This project develops a comprehensive framework for security validation of modern automotive systems. With increasing autonomy, automotive systems are evolving into very complex distributed systems. They contain more than a hundred electronic control units (ECU), a heterogeneous collection of sensors and actuators, several in-vehicle communication networks, and several hundred megabytes of software. Currently security validation of these systems depends primarily on human expertise to identify vulnerabilities in design and implementation. Clearly this does not scale to large complex systems. The project addresses this problem by introducing automated penetration testing methods capable of handling the exploding automotive system complexities.
This project develops technology for systematic analysis of diverse safety, security, and reliability requirements in current and emergent vehicles. It enables early comprehension of conflict, trade-offs, and potential internal inconsistencies among the different requirements. The framework includes: (1) an adaptive virtual prototyping infrastructure that enables smooth integration of ECU, sensor, and actuator models; and (2) a concolic testing facility to generate penetration tests automatically for targeted adversary models. The analysis techniques developed in the research cross-cut hardware, software, and physical (sensory and actuarial) artifacts. The framework brings together currently disparate research in security, machine intelligence, and decision science. This project promises transformative technical and societal impacts through drastically improved safety, security, and reliability of diverse cyber-physical systems in general and automotive systems in particular. Research results will be integrated into graduate and undergraduate courses. A new workshop will be introduced to bring together experts in automotive safety, security, and reliability, and cross-cutting areas. Hands-on training modules for undergraduate and high school students will be developed using automotive simulator platforms. Participation of underrepresented students in the project will be actively encouraged. Industry connections will be used and actively pursued for technology transfer.
All artifacts and data generated during the course of this project will be made publicly available, enabling the broader community to reproduce and extend research results. This includes all software and tools developed, architecture and platform models, and any experimental data supporting the research conclusions. A public repository has been set up at the URL https://github.com/RaySandip/AutoSec19.git for this dissemination, and will be maintained for at least three years beyond the award period. Backup copies of the data is expected to be retained indefinitely.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
