Photo: PCMag
The more advanced the cars we’re driving these days get, the bigger the chances for malicious actors to find a way to break into their systems, as the software powering them is becoming more complex, very often leaving behind a series of flaws.
Dealing with these potential vulnerabilities is the goal of a new project launched by security researchers at the University of Michigan using a grant from the Defense Advanced Research Projects Agency, or DARPA.
The researchers involved in the project explain that what they’re trying to build is a self-contained software system that would be aimed not only at cars but also at large vehicles such as spacecraft and drones.
Using the $1.8 million grant, the four-year project is called Ironpatch, and it comes down to micropatches that allow vulnerabilities to be patched without the need for recompiling the software.
Ironpatch will rely on two complex mathematical equations to patch vulnerabilities in the software powering a vehicle. And the goal is for the system to automatically generate and deploy a patch whenever a vulnerability is discovered.
“Because we don’t have a replica of the system to test the patch on, we need another way to demonstrate that the micropatch won’t alter the baseline functionality of the system,” assistant professor Manos Kapritsos said. “So we use mathematical proofing to reason within the binary code, showing that the patched version and the original version have the same functionality.”
At first, the project is specifically aimed at trucks and spacecraft, but the researchers explain that it could be eventually be used on cars too. The fix can be applied locally, without the need for a remote connection to the computer.
“It could be used to keep cars more secure, or even other types of computers like smart home components or legacy systems. It would be possible to do an audit, to go in and make sure the software is secure and is doing what it says it’s doing,” Department of Electrical Engineering and Computer science professor Westley Weimer concluded.
The researchers involved in the project explain that what they’re trying to build is a self-contained software system that would be aimed not only at cars but also at large vehicles such as spacecraft and drones.
Using the $1.8 million grant, the four-year project is called Ironpatch, and it comes down to micropatches that allow vulnerabilities to be patched without the need for recompiling the software.
Ironpatch will rely on two complex mathematical equations to patch vulnerabilities in the software powering a vehicle. And the goal is for the system to automatically generate and deploy a patch whenever a vulnerability is discovered.
“Because we don’t have a replica of the system to test the patch on, we need another way to demonstrate that the micropatch won’t alter the baseline functionality of the system,” assistant professor Manos Kapritsos said. “So we use mathematical proofing to reason within the binary code, showing that the patched version and the original version have the same functionality.”
At first, the project is specifically aimed at trucks and spacecraft, but the researchers explain that it could be eventually be used on cars too. The fix can be applied locally, without the need for a remote connection to the computer.
“It could be used to keep cars more secure, or even other types of computers like smart home components or legacy systems. It would be possible to do an audit, to go in and make sure the software is secure and is doing what it says it’s doing,” Department of Electrical Engineering and Computer science professor Westley Weimer concluded.
Google News