This content is not included in your SAE MOBILUS subscription, or you are not logged in.
Zero-Day Attack Defenses and Test Framework for Connected Mobility ECUs
ISSN: 0148-7191, e-ISSN: 2688-3627
To be published on April 06, 2021 by SAE International in United States
Event: SAE WCX Digital Summit
Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in cur-rent automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, counter-measures and evaluation methods. Finally, we demonstrate the ability to deter and prevent in-field zero-day attacks on connected vehicle ECUs.