- Autor
- Nasahl, Pascal
- Timmers, Niek
- TitelAttacking AUTOSAR using Software and Hardware Attacks
- Datei
- Erscheinungsjahr2019
- LicenceCC-BY
- Konferenz Nameescar USA
- Konferenz StaatUSA / Vereinigte Staaten
- Download Statistik579
- Peer ReviewJa
- AbstractThe AUTomotive Open System ARchitecture (AU- TOSAR) development partnership is a world-wide initiative aiming to jointly develop and establish an open industry standard for automotive E/E software architectures. This standard is rapidly being adopted by the automotive industry and therefore it is important to understand the attack surface of AUTOSAR- based electronic control units (ECU). In this paper we describe several scenarios how software and hardware attacks can com- promise the security of AUTOSAR-based ECUs. We consider an attacker with physical access to the ECU who is capable of exploiting both software and hardware vulnerabilities. We discuss how an attacker can use different attack techniques to exploit these vulnerabilities. Moreover, we describe a case study in full detail where we execute arbitrary code on an AUTOSAR-based demonstration ECU by performing a voltage fault injection attack on the AUTOSAR communication stack. Several automotive threats may materialize if an attacker is able to execute arbitrary code on an ECU. For example, it will be possible to persistently modify the ECU’s functionality if its code is not authenticated using secure boot.