Software engineering education (SEEd)
ACM SIGSOFT Software Engineering Notes
Low cost multicast authentication via validity voting in time-triggered embedded control networks
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
From a verified kernel towards verified systems
APLAS'10 Proceedings of the 8th Asian conference on Programming languages and systems
Proceedings of the 42nd ACM technical symposium on Computer science education
Security Issues and Challenges for Cyber Physical System
GREENCOM-CPSCOM '10 Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing
Voice interfaced vehicle user help
Proceedings of the 2nd International Conference on Automotive User Interfaces and Interactive Vehicular Applications
Towards standardization of in-car sensors
Nets4Cars/Nets4Trains'11 Proceedings of the Third international conference on Communication technologies for vehicles
Secure automotive on-board protocols: a case of over-the-air firmware updates
Nets4Cars/Nets4Trains'11 Proceedings of the Third international conference on Communication technologies for vehicles
Caisson: a hardware description language for secure information flow
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Efficient and secure threshold-based event validation for VANETs
Proceedings of the fourth ACM conference on Wireless network security
Communications of the ACM
Comprehensive experimental analyses of automotive attack surfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
Flooding-resilient broadcast authentication for VANETs
MobiCom '11 Proceedings of the 17th annual international conference on Mobile computing and networking
Security aspects of cyber-physical device safety in assistive environments
Proceedings of the 4th International Conference on PErvasive Technologies Related to Assistive Environments
Tackling vehicular fraud in Ethiopia: from technology to business
Proceedings of the 2nd ACM Symposium on Computing for Development
Fresh re-keying II: securing multiple parties against side-channel and fault attacks
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
EDA for secure and dependable cybercars: challenges and opportunities
Proceedings of the 49th Annual Design Automation Conference
Understanding cyber threats and vulnerabilities
Critical Infrastructure Protection
A System-Aware Cyber Security architecture
Systems Engineering
Effective and efficient security policy engines for automotive on-board networks
Nets4Cars/Nets4Trains'12 Proceedings of the 4th international conference on Communication Technologies for Vehicles
Design, implementation, and evaluation of a vehicular hardware security module
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Proceedings of the 2nd ACM international conference on High confidence networked systems
Proceedings of the 2nd ACM international conference on High confidence networked systems
Towards synthesis of platform-aware attack-resilient control systems: extended abstract
Proceedings of the 2nd ACM international conference on High confidence networked systems
Taxonomy for description of cross-domain attacks on CPS
Proceedings of the 2nd ACM international conference on High confidence networked systems
Security challenges in automotive hardware/software architecture design
Proceedings of the Conference on Design, Automation and Test in Europe
The challenges of emerging software eco-systems (keynote)
Proceedings of the 2013 International Conference on Software and System Process
System architecture and software design for electric vehicles
Proceedings of the 50th Annual Design Automation Conference
Automotive functional safety = safety + security
Proceedings of the First International Conference on Security of Internet of Things
DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
Proceedings of the ACM/IEEE 4th International Conference on Cyber-Physical Systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Secure Broadcast with One-Time Signatures in Controller Area Networks
International Journal of Mobile Computing and Multimedia Communications
Practical information-flow aware middleware for in-car communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
Trust assurance levels of cybercars in v2x communication
Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles
CPS: an efficiency-motivated attack against autonomous vehicular transportation
Proceedings of the 29th Annual Computer Security Applications Conference
Model-Based generation of run-time monitors for AUTOSAR
ECMFA'13 Proceedings of the 9th European conference on Modelling Foundations and Applications
Non-invasive spoofing attacks for anti-lock braking systems
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
FIE on firmware: finding vulnerabilities in embedded systems using symbolic execution
SEC'13 Proceedings of the 22nd USENIX conference on Security
Security-aware mapping for CAN-based real-time distributed automotive systems
Proceedings of the International Conference on Computer-Aided Design
Hi-index | 0.02 |
Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input\dash including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.