| Author: | Jing, Pengfei |
| Title: | Towards enhancing security and safety in modern vehicles |
| Advisors: | Luo, Xiapu Daniel (COMP) |
| Degree: | Ph.D. |
| Year: | 2025 |
| Subject: | Motor vehicles -- Safety measures Motor vehicles -- Automatic control Automated vehicles Automated vehicles -- Computer networks -- Security measures Hong Kong Polytechnic University -- Dissertations |
| Department: | Department of Computing |
| Pages: | xx, 158 pages : color illustrations |
| Language: | English |
| Abstract: | The advent of modern vehicles has seen a paradigm shift from purely mechanical systems to highly sophisticated entities, underpinned by advanced Electronic Control Units (ECUs) and intricate In-Vehicle Networks (IVN). These advancements facilitate a host of new functionalities, including remote control and autonomous driving, yet concurrently raise significant security and safety concerns. This thesis endeavors to tackle these issues, focusing on enhancing the security of modern vehicular systems and ensuring the safety of autonomous driving mechanisms. Revisiting Automotive Attack Surfaces. The complexity of modern vehicles, characterized by their extensive external attack surfaces and complex internal IVN topology, poses a substantial challenge to cybersecurity. Despite efforts by existing standards such as WP29 R155e and ISO 21434 to provide a baseline, their effectiveness against evolving threats remains questionable. Through an in-depth interview with 15 industry experts, we uncovered significant limitations in current security practices and regulatory frameworks. We propose CarVal, a novel datalog-based methodology that leverages an enhanced threat database to infer multi-stage attack paths, assess risks more efficiently in IVNs, and uncover new attack surfaces by analyzing five real-world vehicles. This approach not only identifies the inadequacies in existing regulations but also introduces a more effective mechanism for threat analysis and risk assessment in automotive systems. Enhancing Autonomous Driving Safety. From the autonomous driving standpoint, we focus on the perception and control modules. Our first investigation reveals vulnerabilities in the lane detection module of a real vehicle, highlighting its susceptibility to misdirection through minimal, strategically placed road markings. We developed a two-stage approach to automatically generate these markings, significantly impacting steering decisions without detection by human drivers, as demonstrated through experiments on a real vehicle equipped with Autonomous Driving Systems (ADS). Concurrently, we turn our attention to the control module of ADS, where we pinpoint a critical oversight in existing safety research. By proposing new metrics and enhancing fuzzing methodologies, we conducted comprehensive evaluations on Apollo's Model Predictive Controller (MPC). The findings unearthed significant defects, underscoring the inability of Apollo's controller to perform basic maneuvers and identifying 14 new bugs, subsequently acknowledged and addressed by the development team. This dual-focused inquiry not only sheds light on previously overlooked vulnerabilities but also sets the groundwork for more robust autonomous driving systems. In conclusion, this thesis identifies critical security and safety vulnerabilities in modern vehicles and autonomous driving systems, and proposes innovative methodologies for their mitigation. Through the application of CarVal, we demonstrate the potential for automated threat analysis and risk assessment in improving automotive cybersecurity. Furthermore, our investigations into the lane detection and control modules of ADS highlight the need for robust testing mechanisms to uncover and address subtle yet significant vulnerabilities. Looking forward, the ongoing evolution of vehicle technologies and attack vectors necessitates continuous refinement of security and safety measures. |
| Rights: | All rights reserved |
| Access: | open access |
Copyright Undertaking
As a bona fide Library user, I declare that:
- I will abide by the rules and legal ordinances governing copyright regarding the use of the Database.
- I will use the Database for the purpose of my research or private study only and not for circulation or further reproduction or any other purpose.
- I agree to indemnify and hold the University harmless from and against any loss, damage, cost, liability or expenses arising from copyright infringement or unauthorized usage.
By downloading any item(s) listed above, you acknowledge that you have read and understood the copyright undertaking as stated above, and agree to be bound by all of its terms.
Please use this identifier to cite or link to this item:
https://theses.lib.polyu.edu.hk/handle/200/13679