© 2013 copyright southwest research institute ® southwest research institute embedded systems...
TRANSCRIPT
©2013 Copyright Southwest Research Institute®
Southwest Research Institute® San Antonio, Texas
©2013 Copyright Southwest Research Institute®
Southwest Research Institute
Embedded Systems Security for Automotive
October 3, 2013
©2013 Copyright Southwest Research Institute®
2
Southwest Research Institute(SwRI)
•Nonprofit
•Independent
•Applied R&D
•11 TechnicalDivisions
•Serving Auto Industry since 1947
Benefiting government, industry, and the public through innovative science and technology
http://swri.org
©2013 Copyright Southwest Research Institute®
Organizational Characteristics
•Applied Research & Development
•Fiscally Stable
•Serve Government, Industry, and the Public
•Technological & Scientific Breadth
•Multidisciplinary Capability
•Internal Research Encouraged–Foster Development of New Technologies
–Investigate New Applications of Existing Technologies
3
©2013 Copyright Southwest Research Institute®
Operational Values and Traditions
•Project and Client-Needs Focused
•Commitment to Delivering on Every Project
•Confidentiality Emphasized–Commercial Clients
Low Profile
Unique approach to Intellectual Property and Patent Rights
–Government Clients
Excellent Reputation for Implementation of Security
Two-time winner of James S. Cogswell Outstanding Industrial Security Achievement
Award
4
©2013 Copyright Southwest Research Institute®
Automation and Data Systems Division
•One of 11 Technical Divisions at SwRI•Division Overview
–165 Total Staff
–Computer Science, Electrical & Computer Engineering, Physics, Mechanical Engineering, Industrial Engineering
•Three Business Areas–Intelligent Systems Department
–Manufacturing Systems Department
–Communications & Embedded Systems Department
•Quality Processes–SEI/CMMI Level 5
5
©2013 Copyright Southwest Research Institute®
Embedded System Security Capabilities
6
©2013 Copyright Southwest Research Institute®
Embedded Security Group
• Staff– Multi-disciplinary– Continuous training– Security clearances– Leverage diverse subject
matter experts at SwRI as needed
• Laboratory Facilities– Dedicated secure labs– Specialized facilities
• automotive test track• vehicle-sized anechoic chamber• dynamometers
– Extensive laboratory test and analysis equipment
7
• Business Areas
– Automotive Security– Smart Grid Security– Industrial Control
Systems & SCADA– Oil & Gas– Railway Security– Mobile Device Security– Medical Device Security
Specializing in cyber-physical systems security
©2013 Copyright Southwest Research Institute®
Example Projects
•Research–Example: Vehicle Malware DetectionCAN analysis and reverse engineeringPerformed vehicle security analysisDeveloped automotive Tool for Reverse
Engineering, Analysis and Detection – autoTREAD™
Developed anomaly detection techniques
•Design and Development–Example: Secure ECUSecure CommunicationsDeveloped SolutionUtilized in Next-Gen Products
•Penetration Testing–Infotainment systems–Vehicle radios
8
©2013 Copyright Southwest Research Institute®
SwRI is Proposing Creation of the
Automotive Consortium for Embedded Security (ACES)
9
©2013 Copyright Southwest Research Institute®
10
Headlines
©2013 Copyright Southwest Research Institute®
11
Current SwRI Automotive Consortia –
SwRI Has Extensive Experience in Establishing Effective Automotive Consortia
©2013 Copyright Southwest Research Institute®
Automotive Consortium for Embedded Security™
• Perform high-risk/high reward pre-competitive R&D
• Serve as independent verification and validation entity
• Develop understanding of industry problems and quantify risks
• Monitor and share threats & industry research
• Keep abreast and provide input for emerging safety and security standards
• Provide members with relevant and actionable results
12
Providing pre-competitive research in automotive embedded systems security to protect the safety, reliability, brand image, trade secrets,
and customer privacy on members' future products
http://aces.swri.org
©2013 Copyright Southwest Research Institute®
Potential Projects
• Research– CAN Bus Anomaly / Malware Detection
– CAN Authentication
– ECU Firmware Tamper Protection
– Secure ECU Firmware Update
– Autonomous Vehicle
• Independent Verification and Validation– Vetting of Security Threats
– Validation of Emerging Security Research & Solutions
• Identify Problems and Quantify Risks– Detailed Risk Assessments
• Standards and Specifications– Development of Security Standards & Specifications
– Work with OEMs and Suppliers to Develop Common Requirements 13
©2013 Copyright Southwest Research Institute®
Benefits
• ROI: Shared funding to solve basic problems for entire membership
• Early access and license to all technology and data from ACES-funded research
• Access and license to related SwRI internally-funded research (including automotive anomaly detection)
• Opportunity to interact with other OEMs and suppliers to develop future automotive security strategies
• Opportunity to advocate for specific security objectives and directions
14
©2013 Copyright Southwest Research Institute®
ACES Information Meeting
• Aimed at potential automotive industry members
• Purpose: – Introduce ACES structure / objectives for
industry feedback / discussion
• Date: October 23, 2013• Location: Sterling Heights, MI
15
©2013 Copyright Southwest Research Institute®
Questions?
16
Mark [email protected]+1 (210) 522-3727Southwest Research Institute6220 Culebra Rd.San Antonio, TX 78238United States
http://aces.swri.org