In English

Testing and Evaluation to Improve Data Security of Automotive Embedded Systems

Johannes Weschke ; Filip Hesslund
Göteborg : Chalmers tekniska högskola, 2015. 53 s.
[Examensarbete på avancerad nivå]

In the last two decades, the number of electronic control units (ECUs) in vehicles has increased dramatically. This has resulted in an increased complexity of the vehicles electrical and electronic systems. Electrical and electronic systems have gone from just controlling the engine to controlling every part of the vehicle, from the infotainment system to safety-critical systems.

To allow for better collaboration between players in the automotive industry, a development partnership called AUTOSAR has emerged. Included in AUTOSAR is a module handling diagnostics (DCM). The module can be used to read data and change parameters in the ECUs and in the ECU software, since the DCM can access con dential information about the vehicle and modify running software of the ECU, for example the software controlling the engine, it is an attractive target for adversaries. There has been no published research about the security of the DCM module of the AUTOSAR software architecture (that we know of) and how the safety of the passengers can be a ected in the case of a security breach. This thesis tries to ll this research gap by conducting a threat analysis and risk assessment for the DCM module inside AUTOSAR. This thesis evaluates the security of an ECU assumed to control the engine of a vehicle and how possible consequences of an intrusion can a ect the overall safety. It also presents a number of tests used to evaluate the threats and risks found. The tests done targets threats regarding denial of service, tampering, and information disclosure. The thesis is concluded with proposing countermeasures for the threats and risks.

Nyckelord: security, automotive, testing, evaluation, AUTOSAR, ISO 14229

Publikationen registrerades 2015-07-14.

CPL ID: 219731

Detta är en tjänst från Chalmers bibliotek