Subscribe to RSS Subscribe to Comments

freesoftwhere.org

Linux and the Automotive Security Lab

Attached are the slides from my talk at the Fall 2013 Automotive Linux Summit. My session was entitled “Linux and the Automotive Security Lab,” and it was a survey of all of the security research that I’m aware of that dealt with actual cars—as opposed to theory.

Not that there’s anything wrong with theory in my book, mind you, but there are only so many times you can read “CAN bus lacks sender authentication and payload encryption” before your eyes glaze over.  It does, and that means that there are a lot of places where it needs major changes.  So many, in fact, that I referred to it in my talk as “Theseus’s ship.”  According to Plutarch, the museum of state relics in Athens included a ship used by Theseus in some daring adventure or other, and the Athenians took such good care of it that they replaced a part whenever it wore out … so much so that by Plutarch’s time, the Athenians had replaced every part, which led some of them even then to ask whether the museum still had Theseus’s ship at all.  The point is, if you need to replace all of CAN bus’s constituent parts to make it usable, you’d might as well just use something else to begin with.

But that’s kind of beside the point, since that’s a hypothetical.  In reality, as the research linked to here shows, there are a giant heaping metric Athenian boat-load of attacks that can be waged against existing cars right now.  Looking at some of them should give developers pause.  Because yes, CAN bus can be used to mount all manner of attacks—but there are a lot inroads into the vehicle that have nothing to do with vehicular network protocols at all.  Some are freshmen-level security programming mistakes, others are systemic flaws inherent to multi-sourced component supply chains, and some are just weird.

I probably ought to publish my speaker notes, too, but one thing at a time.  I hope the slides will be a good reference and starting point for anyone interested in reading more about IVI and automotive computing security.  And if you see any papers or presentations that I’ve missed, please, drop me a line; I’ll happily add them to the list.

ALS2013: Linux and the Automotive Security Lab

Comments

  1. November 2nd, 2013 | 1:36 am

    Fine coverage, as always, n8te. Your slides point to several articles of which I was previously unaware.

    Despite the fact that I am a believing Linuxer, I am not sure that the solution lies there. A lot of automakers are going to a bare-metal hypervisor like Xen

    https://events.linuxfoundation.org/sites/events/files/slides/alsf13_stabellini.pdf

    with Linux as a guest. Alternatively, the bootloader can choose to run only signed programs:

    http://embeddedlinuxconference2013.sched.org/event/6e744648e4859372513239432adc3681#.UnSrIml4Z7k
    http://www.sebastien-han.fr/blog/2013/09/03/first-glimpse-at-coreos

    The correct solution depends on the carmaker’s use case.

  2. Nate
    November 4th, 2013 | 6:31 pm

    I’m not sure I see the need for complete VM/hypervisor overhead. I’ve already heard a lot of talk about using containers to isolate untrusted *apps* from each other; I’d think isolating system services and OEM applications the same way would be very affordable as more and more ECMs get consolidated.

    Speaking of which, Giancarlo had a session about GENIVI’s LXCBENCH which is in the early phases but seems like others are thinking of that approach as well.

    Nate

Based on FluidityTheme Redesigned by Kaushal Sheth