Skip to main content
SpringerLink
Log in
Book cover

International Conference on Critical Information Infrastructures Security

CRITIS 2017: Critical Information Infrastructures Security pp 185–193Cite as

What the Stack? On Memory Exploitation and Protection in Resource Constrained Automotive Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10707))

Abstract

The increased connectivity of road vehicles poses significant challenges for transportation security, and automotive security has rapidly gained attention in recent years. One of the most dangerous kinds of security relevant software bugs are related to memory corruption, since their successful exploitation would grant the attacker a high degree of influence over the compromised system. Such vulnerabilities and the corresponding mitigation techniques have been widely studied for regular IT systems, but we identified a gap with respect to resource constrained automotive systems.

In this paper, we discuss how the hardware architecture of resource constrained automotive systems impacts memory exploitation techniques and their implications for memory protection. Currently deployed systems have little to no protection from memory exploitation. However, based on our analysis we find that the simple and well-known measures like stack canaries, non-executable RAM, and to a limited extent memory layout randomization can also be deployed in this domain to significantly raise the bar for successful exploitation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Wolf, M., Weimerskirch, A., Paar, C.: Security in automotive bus systems. In: Workshop on Embedded Security in Cars (2004)

    Google Scholar 

  2. Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462. IEEE (2010)

    Google Scholar 

  3. Checkoway, S., et al.: Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, USA, vol. 7792, August 2011

    Google Scholar 

  4. Kleberger, P., Olovsson, T., Jonsson, E.: Security aspects of the in-vehicle network in the connected car. In: 2011 IEEE Intelligent Vehicles Symposium (IV), pp. 528–533, June 2011

    Google Scholar 

  5. Greenberg, A.: Hackers remotely kill a jeep on the highway with me in it. Wired.com (2015). https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/. Accessed 01 June 2017

  6. Greenberg, A.: Hackers remotely kill a jeep on the highway with me in it. Wired.com (2016). https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/. Accessed 01 June 2017

  7. Valasek, C., Miller, C.: Adventures in automotive networks and control units. Technical report, Defcon 21, August 2013. http://www.ioactive.com/pdfs/IOActive_Adventures_in_Automotive_Networks_and_Control_Units.pdf

  8. Miller, C., Valasek, C.: A survey of remote automotive attack surfaces. Technical report, Defcon 22, August 2014. http://blog.hackthecar.com/wp-content/uploads/2014/08/236073361-Survey-of-Remote-Attack-Surfaces.pdf

  9. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle. Technical report, Defcon 23, August 2015. http://illmatics.com/Remote%20Car%20Hacking.pdf

  10. Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 48–62, May 2013

    Google Scholar 

  11. van der Veen, V., dutt-Sharma, N., Cavallaro, L., Bos, H.: Memory errors: the past, the present, and the future. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 86–106. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33338-5_5

    Chapter  Google Scholar 

  12. Quigley, C.P., McMurran, R., Jones, R.P., Faithfull, P.T.: An investigation into cost modelling for design of distributed automotive electrical architectures. In: 2007 3rd Institution of Engineering and Technology Conference on Automotive Electronics, pp. 1–9, June 2007

    Google Scholar 

  13. Mayer, A., Hellwig, F.: System performance optimization methodology for Infineon’s 32-bit automotive microcontroller architecture. In: Proceedings of the Conference on Design, Automation and Test in Europe, DATE 2008, pp. 962–966. ACM, New York (2008)

    Google Scholar 

  14. Erjavec, J., Thompson, R.: Automotive technology: a systems approach. Cengage Learning (2014)

    Google Scholar 

  15. Gai, P., Violante, M.: Automotive embedded software architecture in the multi-core age. In: 2016 21st IEEE European Test Symposium (ETS), pp. 1–8, May 2016

    Google Scholar 

  16. ARM: ARMv7-M architecture reference manual. Technical report, December 2014

    Google Scholar 

  17. Cowan, C., et al.: Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. USENIX Secur. 98, 63–78 (1998)

    Google Scholar 

  18. Aleph One: Smashing the stack for fun and profit. Phrack Mag. 7(49), 14–16 (1996)

    Google Scholar 

  19. Solar Designer: Getting around non-executable stack (and fix), August 1997. http://seclists.org/bugtraq/1997/Aug/63

  20. Tran, M., Etheridge, M., Bletsch, T., Jiang, X., Freeh, V., Ning, P.: On the expressiveness of return-into-libc attacks. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol. 6961, pp. 121–141. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23644-0_7

    Chapter  Google Scholar 

  21. Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM (2007)

    Google Scholar 

  22. Shacham, H., Page, M., Pfaff, B., Goh, E.J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298–307. ACM, New York (2004)

    Google Scholar 

Download references

Acknowledgments

We would like to thank all anonymous reviewers for their valuable feedback. The research leading to these results has been partially supported by the HoliSec project (2015-06894) funded by VINNOVA, the Swedish Governmental Agency for Innovation Systems, and by the Swedish Civil Contingencies Agency (MSB) through the project “RICS”.

Author information

Authors and Affiliations

  1. Chalmers University of Technology, Gothenburg, Sweden

    Aljoscha Lautenbach, Magnus Almgren & Tomas Olovsson

Authors
  1. Aljoscha Lautenbach
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Magnus Almgren
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tomas Olovsson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Aljoscha Lautenbach .

Editor information

Editors and Affiliations

  1. ENEA “Casaccia” and Network of Networks - Netonets, Rome, Italy

    Gregorio D'Agostino

  2. CNR - Institute for Complex Systems (ISC), Rome, Italy

    Antonio Scala

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lautenbach, A., Almgren, M., Olovsson, T. (2018). What the Stack? On Memory Exploitation and Protection in Resource Constrained Automotive Systems. In: D'Agostino, G., Scala, A. (eds) Critical Information Infrastructures Security. CRITIS 2017. Lecture Notes in Computer Science(), vol 10707. Springer, Cham. https://doi.org/10.1007/978-3-319-99843-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99843-5_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99842-8

  • Online ISBN: 978-3-319-99843-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation