This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Zero-Day Attack Defenses and Test Framework for Connected Mobility ECUs

Journal Article
2021-01-0141
ISSN: 2641-9645, e-ISSN: 2641-9645
Published April 06, 2021 by SAE International in United States
Zero-Day Attack Defenses and Test Framework for Connected Mobility ECUs
Sector:
Citation: Kashani, A., Iyer, G., Mora-Golding, C., Yamashita, H. et al., "Zero-Day Attack Defenses and Test Framework for Connected Mobility ECUs," SAE Int. J. Adv. & Curr. Prac. in Mobility 3(5):2501-2508, 2021, https://doi.org/10.4271/2021-01-0141.
Language: English

Abstract:

Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods. Finally, we demonstrate the ability to deter and prevent in-field zero-day attacks on connected vehicle ECUs.