AutoCHERI starts cybersecurity penetration testing

Technology News | September 11, 2023

By Nick Flaherty

Authentication & Encryption Automotive

The AutoCheri project is starting penetration testing of an automotive cybersecurity protection chip.

The AutoCHERI project has developed a proof of concept design of a secure telematic control unit (TCU) using the Capability Hardware Enhanced RISC Instructions (CHERI) architecture. These are new architectural features for chips to enable fine-grained memory protection and highly scalable software compartmentalization.

The project uses the Morello security chip developed by ARM and the University of Cambridge using the ARMv8.1 architecture to demonstrate CHERI technology for cyber critical and safety critical applications, looking at the tradeoffs between performance and security for automotive telematics systems. Morello is a development board, compiler and toolchain for the researchers to develop secure applications for the vehicle telematics systems.

A large part of the project is focussed on analysing, threat modelling and implementing four specific use cases. These are vehicle diagnostics data for processing data from CAN, through the TCU and up to the cloud as well as OTA software updates, V2I traffic and teleoperation.

The project has been developing a set of attacks based on the vulnerabilities highlighted by the Common Vulnerabilities and Exposures (CVE) notifications to highlight the most common attacks as part of a Threat Assessment & Remediation Analysis (TARA). For example, two out of five attacks are memory based, for example exploiting put of memory loopholes, and the tests will also include fault injection via the CAN bus which is an increasingly popular attack on smart vehicles.

The penetration testing starts in three weeks.

autocheri.tech/

AutoCHERI starts cybersecurity penetration testing

Other automotive cybersecurity articles