A Comparative Study of Static Analysis Tools for AUTOSAR Automotive Software Components Development

Imparato, Alfredo; Maietta, Raffaele Rodolfo; Scala, Stefano; Vacca, V.

doi:10.1109/issrew.2017.21

Cited by 9 publications

(8 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The performance metrics include the accuracy and number of flaws detected. This study has similar results with the previous studies we examined above in [12] and [21], where it was concluded that each tool has different strengths and weaknesses, but in combination the tools provide more value and vulnerability coverage. In [35], the authors evaluated PMD, an open source tool for Java and the value it provides if it is run on source code before a peer review.…”

Section: A Comparing Static Analysis Toolssupporting

confidence: 89%

“…It concluded that it is difficult to make comparisons between each tool because they can be used for different situations and provide different types of information. Three tools are compared in [21] to find the best performing tool based on metrics like precision, recall and accuracy. It is concluded that a combination of all three tools provides better coverage in identifying the vulnerabilities.…”

Section: A Comparing Static Analysis Toolsmentioning

confidence: 99%

See 1 more Smart Citation

Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools

Cheirdari

Karabatis

2018

2018 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

Static source code analysis for the detection of vulnerabilities may generate a huge amount of results making it difficult to manually verify all of them. In addition, static code analysis yields a large number of false positives. Consequently, software developers may ignore the results of static code analysis. This paper analyzes the results of static code analysis tools to identify false positive trends per tool. The novel idea is to assist developers and analysts identify the likelihood of a finding to be an actual true positive. This paper proposes an algorithm that makes use of a new critical feature, a personal identifier, which assists labeling the findings correctly as true or false. Experiments verified identification of true positives with a higher level of accuracy.

show abstract

Section: A Comparing Static Analysis Toolssupporting

confidence: 89%

Section: A Comparing Static Analysis Toolsmentioning

confidence: 99%

Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools

Cheirdari

Karabatis

2018

2018 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

show abstract

“…Test coverage can be significantly improved by accessing the full source code, but this would take a significant amount of time. This method is commonly used in dynamic and static code scanning of automotive applications [ 15 ]. This approach enables comprehensive testing of the automotive system from source code to architecture design.…”

Section: Automotive Cybersecurity Testing Methodsmentioning

confidence: 99%

Cybersecurity Testing for Automotive Domain: A Survey

Luo

Zhang

Yang

et al. 2022

Sensors

View full text Add to dashboard Cite

Modern vehicles are more complex and interconnected than ever before, which also means that attack surfaces for vehicles have increased significantly. Malicious cyberattacks will not only exploit personal privacy and property, but also affect the functional safety of electrical/electronic (E/E) safety-critical systems by controlling the driving functionality, which is life-threatening. Therefore, it is necessary to conduct cybersecurity testing on vehicles to reveal and address relevant security threats and vulnerabilities. Cybersecurity standards and regulations issued in recent years, such as ISO/SAE 21434 and UNECE WP.29 regulations (R155 and R156), also emphasize the indispensability of cybersecurity verification and validation in the development lifecycle but lack specific technical details. Thus, this paper conducts a systematic and comprehensive review of the research and practice in the field of automotive cybersecurity testing, which can provide reference and advice for automotive security researchers and testers. We classify and discuss the security testing methods and testbeds in automotive engineering. Furthermore, we identify gaps and limitations in existing research and point out future challenges.

show abstract

“…Finally, we conducted the full-text reading and excluded 40 more publications. As a result, the set of 28 publications remained ( [28], [35], [52], [40], [27], [57], [63], [51], [50], [65], [42], [38], [31], [47], [62], [46], [30], [34], [37], [61], [36], [44], [53], [39], [32], [45], [29]), which was used for executing the snowballing iterations. Finally, 11 new publications were identified with the snowballing methodology: ( [48], [49], [55], [43], [64], [33], [41], [60], [56], [58], [54]), which were added to the final set of 39 papers.…”

Section: Selection Processmentioning

confidence: 99%

“…With regards to security testing techniques, the results state that the most used technique is the penetration testing and dynamic analysis, which is applied in 26 selected publications [34] [27]. This is followed by the model-based (12 papers) [32] [31], code-based (4) [40] [63] and risk-based (4) [45] [41] testing. On the other hand, we did not encounter any approaches focusing on regression testing.…”

Section: Security Testing Techniques To Vehicle Lifecycle Tablementioning

confidence: 99%

Applying Security Testing Techniques to Automotive Engineering

Pekaric

Sauerwein

Felderer

2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Over the past few decades, the automotive industry was mostly focused on testing the safety aspects of a vehicle. However, this was not the case with security testing as it only began to be addressed recently. As a result, multiple approaches applying various security testing techniques on different software-based vehicle IT components emerged. With that said, the research and practice lack an overview about these techniques. In this paper, we conduct a systematic mapping study. This involved the investigation on the following five dimensions: (1) security testing techniques, (2) AUTOSAR layers, (3) functional interfaces of AUTOSAR, (4) vehicle lifecycle phases and (5) attacks. In total, 39 papers presenting approaches for security testing in automotive engineering were systematically selected and classified. The results identify multiple security testing techniques focusing on early phases of vehicle life cycle through the application and services layer of the AUTOSAR architecture. Finally, there is a need for security regression testing approaches, as well as combined security and safety testing approaches. CCS CONCEPTS• Security and privacy → Distributed systems security;

show abstract

A Comparative Study of Static Analysis Tools for AUTOSAR Automotive Software Components Development

Cited by 9 publications

References 2 publications

Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools

Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools

Cybersecurity Testing for Automotive Domain: A Survey

Applying Security Testing Techniques to Automotive Engineering

Contact Info

Product

Resources

About