The AutoCheri project is starting penetration testing of an automotive cybersecurity protection chip.
The AutoCHERI project has developed a proof of concept design of a secure telematic control unit (TCU) using the Capability Hardware Enhanced RISC Instructions (CHERI) architecture. These are new architectural features for chips to enable fine-grained memory protection and highly scalable software compartmentalization.
The project uses the Morello security chip developed by ARM and the University of Cambridge using the ARMv8.1 architecture to demonstrate CHERI technology for cyber critical and safety critical applications, looking at the tradeoffs between performance and security for automotive telematics systems. Morello is a development board, compiler and toolchain for the researchers to develop secure applications for the vehicle telematics systems.
- ARM ships ground-breaking Morello secure processor
- £1.5m to boost use of ARM’s CHERI security
- UK government funds ARM to develop security IP
A large part of the project is focussed on analysing, threat modelling and implementing four specific use cases. These are vehicle diagnostics data for processing data from CAN, through the TCU and up to the cloud as well as OTA software updates, V2I traffic and teleoperation.
The project has been developing a set of attacks based on the vulnerabilities highlighted by the Common Vulnerabilities and Exposures (CVE) notifications to highlight the most common attacks as part of a Threat Assessment & Remediation Analysis (TARA). For example, two out of five attacks are memory based, for example exploiting put of memory loopholes, and the tests will also include fault injection via the CAN bus which is an increasingly popular attack on smart vehicles.
The penetration testing starts in three weeks.
Other automotive cybersecurity articles
- ECU software combines cybersecurity, on-board diagnosis
- Thales boosts automotive cybersecurity
- Sweden opens advanced automotive cyber security centre ..
- C2A Security and Stefanini Group collaborate
- Achieving ISO/SAE21434 cyber security using secure flash