An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems

Authors

  • Ahmad MK Nasser University of Michigan, Dearborn, USA
  • Di Ma University of Michigan, Dearborn, USA
  • Priya Muralidharan Renesas Electronics America

DOI:

https://doi.org/10.13052/2245-1439.633

Keywords:

Automotive cyber security, AUTOSAR, Safety, Security, ISO26262, Embedded security

Abstract

AUTOSAR, a worldwide development partnership among automotive parties to establish an open and standardized software architecture for electronic control units (ECUs), has seen great success in recent years by being widely adopted in deeply embedded automotive ECUs. Increasing the security resilience of AUTOSAR based systems is a crucial step in securing safety critical automotive systems. We study AUTOSAR safety mechanisms and demonstrate how they can be used as attack vectors to degrade the vehicle safety.We show the need to harmonize the fail-safe response with the secure state of the system. And we evaluate the overlap in the properties of safety mechanisms with security objectives to highlight methods for hardening automotive systems security.

 

Downloads

Download data is not yet available.

Author Biographies

Ahmad MK Nasser, University of Michigan, Dearborn, USA

Ahmad MK Nasser is a Ph.D. candidate at the University of Michigan Dearborn. He attended Wayne State University where he received his B.Sc. in Electrical Engineering and M.Sc. in Computer Engineering. Ahmad has held various Software Engineering roles throughout his career since 2002 with a focus on basic embedded software and embedded vehicle security. He is a domain expert in embedded systems, flash programming, vehicle diagnostics, communication protocols, AUTOSAR basic software, and hardware based security. He currently works as a senior software manager at Renesas Electronics America, where he leads the secure software center of competence. Ahmad is currently completing a doctorate in Computer Science at the University of Michigan Dearborn. His Ph.D. work centers on the interplay of safety and security in Automotive Systems.

Di Ma, University of Michigan, Dearborn, USA

Di Ma is an Associate Professor in the Computer and Information Science Department at the University of Michigan-Dearborn. She also serves as the director of the Security and Forensics Research Lab (SAFE). She is broadly interested in the general area of security, privacy, and applied cryptography. Her research spans a wide range of topics, including smartphone and mobile device security, RFID and sensor security, vehicular network and vehicle security, computation over authenticated/encrypted data, fine-grained access control, secure storage systems, and so on. Her research is supported by NSF, NHTSA, AFOSR, Intel, Ford, and Research in Motion. She received the Ph.D. degree from the University of California, Irvine, in 2009. She was with IBM Almaden Research Center in 2008 and the Institute for Infocomm Research, Singapore in 2000–2005. She won the Distinguished Research Award of the College of Engineering and Computer Science in 2017 and the Tan Kah Kee Young Inventor Award in 2004.

Priya Muralidharan, Renesas Electronics America

Priya Muralidharan has a Bachelors in Physics and Masters in Information Technology from the University of Delhi, India. She also has a Masters in Computer Science from the University at Buffalo, New York. She is currently working as a Senior Application Engineer at Renesas Electronics America, in the area of Functional Safety. She has over 10 years of experience in embedded software and controls development for various automotive applications such as Electric Power Steering Systems, Hybrid and Electric Vehicles. She has also worked extensively on electronic components such as electric and oil pumps as well as vehicle gateways.

References

RH850 P1X Microcontroller Information microcontroller description. Available at: https://tinyurl.com/ybqbbanb [Accessed: 2017-11-28].

Specification of Core Test. AUTOSAR Release 4.2.2

Specification of Crypto Service Manager. AUTOSAR Release 4.2.2

Specification of Diagnostic Event Manager. AUTOSAR Release 4.2.2

Specification of Flash Test. AUTOSAR Release 4.2.2

Specification of Module Secure Onboard Communication. AUTOSAR Release 4.2.2

Specification of Operating System. AUTOSAR Release 4.2.2

Specification of RAM Test. AUTOSAR Release 4.2.2

Specification of Watchdog Manager. AUTOSAR Release 4.2.2

Abadi, M., Budiu, M., Erlingsson, Ú., and Ligatti, J. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC), 13, 4.

Bai, Y. (2015). Practical Microcontroller Engineering with ARM Technology. John Wiley & Sons.

Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., Kohno, T., et al. (2011). Comprehensive experimental analyses of automotive attack surfaces. In: USENIX Security Symposium, San Francisco.

Cho, K.T., and Shin, K.G. (2016). “Error handling of in-vehicle networks makes them vulnerable,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ACM,1044–1055.

Day, D.J., and Zhao, Z.X. (2011). Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems. International Journal of Automation and Computing 8, 472–483.

Dwoskin, J.S., Gomathisankaran, M., Chen, Y.Y., and Lee, R.B. (2010). “A framework for testing hardware-software security architectures,” in Proceedings of the 26th Annual Computer Security Applications Conference, ACM, 387–397.

Foster, J.C., Osipov, V., Bhalla, N., and Heinen, N. (2005). Buffer Overflow Attacks: Detect, Exploit, Prevent. Syngress Publishing (2005).

Francillon, A., and Castelluccia, C. (2008). “Code injection attacks on harvard-architecture devices,” in Proceedings of The 15th ACM Conference on Computer and Communications Security, ACM,15–26.

Francillon, A., Perito, D., and Castelluccia, C. (2009). “Defending embedded systems against control flow attacks,” in Proceedings of The First ACM Workshop on Secure Execution of Untrusted Code, ACM, 19–26.

Fürst, S., and Spokesperson, A. (2015). AUTOSAR the next generation – the adaptive platform. CARS@EDCC2015.

GbR, A.: Specification of sw-c end-to-end communication protection library.

Glas, B., Gebauer, C., Hänger, J., Heyl, A., Klarmann, J., Kriso, S., Vembar, P., and Wörz, P. (2014). Automotive safety and security integration challenges. In: Automotive-Safety & Security, 13–28.

Hartwich, F. (2012). Can with flexible data-rate. Proc. iCC. Citeseer (2012).

Lima, A., Rocha, F., Völp, M., and Esteves-Verissimo, P. (2016). “Towards safe and secure autonomous and cooperative vehicle ecosystems,” in Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, ACM, 59–70.

Miller, C., and Valasek, C. (2013). Adventures in automotive networks and control units. DEF. CON. 21, 260–264.

Nasser, A.M., Ma, D., and Lauzon, S. (2017). “Exploiting AUTOSAR safety mechanisms to launch security attacks,” in International Conference on Network and System Security, Springer, 73–86.

Standard, I.: Iso 26262, 2011. Road vehicles Functional Safety (2011).

Standard, I.: Iso 11898, 2015. Road vehicles – Controller area network (CAN) – Part 1: Data link layer and physical signaling (2015).

Tencent: New car hacking research: 2017, remote attack tesla motors again. Keen Security Lab Blog. Available at: https://tinyurl.com/yalxvnoz

Trapp, M., Adler, R., Förster, M., and Junger, J. (2007). Runtime adaptation in safety-critical automotive systems. Software Engineering, 1–8.

Wiersma, N., and Pareja, R. (2017). A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers, esCar 2017.

Downloads

Published

2017-12-05

How to Cite

1.
Nasser AM, Ma D, Muralidharan P. An Approach for Building Security Resilience in AUTOSAR Based Safety Critical Systems. JCSANDM [Internet]. 2017 Dec. 5 [cited 2024 Apr. 25];6(3):271-304. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5247

Issue

2017: Vol 6 Iss 3

Section

Articles