u003cp\u003e4.2.3 Security Testing 58\u003c\/p\u003e \u003cp\u003e4.2.4 Automation and Traceability During Software Development 59\u003c\/p\u003e \u003cp\u003e4.3 Solutions During Operations and Maintenance Phases 59\u003c\/p\u003e \u003cp\u003e4.3.1 Cybersecurity Monitoring, Vulnerability Management, Incident Response, and OTA Updates 59\u003c\/p\u003e \u003cp\u003e4.4 Chapter Summary 61\u003c\/p\u003e \u003cp\u003eReferences 61\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Static Code Analysis for Automotive Software \u003c\/b\u003e\u003cb\u003e63\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e5.1 Introduction to MISRA and AUTOSAR Coding Guidelines 68\u003c\/p\u003e \u003cp\u003e5.2 Problem Statement: MISRA and AUTOSAR Challenges 75\u003c\/p\u003e \u003cp\u003e5.3 Solution: Workflow for Code Segmentation, Guideline Policies, and Deviation Management 79\u003c\/p\u003e \u003cp\u003e5.3.1 Step 1: Segment the Codebase into Different Categories\/Components Based on Risk 80\u003c\/p\u003e \u003cp\u003e5.3.2 Step 2: Specify Guideline Policies (Set of Guidelines to Apply) Depending on Risk Categories 81\u003c\/p\u003e \u003cp\u003e5.3.3 Step 3: Perform the Scan and Plan the Approach for Prioritization of Findings 82\u003c\/p\u003e \u003cp\u003e5.3.4 Step 4: Prioritize Findings Based on the Risk Categories and Guideline Policies and Determine How to Handle Each Finding, e.g. Fix or Leave as Deviation 83\u003c\/p\u003e \u003cp\u003e5.3.5 Step 5: Follow a Defined Deviation Management Process, Including Approval Steps 84\u003c\/p\u003e \u003cp\u003e5.3.6 Step 6: Report on MISRA or AUTOSAR Coding Guidelines Compliance Including Deviations 86\u003c\/p\u003e \u003cp\u003e5.4 Chapter Summary 87\u003c\/p\u003e \u003cp\u003eReferences 88\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Software Composition Analysis in the Automotive Industry \u003c\/b\u003e\u003cb\u003e91\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e6.1 Software Composition Analysis: Benefits and Usage Scenarios 95\u003c\/p\u003e \u003cp\u003e6.2 Problem Statement: Analysis of Automotive Software Open-Source Software Risks 98\u003c\/p\u003e \u003cp\u003e6.2.1 Analysis Results 98\u003c\/p\u003e \u003cp\u003e6.2.1.1 zlib 99\u003c\/p\u003e \u003cp\u003e6.2.1.2 libpng 99\u003c\/p\u003e \u003cp\u003e6.2.1.3 OpenSSL 99\u003c\/p\u003e \u003cp\u003e6.2.1.4 curl 99\u003c\/p\u003e \u003cp\u003e6.2.1.5 Linux Kernel 100\u003c\/p\u003e \u003cp\u003e6.2.2 Discussion 100\u003c\/p\u003e \u003cp\u003e6.3 Solution: Countermeasures on Process and Technical Levels 101\u003c\/p\u003e \u003cp\u003e6.3.1 Fully Inventory Open-Source Software 101\u003c\/p\u003e \u003cp\u003e6.3.2 Use Appropriate Software Composition Analysis Approaches 102\u003c\/p\u003e \u003cp\u003e6.3.3 Map Open-Source Software to Known Security Vulnerabilities 102\u003c\/p\u003e \u003cp\u003e6.3.4 Identify License, Quality, and Security Risks 103\u003c\/p\u003e \u003cp\u003e6.3.5 Create and Enforce Open-Source Software Risk Policies 104\u003c\/p\u003e \u003cp\u003e6.3.6 Continuously Monitor for New Security Threats and Vulnerabilities 104\u003c\/p\u003e \u003cp\u003e6.3.7 Define and Follow Processes for Addressing Vulnerabilities in Open-Source Software 105\u003c\/p\u003e \u003cp\u003e6.3.8 How to Get Started 106\u003c\/p\u003e \u003cp\u003e6.4 Chapter Summary 107\u003c\/p\u003e \u003cp\u003eReferences 108\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Overview of Automotive Security Testing Approaches \u003c\/b\u003e\u003cb\u003e111\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e7.1 Practical Security Testing 115\u003c\/p\u003e \u003cp\u003e7.1.1 Security Functional Testing 117\u003c\/p\u003e \u003cp\u003e7.1.2 Vulnerability Scanning 119\u003c\/p\u003e \u003cp\u003e7.1.3 Fuzz Testing 121\u003c\/p\u003e \u003cp\u003e7.1.4 Penetration Testing 122\u003c\/p\u003e \u003cp\u003e7.2 Frameworks for Security Testing 125\u003c\/p\u003e \u003cp\u003e7.3 