S2Guard: Building Security and Safety in Autonomous Vehicles via Multi-Layer Protection
Autonomous vehicles (AVs) are revolutionizing the transportation ecosystem and are expected to become a critical part of our society. AVs are equipped with many electronic devices, including various sensors, electronic control units (ECUs), internal control networks, as well as capabilities in artificial intelligence, computing, storage, and communication. Although the automotive industry, as well as the public, are optimistic that an AV can perform many basic functions on par with human drivers, few are confident about the security and safety of AVs, especially when AVs are highly vulnerable to potential attacks from cyberspace, as demonstrated in recent series of car hacking incidents. In this project, a team of researchers from Virginia Tech and Washington University aims to address some of the fundamental security and safety challenges for AVs. The research team follows a novel defense-in-depth approach that combines three layers of defense against attacks on software systems, in-vehicle networks, and safety-critical ECUs in an AV. Each layer can be designed and deployed independently from the other layers and when working jointly, they can not only effectively thwart most system and network attacks but also provide fail-operational protection against both known and potentially unforeseen cyberattacks.
The close coupling of AV with cyberspace introduces new security and safety risks that continue to challenge the automobile industry and the computer security community. This project will develop a multi-layer protection framework, S2Guard, that takes a defense-in-depth approach to address a broad range of security and safety issues due to cyberattacks. The first layer aims to enhance the software system security of ECUs with external interfaces by employing hardware-assisted security protection mechanisms. Research in this thrust will focus on devising effective software system design to isolate and protect safety-critical software components, without significantly increasing the trusted computing base while still being able to meet real-time requirements of the system. The second layer aims to defend against attackers that are able to breach the first layer of defense by either physically bypassing it inside the vehicle or exploiting an unforeseen vulnerability. The focus is to build innovative in-vehicle network security mechanisms and enable network-level defenses against adversaries who are capable of sending raw control packets within the in-vehicle network. The last layer of defense aims to offer worst-case safety guarantee to AVs even if an attacker is able to circumvent the first two layers of defenses. The team will develop novel methods to understand the safety rules of autonomous vehicles and provide safety guarantees at runtime. These safety mechanisms are to be deployed in the safety-critical ECUs to automatically detect and correct unsafe ECU behaviors.