Embedded Policing and Policy Enforcement based Security in the era of Digital-Physical Convergence for Next-Generation Vehicular Electronics

The emergence of intelligent, connected vehicles, containing complex functionality has potential to greatly benefit society by improving safety, security and efficiency of vehicular transportation. Much of this has been enabled by technological advancements in embedded system architectures, which provided opportunities for vehicle manufacturers to implement intelligent vehicle services and consolidate them within a small number of flexible and integrable domain controllers. Thus allowing for increasingly centralised operations consisting of both new and legacy functionalities. While this era of digital-physical convergence of critical and non-critical vehicle services presents advantages in terms of reducing the cost and electronic footprint of vehicular electronics, it has produced significant security and safety challenges. One approach to this research problem is to introduce fail-over mechanisms that can detect unexpected or malicious behaviours, caused by attack or malfunction, and pro-actively respond to control and minimise physical damage or safety hazards. This paper presents a novel embedded policing and policy enforcement platform architecture and the accompanied security modelling approach for next-generation in-vehicle domain controllers. To demonstrate the proposed approach, a connected vehicle case study is conducted. A realistic attack scenarios have been considered to derive security policies and enforced by the proposed security platform to provide security and safety to domain-specific features.

[1]  Jae Wook Jeon,et al.  A gateway system for an automotive system: LIN, CAN, and FlexRay , 2008, 2008 6th IEEE International Conference on Industrial Informatics.

[2]  Sakir Sezer,et al.  Policy-Based Security Modelling and Enforcement Approach for Emerging Embedded Architectures , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[3]  Srivaths Ravi,et al.  SECA: security-enhanced communication architecture , 2005, CASES '05.

[4]  Sakir Sezer,et al.  Pro-Active Policing and Policy Enforcement Architecture for Securing MPSoCs , 2018, 2018 31st IEEE International System-on-Chip Conference (SOCC).

[5]  Ingrid Verbauwhede,et al.  Atlas: Application Confidentiality in Compromised Embedded Systems , 2019, IEEE Transactions on Dependable and Secure Computing.

[6]  Massimo Violante,et al.  Automotive embedded software architecture in the multi-core age , 2016, 2016 21th IEEE European Test Symposium (ETS).

[7]  Georg Sigl,et al.  Securing FPGA SoC configurations independent of their manufacturers , 2017, 2017 30th IEEE International System-on-Chip Conference (SOCC).

[8]  Roger F. Woods,et al.  IPPro: FPGA based image processing processor , 2014, 2014 IEEE Workshop on Signal Processing Systems (SiPS).

[9]  Eric Armengaud,et al.  Threat and Risk Assessment Methodologies in the Automotive Domain , 2016, ANT/SEIT.

[10]  Elisabeth Uhlemann,et al.  Introducing Connected Vehicles [Connected Vehicles] , 2015, IEEE Vehicular Technology Magazine.

[11]  Sakir Sezer,et al.  Establishing Cyber Resilience in Embedded Systems for Securing Next-Generation Critical Infrastructure , 2019, 2019 32nd IEEE International System-on-Chip Conference (SOCC).

[12]  Roger F. Woods,et al.  FPGA-Based Processor Acceleration for Image Processing Applications , 2019, J. Imaging.

[13]  Prateek Mittal,et al.  DARTS: Deceiving Autonomous Cars with Toxic Signs , 2018, ArXiv.

[14]  Suhaib A. Fahmy,et al.  Extensible FlexRay Communication Controller for FPGA-Based Automotive Systems , 2015, IEEE Transactions on Vehicular Technology.

[15]  Dong Hoon Lee,et al.  A Practical Wireless Attack on the Connected Car and Security Protocol for In-Vehicle CAN , 2015, IEEE Transactions on Intelligent Transportation Systems.

[16]  Fengwei Zhang,et al.  Understanding the Security of ARM Debugging Features , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[17]  Mohan M. Trivedi,et al.  Looking at Humans in the Age of Self-Driving and Highly Automated Vehicles , 2016, IEEE Transactions on Intelligent Vehicles.

[18]  Sandro Pinto,et al.  Demystifying Arm TrustZone , 2019, ACM Comput. Surv..

[19]  Dan Meng,et al.  Security-first architecture: deploying physically isolated active security processors for safeguarding the future of computing , 2018, Cybersecurity.

[20]  Martha Johanna Sepúlveda,et al.  Protection of heterogeneous architectures on FPGAs: An approach based on hardware firewalls , 2016, Microprocess. Microsystems.

[21]  Maurizio Morisio,et al.  Connected Car , 2016, ACM Comput. Surv..

[22]  Sakir Sezer,et al.  Embedded Policing and Policy Enforcement Approach for Future Secure IoT Technologies , 2018, IoT 2018.

[23]  Eric Peeters,et al.  System-on-Chip Platform Security Assurance: Architecture and Validation , 2018, Proceedings of the IEEE.

[24]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[25]  Ryan M. Eustice,et al.  Risk Assessment for Cooperative Automated Driving , 2016, CPS-SPC '16.

[26]  Shwetak N. Patel,et al.  Experimental Security Analysis of a Modern Automobile , 2010, 2010 IEEE Symposium on Security and Privacy.

[27]  Oihana Otaegui,et al.  A reconfigurable embedded vision system for advanced driver assistance , 2015, Journal of Real-Time Image Processing.

[28]  Antonio Lima,et al.  Towards Safe and Secure Autonomous and Cooperative Vehicle Ecosystems , 2016, CPS-SPC '16.

[29]  Charlie McCarthy,et al.  Characterization of Potential Security Threats in Modern Automobiles: A Composite Modeling Approach , 2014 .

[30]  Srivaths Ravi,et al.  Secure embedded processing through hardware-assisted run-time monitoring , 2005, Design, Automation and Test in Europe.

[31]  Stefano Zanero,et al.  A Stealth, Selective, Link-Layer Denial-of-Service Attack Against Automotive Networks , 2017, DIMVA.

[32]  Dominik Reinhardt,et al.  Domain Controlled Architecture - A New Approach for Large Scale Software Integrated Automotive Systems , 2013, PECCS.

[33]  Ridha Soua,et al.  Improving Traffic Flow Prediction With Weather Information in Connected Cars: A Deep Learning Approach , 2016, IEEE Transactions on Vehicular Technology.

[34]  Roger F. Woods,et al.  FPGA-Based Soft-Core Processors for Image Processing Applications , 2016, J. Signal Process. Syst..

[35]  Joshua James,et al.  Evidence identification in IoT networks based on threat assessment , 2017, Future Gener. Comput. Syst..

[36]  Michael P. Wellman,et al.  SoK: Security and Privacy in Machine Learning , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[37]  Georg Sigl,et al.  How to Break Secure Boot on FPGA SoCs Through Malicious Hardware , 2017, CHES.

[38]  Yulong Zhang,et al.  Downgrade Attack on TrustZone , 2017, ArXiv.