Focus on Fuzz Testing 129\u003c\/p\u003e \u003cp\u003e7.3.1 Fuzz Engine 130\u003c\/p\u003e \u003cp\u003e7.3.2 Injector 134\u003c\/p\u003e \u003cp\u003e7.3.3 Monitor 136\u003c\/p\u003e \u003cp\u003e7.4 Chapter Summary 140\u003c\/p\u003e \u003cp\u003eReferences 141\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Automating Fuzz Testing of In-Vehicle Systems by Integrating with Automotive Test Tools \u003c\/b\u003e\u003cb\u003e145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e8.1 Overview of HIL Systems 147\u003c\/p\u003e \u003cp\u003e8.2 Problem Statement: SUT Requires External Input and Monitoring 150\u003c\/p\u003e \u003cp\u003e8.3 Solution: Integrating Fuzz Testing Tools with HIL Systems 152\u003c\/p\u003e \u003cp\u003e8.3.1 White-Box Approach for Fuzz Testing Using HIL System 157\u003c\/p\u003e \u003cp\u003e8.3.1.1 Example Test Setup Using an Engine ECU 159\u003c\/p\u003e \u003cp\u003e8.3.1.2 Fuzz Testing Setup for the Engine ECU 161\u003c\/p\u003e \u003cp\u003e8.3.1.3 Fuzz Testing Setup Considerations 165\u003c\/p\u003e \u003cp\u003e8.3.2 Black-Box Approach for Fuzz Testing Using HIL System 166\u003c\/p\u003e \u003cp\u003e8.3.2.1 Example Target System Setup Using Engine and Body Control Modules 168\u003c\/p\u003e \u003cp\u003e8.3.2.2 Fuzz Testing Setup Using Duplicate Engine and Body Control Modules 171\u003c\/p\u003e \u003cp\u003e8.3.2.3 Fuzz Testing Setup Considerations 175\u003c\/p\u003e \u003cp\u003e8.4 Chapter Summary 176\u003c\/p\u003e \u003cp\u003eReferences 177\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Improving Fuzz Testing Coverage by Using Agent Instrumentation \u003c\/b\u003e\u003cb\u003e179\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e9.1 Introduction to Agent Instrumentation 182\u003c\/p\u003e \u003cp\u003e9.2 Problem Statement: Undetectable Vulnerabilities 183\u003c\/p\u003e \u003cp\u003e9.2.1 Memory Leaks 184\u003c\/p\u003e \u003cp\u003e9.2.2 Core Dumps and Zombie Processes 185\u003c\/p\u003e \u003cp\u003e9.2.3 Considerations for Addressing Undetectable Vulnerabilities 187\u003c\/p\u003e \u003cp\u003e9.3 Solution: Using Agents to Detect Undetectable Vulnerabilities 187\u003c\/p\u003e \u003cp\u003e9.3.1 Overview of the Test Environment 188\u003c\/p\u003e \u003cp\u003e9.3.2 Modes of Operation 189\u003c\/p\u003e \u003cp\u003e9.3.2.1 Synchronous Mode 190\u003c\/p\u003e \u003cp\u003e9.3.2.2 Asynchronous Mode 191\u003c\/p\u003e \u003cp\u003e9.3.2.3 Hybrid Approach 192\u003c\/p\u003e \u003cp\u003e9.3.3 Examples of Agents 193\u003c\/p\u003e \u003cp\u003e9.3.3.1 Agent Core Dump 193\u003c\/p\u003e \u003cp\u003e9.3.3.2 Agent Log Tailer 194\u003c\/p\u003e \u003cp\u003e9.3.3.3 Agent Process Monitor 194\u003c\/p\u003e \u003cp\u003e9.3.3.4 Agent PID 194\u003c\/p\u003e \u003cp\u003e9.3.3.5 Agent Address Sanitizer 195\u003c\/p\u003e \u003cp\u003e9.3.3.6 Agent Valgrind 195\u003c\/p\u003e \u003cp\u003e9.3.3.7 An Example config.json Configuration File 196\u003c\/p\u003e \u003cp\u003e9.3.4 Example Results from Agent Instrumentation 197\u003c\/p\u003e \u003cp\u003e9.3.4.1 Bluetooth Fuzz Testing 198\u003c\/p\u003e \u003cp\u003e9.3.4.2 Wi-Fi Fuzz Testing 199\u003c\/p\u003e \u003cp\u003e9.3.4.3 MQTT Fuzz Testing 201\u003c\/p\u003e \u003cp\u003e9.3.4.4 File Format Fuzz Testing 203\u003c\/p\u003e \u003cp\u003e9.3.5 Applicability and Automation 206\u003c\/p\u003e \u003cp\u003e9.4 Chapter Summary 207\u003c\/p\u003e \u003cp\u003eReferences 208\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Automating File Fuzzing over USB for Automotive Systems \u003c\/b\u003e\u003cb\u003e211\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e10.1 Need for File Format Fuzzing 213\u003c\/p\u003e \u003cp\u003e10.2 Problem Statement: Manual Process for File Format Fuzzing 215\u003c\/p\u003e \u003cp\u003e10.3 Solution: Emulated Filesystems to Automate File Format Fuzzing 216\u003c\/p\u003e \u003cp\u003e10.3.1 System Architecture Overview 217\u003c\/p\u003e \u003cp\u003e10.3.2 