Abstract: A method of processing data for a driving automation system, the method comprising steps of: obtaining image data from a camera of an autonomous vehicle, AV; image processing the image data to obtain a vehicle registration mark, VRM, of another vehicle within the surrounding area of the AV; looking up the VRM in a vehicle information database to obtain information indicative of the make, the model and the date of manufacture of the other vehicle; looking up information indicative of the make, the model and the date of manufacture of the other vehicle in a vehicle dimensions database to obtain at least one dimension of the other vehicle; and updating a context of the autonomous vehicle based on said at least one dimension of the other vehicle.

Abstract: Systems, methods, and software can be used to identify functions prone to logic errors in software components using binary static analysis. In some aspects, one computer-implemented method includes identifying a function defined within a binary software component; determining one or more complexity characteristics of the function based on included instructions; determining, based on the complexity characteristics, whether the function is likely to produce errors when the instructions included in the function are executed by a processor; and in response to determining that the function is likely to contain errors, generating an indication that the function requires further review.

Abstract: Described are methods and devices to identify vulnerabilities in a software package that includes two or more build files. The build files include at least an application file and one or more resource files. The method includes scanning the build files to identify strings. Strings that appear in one of the resource files and are not referenced in the application file are labelled orphaned. Strings that appear in the application file and are node defined in any of the resources files are labelled hardcoded. The identity of hardcoded and orphaned strings is output as potential vulnerabilities or data leakage points.

Abstract: Described are methods and computing devices for identifying potential vulnerabilities in a software package. The package includes build files that include an application file and one or more associated files. The method may include scanning the application file to identify and extract a string from the application file and determining that the string is referenced in one of the associated files and obtaining data associated with the string from the associated file. The string may then be classified based, in part, on the data obtained from the associated file, and a full context may be determined for the string based, at least in part, on the classification. A relevance rank for the string is then set based on the full context and the string and its relevance rank are output.

Abstract: A computer-implemented method of selectively installing an application from an application archive file is disclosed. The method includes receiving an indication to install an application on a computing device, the application being available for download as an archive file storing a manifest file and one or more installation files. The method further includes determining that installation of the application is permissible. The determining includes: without downloading the archive file, downloading at least a portion of the manifest file; and determining, based on the at least a portion of the manifest file, that installation of the application on the computing device would comply with a device management policy for the computing device. After determining that installation of the application is permissible, the archive file is downloaded and the application is installed therefrom. Related computer-readable media and computer systems are also disclosed.

Abstract: A method at a computing device for identification of secure binary images, the method including: dissecting a binary image into routines and functions; disassembling byte code for the dissected routines and functions; retrieving local routine and function parameters; counting a number of conditional routines for each local routine and function parameter; and creating a confidence score for each dissected routine and function.

Abstract: A method at a computing device for identification post compilation manipulation of a binary image, the method including assessing the binary image for at least one junk instruction set; determining that the at least one junk instruction set is found within the binary image; and flagging the binary image as being manipulated based on the determining.

Abstract: An autonomous or semi-autonomous vehicle may improve the overall safety of other vehicles by determining an action of a proximate vehicle based on sensor data and determining one or more expected visual cues associated with the determined action. One or more images of the proximate vehicle may then be used to detect a difference between expected visual cues and the captured images. Detected differences may be used to notify one or more entities that can then take corrective actions.

Abstract: Systems, methods, and software can be used to analyze security risks of a binary software code. In some aspects, a computer-implemented method comprises: receiving, by at least one hardware processor, a binary software code; determining, by the at least one hardware processor, a security risk value for each of a plurality of security risk factors of the binary software code; for each of the plurality of security risk factors, determining, by the at least one hardware processor, a security confidence level of the respective security risk factor; and generating, by the at least one hardware processor, a security notification, wherein the security notification includes the security confidence levels corresponding to the plurality of security risk factors.

Abstract: Systems, methods, and software can be used to analyze security risks of a binary software code. In some aspects, a computer-implemented method comprises: receiving, by at least one hardware processor, a binary software code; determining, by the at least one hardware processor, that the binary software code accesses one or more network addresses; for each of the one or more network addresses that are accessed by the binary software code: determining, by the at least one hardware processor, whether the binary software code uses an insecure network protocol to access the network address; and generating, by the at least one hardware processor, a security notification indicating the network address that is accessed by the binary software code using the insecure network protocol.

