Search papers, labs, and topics across Lattice.
This paper conducts a thorough security analysis of software-defined vehicles (SDVs), highlighting the inadequacies of current vulnerability assessment tools in addressing operating system vulnerabilities within complex software stacks. By developing a new vulnerability assessment solution that integrates systematic vulnerability discovery with public CVE databases in a dockerized environment, the authors effectively evaluate exploitability risks in realistic settings. The findings underscore a wide array of potential threats while also revealing practical constraints encountered during the exploitation process, thus informing future resilience strategies for SDVs.
Existing vulnerability assessment tools miss critical operating system flaws in software-defined vehicles, exposing a vast landscape of security threats.
Software-defined vehicles (SDVs) are revolutionizing transportation by integrating complex, interconnected hardware, and software systems. This evolution introduces significant security challenges. We present a comprehensive security analysis for SDVs, focusing on software vulnerabilities. We note that existing vulnerability assessment tools fall short in addressing operating systems vulnerabilities, particularly when it comes to efficiently analyzing diverse software stacks in realistic environments. We present and release a vulnerability assessment solution that efficiently addresses these limitations. Our approach combines systematic vulnerability discovery, leveraging public Common Vulnerabilities and Exposures (CVE) databases, within a dockerized development environment that evaluates exploitability risks. The results reveal both breadth of potential threats and the practical constraints we faced during exploitation. We discuss the implications for industry and research, and propose directions for building more resilient SDVs.