Vehicle Intrusion Resilience Systems in Action
Overview
A modern vehicle is composed of around 100 Electronic Control Unit (ECU) connected via several types of networks. An ECU is an embedded device, similar to a RaspberryPI, running an operating system, e.g., Linux-based or real-time OS, on top of which different software and firmware may run, depending on the application. Due to the imperfection of humans, software can have faults and intrusions, which can lead to catastrophic failures that threatens human lives. A Fault and Intrusion Resilient System (FIRS) is a vehicle middleware that can mask the effect of a failure or intrusion. Contrary to Intrusion Detection and Protection Systems, FIRS ensures the continuation of the function despite intrusions. FIRS works as follows: it allows an application to run different replicas on different ECUs simultaneously. For each function executed by the application, an agreement is collected from a majority of ECUs through the (in-vehicle) network, and the corresponding output is returned. As long as the majority is not compromised, the integrity of the returned output is guaranteed despite the existence of faults or intrusions in the rest of ECUs. We have an implementation of a FIRS protocol that we are experimenting on Omnet++ simulator.
Expected deliverables
The goal of this project is to create a demo that validates the FIRS on a real hardware and software. The intern will build a small testbed of networked embedded devices, e.g., RaspberryPIs or ECUs. Two network types are of particular importance:
- the widely used broadcast-based Control Area Network (CAN), can be built using RaspberryPIs and CAN transceivers; and
- the more recent efficient Ethernet for Automotive that, as the name indicates, has similarities to the Ethernet protocols in IT networks.
The objectives of the work are to understand how FIRS behaves empirically, build the small testbed for validation, and demonstrate the work in a sub-real environment.
Questions and Answers
Where to find answers to Frequently Asked Questions about applying to VSRP?
Contacts
Supervisors
Biography
Paulo Esteves-Veríssimo is a professor in the Computer Science (CS) program at KAUST. Previously, he was a professor and FNR PEARL Chair at the University of Luxembourg's (Uni.lu) Faculty of Science, Technology and Medicine (FSTM). He also led the CritiX Research Lab at the SnT Centre at Uni.lu, which achieved world-class results and established enduring research capacity in resilient computing, cybersecurity, and dependability.
He has also been a professor and a board member of the University of Lisbon (ULisboa), Portugal. At ULisboa, he created the Navigators research group and was the founding director of Laboratório de Sistemas Informáticos de Grande Escala (LaSIGE). From its founding in 1998, the computer science and engineering lab LaSIGE has carried out research in leading-edge areas backed by key indicators of excellence.
He was UNILU-SnT’s representative at the European Cyber Security Organization (ESCO) and member of its Scientific & Technical Committee (STC). He served as Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-chair of the Steering Committee of the IEEE/IFIP DSN conference. He is a Fellow of the IEEE, a Fellow of the ACM and an associate editor of IEEE Transactions on Emerging Topics in Computing (TETC).
Research Interests
Professor Esteves-Veríssimo is interested in architectures, middleware and algorithms for resilient modular and distributed computing. In addition to examining paradigms and techniques that reconcile security and dependability, he also explores novel applications of these paradigms and techniques. By doing so, he achieves system resilience in areas such as autonomous vehicles, distributed control systems, digital health and genomics, and blockchain and cryptocurrency.
Dr. Esteves-Veríssimo’s research has featured in over 200 peer-reviewed international publications and five international books. He has delivered over 70 keynote speeches and distinguished lectures at reputable venues. As a systems and engineering specialist, he has contributed to designing and engineering several advanced industrial prototypes of distributed, fault-tolerant, secure or real-time systems developed through research and development.