Your Selections

Kashani, Ameer
Show Only

Collections

File Formats

Content Types

Dates

Sectors

Topics

Authors

Publishers

Affiliations

Events

   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Mitigating Unknown Cybersecurity Threats in Performance Constrained Electronic Control Units

DENSO Corporation-Ando Motonori, Egawa Masumi
DENSO International America Inc-Gopalakrishnan Iyer
Published 2018-04-03 by SAE International in United States
Externally-connected Electronic Control Units (ECUs) contain millions of lines of code, which may contain security vulnerabilities. Hackers may exploit these vulnerabilities to gain code execution privileges, which affect public safety. Traditional Cybersecurity solutions fall short in meeting automotive ECU constraints such as zero false positives, intermittent connectivity, and low performance impact. A desirable solution would be deterministic, require minimum resources, and protect against known and unknown security threats. We integrated Autonomous Security on a BeagleBone Black (BBB) system to evaluate the feasibility of mitigating Cybersecurity risks against potential threats. We identified key metrics that should be measured, such as level of security, ease of integration and system performance impact. In this paper, we describe the integration and evaluation process and present its results. We show that Autonomous Security can provide this protection with zero false-positives while meeting automotive constraints.
This content contains downloadable datasets
Annotation ability available
   This content is not included in your SAE MOBILUS subscription, or you are not logged in.

Identifying Security Vulnerabilities Early in the ECU Software Development Lifecycle

DENSO International America Inc-Jesse Edwards, Ameer Kashani
Published 2017-03-28 by SAE International in United States
In the past few years, automotive electronic control units (ECUs) have been the focus of many studies regarding the ability to affect the deterministic operation of safety critical cyber-physical systems. Researchers have been able to successfully demonstrate flaws in security design that have considerable, dramatic impacts on the functional safety of a target vehicle. With the rapid increase in data connectivity within a modern automobile, the attack surface has been greatly broadened to allow adversaries remote access to vehicle control system software and networks. This has serious implications, as a vast number of vulnerability disclosures released by security researchers point directly to common programming bugs and software quality issues as the root cause of successful exploits which can compromise the vehicle as a whole. In this paper, we aim to bring to light the most prominent categories of bugs found during the software development life cycle of an automotive ECU. We employ the method of static code analysis using reference coding standards such as MISRA and CERT C secure coding guidelines, to identify categories of…
Annotation ability available