EDA for secure and dependable cybercars

2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Sangiovanni‐Vincentelli

2014

Abstract-Cyber-security has become a critical issue for realtime distributed embedded systems in domains such as automotive, avionics, and industrial automation. However, in many of such systems, tight resource constraints and strict timing requirements make it difficult or even impossible to add security mechanisms after the initial design stages. To produce secure and safe systems with desired performance, security must be considered together with other objectives at the system level and from the beginning of the design. In this paper, we focus on security-aware design for Time Division Multiple Access (TDMA) based real-time distributed systems. The TDMA-based protocol we consider is an abstraction of many time-triggered protocols that are being adopted in various safety-critical systems for their more predictable timing behavior, such as FlexRay, TimeTriggered Protocol, and Time-Triggered Ethernet. To protect against attacks on TDMA-based real-time distributed systems, we apply a message authentication mechanism with time-delayed release of keys, which provides a good balance between security and computational overhead but needs sophisticated network scheduling to ensure that the increased latencies due to delayed key releases will not violate timing requirements. We propose formulations and an algorithm to optimize the task allocation, priority assignment, network scheduling, and key-release interval length during the mapping process, while meeting both security and timing requirements. Experimental results of an automotive case study and a synthetic example show the effectiveness and efficiency of our approach.

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security-aware mapping for TDMA-based real-time distributed systems

Lin

2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Sangiovanni‐Vincentelli

2014

“…Attacks can have major consequences, ranging from significant social and economic losses to instabilities and service disruption [1]- [6]. Ensuring security is increasingly challenging in cyber-physical systems, where information security methods such as key management, secure communication, and code execution may guarantee the integrity of the cyber components and data, but are ineffective against insider and physical attacks.…”

Section: Introductionmentioning

confidence: 99%

“…In particular, assume that the measurement channels , with , are mutually independent and protected by the same encryption method (the measurement channels are not protected). The expected information retrieved by an attacker is defined as (6) where is the attacker probability to access encrypted channels, is the information obtained from the decrypted channels (together with the unprotected channels), contains all possible subsets of encrypted channels, is the cardinality of , and is the -th element of . Specifically, is the ordered set…”

Section: Introductionmentioning

confidence: 99%

Design and Operation of Secure Cyber-Physical Systems

Pasqualetti

IEEE Embedded Syst. Lett.

2015

Abstract-This letter proposes a holistic framework for the design and operation of secure and reliable resource-constrained cyber-physical systems. The proposed framework combines control-theoretic methods, information security notions and computational models to characterize tradeoffs among different design and operation objectives. We quantify the intricate relation among control performance, system security and platform schedulability through a minimal set of interface variables. We argue that security mechanisms and control algorithms need to be codesigned and comanaged with the embedded platform, so as to avoid the design of algorithms that are too expensive to implement on the embedded platform, or significantly impede design objectives such as performance and timing robustness.

“…It has been the most attractive protocol for attackers [6], [10], [12]. There is no direct support for secure communication in CAN, and the limitations on bus bandwidths and message lengths make it very challenging to embed security in CAN without hindering the safety applications [18].…”

Section: Introductionmentioning

confidence: 99%

Security-aware mapping for CAN-based real-time distributed automotive systems

Lin

2013 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)

Phung

et al. 2013

Abstract-Cyber-security is a rising issue for automotive electronic systems, and it is critical to system safety and dependability. Current in-vehicles architectures, such as those based on the Controller Area Network (CAN), do not provide direct support for secure communications. When retrofitting these architectures with security mechanisms, a major challenge is to ensure that system safety will not be hindered, given the limited computation and communication resources. We apply Message Authentication Codes (MACs) to protect against masquerade and replay attacks on CAN networks, and propose an optimal Mixed Integer Linear Programming (MILP) formulation for solving the mapping problem from a functional model to the CAN-based platform while meeting both the security and the safety requirements. We also develop an efficient heuristic for the mapping problem under security and safety constraints. To the best of our knowledge, this is the first work to address security and safety in an integrated formulation in the design automation of automotive electronic systems. Experimental results of an industrial case study show the effectiveness of our approach.