Abstract: Systems, methods, and software can be used to configure a firewall system in a vehicle network. In some aspects, a computer-implemented method includes receiving a software code of a network node connected to a trusted network of a vehicle network that includes the trusted network internal to a vehicle and an untrusted network external to the vehicle, wherein the trusted network includes one or more functional domains for controlling functionalities of the vehicle; performing an analysis of the software code to identify connectivity of the network nodes in the vehicle network; determining connectivity information of the network nodes in the vehicle network based on the analysis, wherein the connectivity information includes at least one of Network Layer connectivity information, Transport Layer connectivity information, or Application Layer connectivity information; and configuring one or more firewalls in the vehicle network based on the connectivity information.

Abstract: An autonomous or semi-autonomous vehicle may improve the overall safety of other vehicles by determining an action of a proximate vehicle based on sensor data and determining one or more expected visual cues associated with the determined action. One or more images of the proximate vehicle may then be used to detect a difference between expected visual cues and the captured images. Detected differences may be used to notify one or more entities that can then take corrective actions.

Abstract: Systems, methods, and software can be used to generating security manifests for software components using binary static analysis. In some aspects, one computer-implemented method includes performing a binary static analysis of a binary software component to determine one or more security characteristics of the binary software component; generating a security manifest for the binary software component including the determined one or more security characteristics of the binary software component; and providing the security manifest to a software management system configured to determine whether to deploy the binary software component based on the security manifest.

Abstract: Systems, methods, and software can be used to control vehicle operation based on driver information. In some aspects, a method is disclosed comprising: transmitting, from a vehicle, a driving information request, wherein the driving information request comprises an identification (ID) of a driver; receiving, at the vehicle, a driving information response, wherein the driving information response comprises driving information that is associated with the driver; and controlling, by at least one hardware processor on the vehicle, an operation of the vehicle based on the driving information.

Abstract: Systems, methods, and software can be used to control vehicle operation based on vehicle information. In some aspects, a method is disclosed comprising: transmitting, from a vehicle, a vehicle information request, wherein the vehicle information request comprises an identification (ID) of the vehicle; receiving, at the vehicle, a vehicle information response, wherein the vehicle information response comprises vehicle information of the vehicle; and controlling, by at least one hardware processor on the vehicle, an operation of the vehicle based on the vehicle information.

Abstract: Systems, methods, and software can be used to determine security risks of software services on a cloud computing platform. In some aspects, a computer-implemented method comprises: receiving, by a software service application executing on a cloud computing platform, a request for a software service provided by the software service application; identifying, by the software service application, a resource that is triggered by the request; determining, by the software service application, that the request has a security risk based on a security policy associated with the resource; and in response to the determining, generating, by the software service application, a security notification indicating the security risk.

Abstract: Systems, methods, and software can be used to improve the security for machine to machine communications. In some aspects, a method is disclosed comprising: receiving, at a vehicle, a connection request from an electronic device; receiving, at the vehicle, security posture information from the electronic device, wherein the security posture information comprises at least one of operating system update information or antivirus status information; and determining, by the vehicle, whether to connect to the electronic device based on the security posture information of the electronic device.

Abstract: Systems, methods, and software can be used to analyze OSS components of a software code. In some aspects, a computer-implemented method comprises: scanning, by at least one hardware processor, a software code to determine whether the software code includes an open source software (OSS) component; for each OSS component included in the software code: determining, by the at least one hardware processor, a security score for the OSS component; and determining, by the at least one hardware processor, whether the OSS component meets a security policy by comparing the security score with a threshold; and in response to determining that at least one OSS component does not meet the security policy, preventing, by the at least one hardware processor, the software code including the at least one OSS component from being compiled.

Abstract: A method at a computing device for determining processing characteristics of nodes within a system, the method including receiving at the computing device a plurality of messages being passed within the system; analyzing a payload for each message of the plurality of messages to determine one or more message identifiers; performing an analysis of a binary image for each node within the system to find nodes filtering for the one or more message identifiers; and determining a relative amount of processing done by each of the nodes based on the plurality of messages.

Abstract: Systems, methods, and software can be used to analyze security risks of a set of binary software code. In some aspects, a computer-implemented method comprises: scanning, by at least one hardware processor, a set of binary software code to identify one or more network addresses accessed by the set of binary software code; for each of the one or more network addresses: determining, by the at least one hardware processor, security level information of the network addresses; and generating, by the at least one hardware processor, a security notification based on the determined security level information for the one or more network addresses, wherein the security notification indicates a security risk of the set of binary software code.