Security event auditing of infotainment and communications control
- Today’s cars are deservedly called smart because they are no longer merely vehicles but complex devices communicating with each other and the outside world. With integrated infotainment (head unit ECU or HU) and communication (telematics ECU or TCU) control domains, they offer numerous ways to make the driver's life more comfortable. HUs and TCUs are powered by Linux or Android OS, similar to your mobile phone or tablet, and their hardware performance is more on a par with PCs than embedded systems. But as well as greater convenience, these enhanced vehicle capabilities bring greater responsibilities as the attack surface grows. For instance, it has been shown by several research groups that unauthorised remote access can result in CAN bus injection. Countering complex cyberattack scenarios requires security event monitoring inside the vehicle’s ECUs and the ability to deliver this information to vehicle operators (e.g., OEM or fleet owner) for incident discovery and response. Continuous asset monitoring in Security Operations Centers became the standard in enterprise-grade security with Endpoint Detection & Response solutions (EDR). Upcoming automotive cybersecurity regulations (UNECE WP.29/GRVA and ISO/SAE 21434) also cover this process. This paper gives a detailed description of security events from HU and TCU critical for malicious activity analysis as well as key mechanisms for their extraction. The target platforms are automotive embedded Linux distributions such as Automotive Grade Linux (AGL) and GENIVI. Mature systems such as udev and Linux Auditing will be reviewed along with the relatively new extended Berkeley Packet Filter (eBPF).
Author: | Karina DorozhkinaGND |
---|---|
URN: | urn:nbn:de:hbz:294-75431 |
DOI: | https://doi.org/10.13154/294-7543 |
Parent Title (English): | 18\(^{th}\) escar Europe : The World's Leading Automotive Cyber Security Conference (Konferenzveröffentlichung) |
Subtitle (English): | implementation approaches |
Document Type: | Part of a Book |
Language: | English |
Date of Publication (online): | 2020/09/29 |
Date of first Publication: | 2020/09/29 |
Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
Tag: | Audit; Head unit; Linux; Telematics; eBPF |
First Page: | 16 |
Last Page: | 27 |
Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
open_access (DINI-Set): | open_access |
Konferenz-/Sammelbände: | 18th escar Europe : The World's Leading Automotive Cyber Security Conference |
Licence (German): | Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |