| In recent years,with the rapid development of the Internet and automobile industry,more and more cars are beginning to develop in the direction of intelligence and networking,which makes people's life more convenient and comfortable.However,due to the popularity of vehicle networking,more attention should be paid to the accompanying security issues.In the entire environment of vehicle networking,because of the low level of security protection and the direct interaction with the external network,the vehicle terminal system has various system vulnerabilities,which often become the primary target of hackers.This may not only cause the loss of the vehicle factory,but also will threaten the safety of users' lives and property.At present,due to vehicle networking is still in the initial stage,so that there is not a set of vulnerability detection system for vehicle terminal system.Therefore,how to effectively and accurately detect system vulnerabilities in the vehicle terminal environment has become a very urgent task.In view of the above background and problems,this thesis will conduct in-depth research and analysis on vulnerability detection technology,and then propose and implement a set of vulnerability detection system which is suitable for vehicle terminal system.The main research work is as follows:1.Study the principle,classification and impact of conventional vulnerability,and then summarize a variety of current conventional vulnerability detection technologies and detection channels.In addition,the basic theories of vehicle ECU,CAN bus protocol and UDS protocol are deeply studied,and the macro definition of vehicle terminal system is put forward.2.Threat modeling is carried out according to the attack face on the vehicle terminal system.Three categories of vulnerabilities are summarized in IVI.The causes and examples of these vulnerabilities are analyzed respectively.The detection technology based on AST eigenvalue matching is proposed,which solves the problem of high false positive rate of common text matching for risk code vulnerabilities.The detection technology of POC program based on vulnerability characteristics is proposed,which solves the problem of single detection direction in general passive scanning technology and enlarges the coverage of vulnerability detection.What's more,the attackgraph model is introduced to solve the problem of multiple vulnerabilities combination attack.Based on this,the mechanism of additive score is established,and more meaningful detection data are obtained.In the research of ECU,this thesis proposes a method of pattern-based diagnostic attack to detect vulnerabilities,including front door attack,fault injection,etc.3.A set of vulnerability detection system for vehicle terminal system is implemented.It mainly includes information collection module,vulnerability detection engine module,database and plugin module and detection result generation module.The vulnerability detection engine module includes the vulnerability detection of IVI and ECU,while the IVI vulnerability detection adopts a two-tier detection engine with dynamic and static combination to ensure that testers can complete the vulnerability detection of vehicle terminal system comprehensively and accurately.After testing the vulnerability detection system of the vehicle terminal system,the vulnerability situation of the vehicle terminal system is discovered successfully,and the discovered vulnerabilities are verified by other means,which proves the accuracy and feasibility of the vulnerability detection technology studied and implemented in this thesis. |
PDF Full Text Request