Demo abstract: Synthesis of platform-aware attack-resilient vehicular systems

Over the past decade, the design process in the automotive industry has gone through a period of significant changes. Modern vehicles present a complex interaction of a large number of embedded Electronic Control Units (ECUs), interacting with each other over different types of networks. Furthermore, there is a current shift in vehicle architectures, from isolated control systems to more open automotive architectures with new services such as vehicle-tovehicle communication, and remote diagnostics and code updates. However, this increasing set of functionalities, network interoperability, and complexity of the system design may introduce security vulnerabilities that are easily exploitable. Typically, modern vehicular control systems are not built with security in mind. As shown in [1], attackers can easily disrupt the operation of a car to either disable the vehicle or hijack it, giving the attacker a large control capability over the system. This problem is even more emphasized with the rise of vehicle autonomy; hence, criticality analysis for automotive components must be completely re-done. To address these issues, we have introduced a design framework for development of high-confidence vehicular control systems that can be used in adversarial environments. The framework employs control system design techniques (control-level defenses) that guarantee that the vehicle will maintain control, possibly at a reduced efficiency, under a variety of externally-originating attacks on sensors, actuators, and communication and computation resources. In the system development phase, we provide code-level defenses that prevent injection of malicious code into the operation of the controller itself. Using a formal representation of execution and code generation semantics, we remove the uncertainty from the code generation process and provide secure code synthesis for the derived controllers.