Phase One Implementation Example: Prepare Fuzzed Files 219\u003c\/p\u003e \u003cp\u003e10.3.3 Phase Two Implementation Example: Automatically Emulate Filesystems 223\u003c\/p\u003e \u003cp\u003e10.3.4 Automating User Input 228\u003c\/p\u003e \u003cp\u003e10.3.5 Monitor for Exceptions 231\u003c\/p\u003e \u003cp\u003e10.4 Chapter Summary 236\u003c\/p\u003e \u003cp\u003eReferences 237\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Automation and Traceability by Integrating Application Security Testing Tools into ALM Systems \u003c\/b\u003e\u003cb\u003e241\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e11.1 Introduction to ALM Systems 242\u003c\/p\u003e \u003cp\u003e11.2 Problem Statement: Tracing Secure Software Development Activities and Results to Requirements and Automating Application Security Testing 245\u003c\/p\u003e \u003cp\u003e11.3 Solution: Integrating Application Security Testing Tools with ALM Systems 248\u003c\/p\u003e \u003cp\u003e11.3.1 Concept 249\u003c\/p\u003e \u003cp\u003e11.3.1.1 Static Code Analysis – Example 249\u003c\/p\u003e \u003cp\u003e11.3.1.2 Software Composition Analysis – Example 250\u003c\/p\u003e \u003cp\u003e11.3.1.3 Vulnerability Scanning – Example 250\u003c\/p\u003e \u003cp\u003e11.3.1.4 Fuzz Testing – Example 250\u003c\/p\u003e \u003cp\u003e11.3.1.5 Concept Overview 251\u003c\/p\u003e \u003cp\u003e11.3.2 Example Implementation 252\u003c\/p\u003e \u003cp\u003e11.3.2.1 Defensics 252\u003c\/p\u003e \u003cp\u003e11.3.2.2 code Beamer ALM 252\u003c\/p\u003e \u003cp\u003e11.3.2.3 Jenkins 252\u003c\/p\u003e \u003cp\u003e11.3.2.4 SUT 253\u003c\/p\u003e \u003cp\u003e11.3.2.5 Implementation Overview 253\u003c\/p\u003e \u003cp\u003e11.3.3 Considerations 258\u003c\/p\u003e \u003cp\u003e11.4 Chapter Summary 262\u003c\/p\u003e \u003cp\u003eReferences 264\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Continuous Cybersecurity Monitoring, Vulnerability Management, Incident Response, and Secure OTA Updates \u003c\/b\u003e\u003cb\u003e267\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e12.1 Need for Cybersecurity Monitoring and Secure OTA Updates 268\u003c\/p\u003e \u003cp\u003e12.2 Problem Statement: Software Inventory, Monitoring Vulnerabilities, and Vulnerable Vehicles 271\u003c\/p\u003e \u003cp\u003e12.3 Solution: Release Management, Monitoring and Tracking, and Secure OTA Updates 272\u003c\/p\u003e \u003cp\u003e12.3.1 Release Management 273\u003c\/p\u003e \u003cp\u003e12.3.2 Monitoring and Tracking 276\u003c\/p\u003e \u003cp\u003e12.3.2.1 Solutions in Other Industries 276\u003c\/p\u003e \u003cp\u003e12.3.2.2 Solutions in the Automotive Industry 277\u003c\/p\u003e \u003cp\u003e12.3.2.3 Example Automotive SOC Overview 277\u003c\/p\u003e \u003cp\u003e12.3.2.4 Example Automotive SOC Workflow 279\u003c\/p\u003e \u003cp\u003e12.3.2.5 Newly Detected Vulnerabilities in Open-Source Software – Example 279\u003c\/p\u003e \u003cp\u003e12.3.3 Secure OTA Updates 280\u003c\/p\u003e \u003cp\u003e12.3.3.1 Identify Vulnerable Vehicles Targeted for OTA Updates 281\u003c\/p\u003e \u003cp\u003e12.3.3.2 Perform Secure OTA Updates 281\u003c\/p\u003e \u003cp\u003e12.3.3.3 Target Systems for OTA Updates 282\u003c\/p\u003e \u003cp\u003e12.3.3.4 Overview of Secure OTA Update Process for ECUs 283\u003c\/p\u003e \u003cp\u003e12.3.3.5 Standardization and Frameworks for OTA Updates 284\u003c\/p\u003e \u003cp\u003e12.4 Chapter Summary 285\u003c\/p\u003e \u003cp\u003eReferences 286\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Summary and Next Steps \u003c\/b\u003e\u003cb\u003e289\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIndex 293\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49407127126359,"sku":"9781119710745","price":97.16,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119710745.jpg?v=1730498273","url":"https:\/\/bookcurl.com\/products\/building-secure-cars-9781119710745","provider":"Book Curl","version":"1.0","type":"link"}