| Popis: |
Modern automotive architectures are complex and often comprise of hundreds of electronic control units (ECUs). These ECUs provide diverse services including infotainment, telematics, diagnostics, advanced driving assistance, and many others. The availability of such services is mainly attained by the increasing connectivity with the external world, thus expanding the attack surface. In recent years, automotive original equipment manufacturers (OEMs) and ECU suppliers have become cautious of cyber attacks and have begun fortifying the most vulnerable systems, with hardware-based security modules that enable sandboxing, secure boot, secure software updates and end-to-end message authentication. Nevertheless, insecure legacy ECUs are still in-use in modern vehicles due to price and design complexity issues. Legacy ECUs depend on simple microcontrollers, that lack any kind of hardware-based security. This makes it essential to bridge the gap between modern and legacy ECUs through software-based security by which cyber attacks can be mitigated, thus enhancing the security of vehicles. This paper provides one more step towards highly secure vehicles by introducing a lightweight software-based security framework which provides legacy ECUs with software-based virtualization and protection features along with custom security services. We discuss the motivation for pure software-based approaches, explore the various requirements and advantages obtained, and give an initial insight of the design rationale. Furthermore, we provide a proof of concept implementation and evaluation with a demonstrative use case illustrating the importance of such framework in delivering new diagnostics security services to legacy ECUs. ispartof: pages:1-5 ispartof: IEEE Connected and Autonomous Vehicles Symposium pages:1-5 ispartof: Connected and Automated Vehicles Symposium (CAVS 2019) location:Honolulu, Hawaii, USA date:22 Sep - 23 Sep 2019 status: published |
