This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units
Technical Paper
2018-01-0016
ISSN: 0148-7191, e-ISSN: 2688-3627
This content contains downloadable datasets
Annotation ability available
Sector:
Language:
English
Abstract
Externally-connected Electronic Control Units (ECUs) contain millions of lines of code, which may contain security vulnerabilities. Hackers may exploit these vulnerabilities to gain code execution privileges, which affect public safety. Traditional Cybersecurity solutions fall short in meeting automotive ECU constraints such as zero false positives, intermittent connectivity, and low performance impact. A desirable solution would be deterministic, require minimum resources, and protect against known and unknown security threats. We integrated Autonomous Security on a BeagleBone Black (BBB) system to evaluate the feasibility of mitigating Cybersecurity risks against potential threats. We identified key metrics that should be measured, such as level of security, ease of integration and system performance impact. In this paper, we describe the integration and evaluation process and present its results. We show that Autonomous Security can provide this protection with zero false-positives while meeting automotive constraints.
Recommended Content
| Technical Paper | Security Mechanisms Design for In-Vehicle Network Gateway |
| Technical Paper | Safe and Secure Development: Challenges and Opportunities |
Authors
Citation
Harel, A., Ben David, T., Kashani, A., Iyer, G. et al., "Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units," SAE Technical Paper 2018-01-0016, 2018, https://doi.org/10.4271/2018-01-0016.Data Sets - Support Documents
| Title | Description | Download |
|---|---|---|
| Unnamed Dataset 1 | ||
| Unnamed Dataset 2 |
Also In
References
- Edwards , J. and Kashani , A. Identifying Security Vulnerabilities Early in the ECU Software Development Lifecycle SAE Technical Paper 2017 10.4271/2017-01-1657
- Edwards , J. , Kashani , A. , and Iyer , G 2017 83 84
- Beringer , N. The Connected Car Security Boundaries ATZ Worldwide 115 10 22 27 2013
- Daly , M.K. Advanced Persistent Threat Usenix 4 4 2009 2013 2016
- Abadi , M. , Budiu , M. , Erlingsson , Ă. , and Ligatti , J. 2005
- Zhang , M. and Sekar , R. 2013
- Standard Performance Evaluation Corporation SPEC CPU 2006 https://www.spec.org/cpu/
- Lin , Y. , Tang , X. , Gao , D. , and Fu , J. Control Flow Integrity Enforcement with Dynamic Code Optimization Information Security: Proceedings of the 19th International Conference, ISC 2016. Lecture Notes in Computer Science 9866 : 366 385 2016
- National Highway Traffic Safety Administration 2006
- MISRA MISRA C and MISRA C++ Compliance http://www.Programmingresearch.com
- ISO, ISO26262 2011
- International Electrotechnical Commission 2000
- Zimmerman , C 2014
- Shacham , H. , Page , M. , Pfaff , B. , and Goh , E.-J. , et al. On the effectiveness of address-space randomization Proceedings of the 11th ACM Conference on Computer and Communications Security 298 307 2004
- Miller , C. and Valasek , C 2015
- MITRE Corporate Overview https://www.mitre.org/about/corporate-overview 2017
- MITRE Common Attack Pattern Enumeration and Classification https://capec.mitre.org/ 2017
- MITRE CWE View: Weaknesses in Software Written in C https://cwe.mitre.org/data/definitions/658.html 2017
- ISO 2013
- FIPS, PUB 2012
- QNX Software Development Platform 6.6.0 http://www.qnx.com/download/group.html?programid=26071 2017
- Smith , B. , Grehan , R. , Yager , T. , and Niemi , D.C 2011