Show simple item record

Securing Connected and Automated Vehicle through Proactive Vulnerability Analysis and Security Enhancement

dc.contributor.authorHu, Shengtuo
dc.date.accessioned2023-01-30T16:08:58Z
dc.date.available2023-01-30T16:08:58Z
dc.date.issued2022
dc.date.submitted2022
dc.identifier.urihttps://hdl.handle.net/2027.42/175586
dc.description.abstractThe rapidly evolving Connected and Autonomous Vehicle (CAV) technology brings new security challenges to vehicular systems, because newly introduced communication and system components inevitably increase the attack surface of vehicles if being abused, leading to potential safety hazards on the road. For example, the emerging Connected Vehicle (CV) technology, which enables vehicles to exchange safety and mobility information wirelessly (e.g., location and speed) with traffic infrastructure and other vehicles, opens a door for spoofing attacks. On the other hand, the development of Autonomous Vehicle (AV) results in the increasing data transfer needs of various sensors (e.g., cameras, LiDAR), which stimulates the adoption of Automotive Ethernet, the next-generation in-vehicle network. However, no common standard has been established for the security protocol of the in-vehicle Ethernet network. Therefore, it is highly desirable to systematically understand vulnerabilities in the current CAV systems and the corresponding security/safety consequences to proactively uncover and address these flaws before large-scale deployment. To achieve this goal, in this dissertation, we demonstrate that rigorous techniques, such as formal methods, program analysis, and the trusted execution environment (TEE), can be used for proactive vulnerability discovery and security enhancement in the safety-critical CAV system. At the design level, we leverage formal methods to uncover design flaws and ensure the security guarantee of the proposed defense. To study the emerging CV network interface, we propose a model-checking-based approach, CVAnalyzer, that harnesses the attack discovery capability of the general model checker and the quantitative threat assessment of the probabilistic model checker to automate the analysis. For in-vehicle Ethernet security, we present Gatekeeper, a gateway-based source authentication protocol. Except for the source authentication property, we then verify that Gatekeeper can defend against the spoofing attack and alleviate the impact of the DoS attack. At the implementation level, we employ both static and dynamic program analysis. To defend against the spoofing attack, we build a TEE-based defense system, CVShield, to protect the integrity of the sensor data reading and processing pipeline. To uncover semantic vulnerabilities in the CAV system, we prototype CAVFuzzer that incorporates a novel object-level mutator and utilizes the data-flow feedback to guide the fuzzing process.
dc.language.isoen_US
dc.subjectConnected and Autonomous Vehicle (CAV)
dc.subjectConnected Vehicle (CV)
dc.subjectAutonomous Vehicle (AV)
dc.subjectVulnerability discovery
dc.subjectSecurity enhancement
dc.subjectProgram analysis
dc.titleSecuring Connected and Automated Vehicle through Proactive Vulnerability Analysis and Security Enhancement
dc.typeThesis
dc.description.thesisdegreenamePhDen_US
dc.description.thesisdegreedisciplineComputer Science & Engineering
dc.description.thesisdegreegrantorUniversity of Michigan, Horace H. Rackham School of Graduate Studies
dc.contributor.committeememberMao, Z Morley
dc.contributor.committeememberMasoud, Neda
dc.contributor.committeememberKasikci, Baris
dc.contributor.committeememberPrakash, Atul
dc.subject.hlbsecondlevelComputer Science
dc.subject.hlbtoplevelEngineering
dc.description.bitstreamurlhttp://deepblue.lib.umich.edu/bitstream/2027.42/175586/1/shengtuo_1.pdf
dc.identifier.doihttps://dx.doi.org/10.7302/6800
dc.identifier.orcid0000-0003-1687-1081
dc.identifier.name-orcidHu, Shengtuo; 0000-0003-1687-1081en_US
dc.working.doi10.7302/6800en
dc.owningcollnameDissertations and Theses (Ph.D. and Master's)


Files in this item

Show simple item record

Remediation of Harmful Language

The University of Michigan Library aims to describe library materials in a way that respects the people and communities who create, use, and are represented in our collections. Report harmful or offensive language in catalog records, finding aids, or elsewhere in our collections anonymously through our metadata feedback form. More information at Remediation of Harmful Language.

Accessibility

If you are unable to use this file in its current format, please select the Contact Us link and we can modify it to make it more accessible to you.