Vulnerabilities
- Vulnerabilities in the software used in connected and autonomous vehicles may be used in potentially deadly hacker attacks. Software patching is an established way to fix vulnerabilities in code that has been deployed in the field. The application of this method in the automotive industry faces several challenges, including software diversity, the unavailability of source code, and other major challenges that will be discussed in the paper. This contribution presents an end-to-end approach to the definition, generation, and application of software patches in the automotive environment. First, a new vulnerability identifier defines a particular instance of the vulnerability, including the affected file and the problematic code segment within the file. Secondly, this identifier is sent to the vehicles as part of the configuration file, and the onboard patch engine generates the actual patch. Thirdly, this patch is applied to fix this vulnerability, either statically, in the file, or dynamically, within the RAM during software execution.
| Author: | Slava BronfmanGND, Tzvika SchneiderGND, Ori GoldbergGND, Roman KeslerGND, Alexander KreinesGND, Tomer GiladGND |
|---|---|
| URN: | urn:nbn:de:hbz:294-66724 |
| DOI: | https://doi.org/10.13154/294-6672 |
| Parent Title (English): | 17\(^{th}\) escar Europe : embedded security in cars (Konferenzveröffentlichung) |
| Subtitle (German): | from detection to micro-patching in automotive ECUs |
| Document Type: | Part of a Book |
| Language: | English |
| Date of Publication (online): | 2019/10/31 |
| Date of first Publication: | 2019/10/31 |
| Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
| Tag: | In-Memory; Patching; Vulnerabilities |
| First Page: | 147 |
| Last Page: | 154 |
| Dewey Decimal Classification: | Allgemeines, Informatik, Informationswissenschaft / Informatik |
| open_access (DINI-Set): | open_access |
| Konferenz-/Sammelbände: | 17th escar Europe : embedded security in cars |
| Licence (German): |  Keine Creative Commons Lizenz - es gelten die Rechteeinräumung und das deutsche Urheberrecht |
