A Framework for Policy Based Secure Intra Vehicle Communication

Over the past two decades, significant developments were introduced within the vehicular domain, evolving the modern vehicle into a network of dozens of embedded systems each hosting one or more applications. Communications within this distributed environment while adhering to safety-critical and secure systems guidelines implies the formulation of a comprehensive and consistent communications policy. Creating this policy is a complex, error-prone and labor-intensive task, requiring detailed knowledge of possible communication paths between all possible components of the system. For this reason, it is often skipped, trusting that each task will behave as intended and interact only with its peers. Traditional testing provides sufficient confidence to allow certification. Nevertheless, the existing process ignores malicious interference, whereby an adversary compromises a low-criticality process or subsystem and uses that to attack other subsystems, effectively taking over the vehicle. In this paper, we propose a framework to build a secure communications policy gradually by integrating it through the design and life cycle of vehicle’s software components. We also propose a security module which acts as a connection policy checker vetting the incoming and outgoing communications and enforcing the distributed security policy

Using Multi-Viewpoint Contracts for Negotiation of Embedded Software Updates

International audienceIn this paper we address the issue of change after deployment in safety-critical embedded system applications. Our goal is to substitute lab-based verification with in-field formal analysis to determine whether an update may be safely applied. This is challenging because it requires an automated process able to handle multiple viewpoints such as functional correctness, timing, etc. For this purpose, we propose an original methodology for contract-based negotiation of software updates. The use of contracts allows us to cleanly split the verification effort between the lab and the field. In addition, we show how to rely on existing viewpoint-specific methods for update negotiation. We illustrate our approach on a concrete example inspired by the automotive domain

Application-specific Design and Optimization for Ultra-Low-Power Embedded Systems

University of Minnesota Ph.D. dissertation. August 2019. Major: Electrical/Computer Engineering. Advisor: John Sartori. 1 computer file (PDF); xii, 101 pages.The last few decades have seen a tremendous amount of innovation in computer system design to the point where electronic devices have become very inexpensive. This has brought us on the verge of a new paradigm in computing where there will be hundreds of devices in a person’s environment, ranging from mobile phones to smart home devices to wearables to implantables, all interconnected. This paradigm, called the Internet of Things (IoT), brings new challenges in terms of power, cost, and security. For example, power and energy have become critical design constraints that not only affect the lifetime of an ultra-low-power (ULP) system, but also its size and weight. While many conventional techniques exist that are aimed at energy reduction or that improve energy efficiency, they do so at the cost of performance. As such, their impact is limited in circumstances where energy is very constrained or where significant degradation of performance or functionality is unacceptable. Focusing on the opposing demands to increase both energy efficiency and performance simultaneously in a world where Moore’s law scaling is decelerating, one of the underlying themes of this work has been to identify novel insights that enable new pathways to energy efficiency in computing systems while avoiding the conventional tradeoff that simply sacrifices performance and functionality for energy efficiency. To this end, this work proposes a method to analyze the behavior of an application on the gate-level netlist of a processor for all possible inputs using a novel symbolic hardware-software co-analysis methdology. Using this methodology several techniques have been proposed to optimize a given processor-application pair for power, area and security

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten