Cyber security is of critical importance to the automotive industry, as the volume and complexity of hacks is increasing. Securing Connected and Autonomous Vehicles (CAVs) is a particular challenge as they expose a multitude of wireless interfaces and process data from untrusted, external systems via: cellular, GPS, Wi-Fi/BT, C-V2X, camera and sensor inputs.
The AutoCHERI🍒 project is focussed on the area of CAV cyber security and the opportunities and challenges that CHERI might bring in this sector.
This project site covers:
This project has three main goals:
- Demonstrate CHERI technology for cyber critical and safety critical applications by:
- Developing a TCU based on Morello architecture for each use case, and
- Measure the security / safety / performance trade-offs and the impact of CHERI
- Assess go-to-market routes for CHERI based products in the automotive industry
- Explore how this ties in with the emerging, global vehicle cyber security regulations
The performance-vs-security trade-off manifests differently depending on the workload being processed by the system.
A large part of the project is focussed on analysing, threat modelling and implementing a number of specific use cases. With these specific workloads, we can then compare the performance impact of enabling CHERI capabilities and understand if what types of workload CHERI might be more or less appropriate for. The use cases that are being evaluated:
- Vehicle diagnostics data - Processing data from CAN, through the TCU and up to the cloud.
- OTA software update of TCU - Pulling software packages from the cloud, cryptographically verifying them.
- V2I traffic advisory - Communicating with roadside infrastructure via cellular-V2X protocols.
- Teleoperation - Monitoring latency in safety critical operations to observe where additional processing would cause an impact.
- OTA software update of RISC-V vehicle ECUs - For a RISC-V CHERI ECU, pulling software packages from the cloud and updating them over CAN using UDS.
This project is made possible by the cross-sector collaboration of the consortium members:
- Beam Connectivity - Project lead, implementation and integration of CHERI based automotive component
- Applus IDIADA - Systems engineering, validation and regulatory analysis
- CSA Catapult - Industry stakeholder engagement and market analysis
- University of Exeter - Software engineering support for CHERI
- Swansea University - Cyber security analysis and threat modelling
What is CHERI?
CHERI stands for Capability Hardware Enhanced RISC Instructions. CHERI extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization.
- Started in 2010, DARPA (US Defence Advanced Research Projects Agency) funded a joint research project of SRI International and the University of Cambridge.
- Over the last decade, many organisations have collaborated on CHERI including: Microsoft, Google and many universities.
- It is a new CPU instruction set architecture that offers two new features: 1) Enforces memory safety of pointers; 2) Introduces compartmentalisation.
Memory-safe pointers: The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.
Compartmentalization: The CHERI scalable compartmentalization features enable the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities in ways that are not supported by current architectures.
Read more about CHERI from University of Cambridge
The Morello prototyping platform
Morello is Arm’s implementation of CHERI on Arm v8.2 architecture. It is a development board, compiler & toolchain to allow us to write programs and run them leveraging CHERI
So for our project, Morello is the platform to prove the efficacy of CHERI in the automotive domain.
Read more about Arm’s Morello Program
An extension of RISC-V to support CHERI-based capabilities (CHERI-RISC-V) has been developed, providing an open-source alternative to Morello.
This provides exciting opportunities for companies to begin prototyping and commercializing CHERI technology, and some companies such as Codasip have made commercial CHERI-enabled RISC-V processors available.
Find out more
AutoCHERI Project Showcase
Watch the video we created to explain the work we’ve done. Includes perspectives from our project partners on why our work is impactful, and footage from our on-track testing.
- 01/02/2024 - AutoCHERI Summit, February 2024 - PDF slides
- 17/01/2023 - Lesson from Integrating Morello into vehicle systems - PDF slides, Webcast video
- 13/10/2022 - DSbD All Hands, October 2022 - PDF slides
News & Links
- 30/01/2024 - Infosecurity Europe article on Digital Security By Design - https://www.infosecurityeurope.com/en-gb/blog/future-thinking/dsbd-vulnerability-management-cycle.html
- 31/04/2023 - CISA Paper on Digital Security by Design (DSbD) mentioning CHERI - https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default
- 06/02/2023 - Microsoft implementing CHERI on RISC-V - https://www.microsoft.com/en-us/research/publication/cheriot-rethinking-security-for-low-cost-embedded-systems/
- 21/11/2022 - Protecting OpenSSL with CHERI, from NquiringMinds - https://manysecured.net/openssl/
- 19/07/2022 - Beam Connectivity announce AutoCHERI kick-off - https://www.beamconnectivity.com/blog/autocheri-project-announcement
- 20/10/2022 - Microsoft on CHERI - https://msrc.microsoft.com/blog/2022/01/an_armful_of_cheris/
- 15/12/2021 - UK Government announces AutoCHERI funding - https://www.ukri.org/news/government-announces-new-national-cyber-strategy
Automotive Security by Design Summit
The AutoCHERI consortium hosted a workshop on 01 February 2024 to bring together leaders in automotive cyber security to discuss the challenges the industry is facing. With a focus on taking a holistic, security by design approach, the delegates explored the value that secure hardware foundations can bring to the automotive industry.
Summit delegates included experts from a number of sectors including: Tier 1s, automotive OEMs, academia, semiconductor design, and cyber security.
Presentations and Demos
The presentations included:
- Cybersecurity and Resilience in Automotive Hardware: The Challenges Ahead - Paul Wooderson, Chief Engineer, Cybersecurity, HORIBA MIRA
- Automotive Cyber Security: From a Connectivity Viewpoint - Thomas Sors, CEO, Beam Connectivity
- Enhanced Hardware Silver Bullet or Lead Weight and why it matters whether you are werewolf or fish - Peter Davies, Technical Director, THALES
- AESIN: The UK Automotive Electronics Systems Innovation Network - Gunny Ghadyalla, Director, AESIN
The workshop was focussed on cyber security challenges introduced by a supply chain complexity and the evolving vehicle architectures - setting our time horizon to 5+ years in the future.
The workshop sessions considered three specific questions:
- As vehicle platforms evolve towards more consolidated compute hardware, how can cyber-critical & performance-sensitive processes be isolated from each other?
- As software content increases & software supply chain becomes more complex, how can the quality & security of all the dependencies be ensured to prevent huge loss and damage in years to come?
- There are numerous areas of cyber resilience that need attention in the automotive industry. What are the major challenge areas?
There were also demonstrations from AutoCHERI and ResAuto innovation projects showed how advanced hardware security might be applied.