Biblio
Vehicles are becoming increasingly connected to the outside world. We can connect our devices to the vehicle's infotainment system and internet is being added as a functionality. Therefore, security is a major concern as the attack surface has become much larger than before. Consequently, attackers are creating malware that can infect vehicles and perform life-threatening activities. For example, a malware can compromise vehicle ECUs and cause unexpected consequences. Hence, ensuring the security of connected vehicle software and networks is extremely important to gain consumer confidence and foster the growth of this emerging market. In this paper, we propose a characterization of vehicle malware and a security architecture to protect vehicle from these malware. The architecture uses multiple computational platforms and makes use of the virtualization technique to limit the attack surface. There is a real-time operating system to control critical vehicle functionalities and multiple other operating systems for non-critical functionalities (infotainment, telematics, etc.). The security architecture also describes groups of components for the operating systems to prevent malicious activities and perform policing (monitor, detect, and control). We believe this work will help automakers guard their systems against malware and provide a clear guideline for future research.
Software integration in modern vehicles is continuously expanding. This is due to the fact that vehicle manufacturers are always trying to enhance and add more innovative and competitive features that may rely on complex software functionalities. However, these features come at a cost. They amplify the security vulnerabilities in vehicles and lead to more security issues in today's automobiles. As a result, the need for identifying vulnerable components in a vehicle software system has become crucial. Security experts need to know which components of the vehicle software system can be exploited for attacks and should focus their testing and inspection efforts on it. Nevertheless, it is a challenging and costly task to identify these weak components in a vehicle's system. In this paper, we propose some security vulnerability metrics for connected vehicles that aim to assist software testers during the development life-cycle in order to identify the frail links that put the vehicle at highsecurity risks. Vulnerable function assessment can give software testers a good idea about which components in a connected vehicle need to be prioritized in order to mitigate the risk and hence secure the vehicle. The proposed metrics were applied to OpenPilot - a software that provides Autopilot feature - and has been integrated with 48 different vehicles.. The application shows how the defined metrics can be effectively used to quantitatively measure the vulnerabilities of a vehicle software system.