Abstract
Automotive Electronic Control Units (ECUs) rely on both hardware and software mechanisms to ensure safety is maintained in the face of hazards that result from both random and systematic failures. In the presence of a malicious attacker, these safety mechanisms can serve as attack vectors to launch Denial of Service (DoS) attacks. This can be achieved by disabling critical system functions through the malicious creation of safety relevant fault conditions. In this paper, we explore some of the exploitable safety mechanisms within the Automotive Open System Architecture (AUTOSAR), and we demonstrate two successful attacks on an authenticated CAN FD bus system by introducing safety critical failures.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Specification of Crypto Service Manager. AUTOSAR Release 4.2.2
Specification of Module Secure Onboard Communication. AUTOSAR Release 4.2.2
Specification of Operating System. AUTOSAR Release 4.2.2
Cho, K.T., Shin, K.G.: Error handling of in-vehicle networks makes them vulnerable. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1044–1055. ACM (2016)
GbR, A.: Specification of sw-c end-to-end communication protection library
Glas, B., Gebauer, C., Hänger, J., Heyl, A., Klarmann, J., Kriso, S., Vembar, P., Wörz, P.: Automotive safety and security integration challenges. In: Automotive-Safety and Security, pp. 13–28 (2014)
Hartwich, F.: Can with flexible data-rate. In: Proceedings of iCC 2012. Citeseer (2012)
Herman, J.L., Kenna, C.J., Mollison, M.S., Anderson, J.H., Johnson, D.M.: Rtos support for multicore mixed-criticality systems. In: 2012 IEEE 18th Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 197–208 (2012)
Miller, C., Valasek, C.: Adventures in automotive networks and control units. DEF CON 21, 260–264 (2013)
Standard, I.: Iso 26262, Road vehicles - Functional Safety (2011)
Standard, I.: Iso 11898, Road vehicles - Controller area network (CAN) - Part 1: Data link layer and physical signalling (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Nasser, A.M.K., Ma, D., Lauzon, S. (2017). Exploiting AUTOSAR Safety Mechanisms to Launch Security Attacks. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-64701-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64700-5
Online ISBN: 978-3-319-64701-2
eBook Packages: Computer ScienceComputer Science (R0)