AutoCHERIšŸ’

Cyber security is of critical importance to the automotive industry, as the volume and complexity of hacks is increasing. Securing Connected and Autonomous Vehicles (CAVs) is a particular challenge as they expose a multitude of wireless interfaces and process data from untrusted, external systems via: cellular, GPS, Wi-Fi/BT, C-V2X, camera and sensor inputs.

The AutoCHERIšŸ’ project is focussed on the area of CAV cyber security and the opportunities and challenges that CHERI might bring in this sector.


This project site covers:


Project Summary

This project has three main goals:

  1. Demonstrate CHERI technology for cyber critical and safety critical applications by:
    - Developing a TCU based on Morello architecture for each use case, and
    - Measure the security / safety / performance trade-offs and the impact of CHERI
  2. Assess go-to-market routes for CHERI based products in the automotive industry
  3. Explore how this ties in with the emerging, global vehicle cyber security regulations

The performance-vs-security trade-off manifests differently depending on the workload being processed by the system.

A large part of the project is focussed on analysing, threat modelling and implementing a number of specific use cases. With these specific workloads, we can then compare the performance impact of enabling CHERI capabilities and understand if what types of workload CHERI might be more or less appropriate for. The use cases that are being evaluated:

  1. Vehicle diagnostics data - Processing data from CAN, through the TCU and up to the cloud.
  2. OTA software update of TCU - Pulling software packages from the cloud, cryptographically verifying them.
  3. V2I traffic advisory - Communicating with roadside infrastructure via cellular-V2X protocols.
  4. Teleoperation - Monitoring latency in safety critical operations to observe where additional processing would cause an impact.
  5. OTA software update of RISC-V vehicle ECUs - For a RISC-V CHERI ECU, pulling software packages from the cloud and updating them over CAN using UDS.

Consortium Partners

This project is made possible by the cross-sector collaboration of the consortium members:

Beam-Connectivity Applus-IDIADA Beam-Connectivity Beam-Connectivity Beam-Connectivity

DSbD Technologies

What is CHERI?

CHERI stands for Capability Hardware Enhanced RISC Instructions. CHERI extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization.

Memory-safe pointers: The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.

Compartmentalization: The CHERI scalable compartmentalization features enable the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities in ways that are not supported by current architectures.

Read more about CHERI from University of Cambridge

The Morello prototyping platform

Morello is Armā€™s implementation of CHERI on Arm v8.2 architecture. It is a development board, compiler & toolchain to allow us to write programs and run them leveraging CHERI

So for our project, Morello is the platform to prove the efficacy of CHERI in the automotive domain.

Read more about Armā€™s Morello Program

CHERI-Enabled RISC-V

An extension of RISC-V to support CHERI-based capabilities (CHERI-RISC-V) has been developed, providing an open-source alternative to Morello.

This provides exciting opportunities for companies to begin prototyping and commercializing CHERI technology, and some companies such as Codasip have made commercial CHERI-enabled RISC-V processors available.


Find out more

AutoCHERI Project Showcase

Watch the video we created to explain the work weā€™ve done. Includes perspectives from our project partners on why our work is impactful, and footage from our on-track testing.

https://www.youtube.com/watch?v=dwkpQC-laIU

Presentations


Automotive Security by Design Summit

The AutoCHERI consortium hosted a workshop on 01 February 2024 to bring together leaders in automotive cyber security to discuss the challenges the industry is facing. With a focus on taking a holistic, security by design approach, the delegates explored the value that secure hardware foundations can bring to the automotive industry.

Summit delegates included experts from a number of sectors including: Tier 1s, automotive OEMs, academia, semiconductor design, and cyber security.

Beam-Connectivity

Presentations and Demos

The presentations included:

  1. Cybersecurity and Resilience in Automotive Hardware: The Challenges Ahead - Paul Wooderson, Chief Engineer, Cybersecurity, HORIBA MIRA
  2. Automotive Cyber Security: From a Connectivity Viewpoint - Thomas Sors, CEO, Beam Connectivity
  3. Enhanced Hardware Silver Bullet or Lead Weight and why it matters whether you are werewolf or fish - Peter Davies, Technical Director, THALES
  4. AESIN: The UK Automotive Electronics Systems Innovation Network - Gunny Ghadyalla, Director, AESIN

Beam-Connectivity

Workshop

The workshop was focussed on cyber security challenges introduced by a supply chain complexity and the evolving vehicle architectures - setting our time horizon to 5+ years in the future.

The workshop sessions considered three specific questions:

  1. As vehicle platforms evolve towards more consolidated compute hardware, how can cyber-critical & performance-sensitive processes be isolated from each other?
  2. As software content increases & software supply chain becomes more complex, how can the quality & security of all the dependencies be ensured to prevent huge loss and damage in years to come?
  3. There are numerous areas of cyber resilience that need attention in the automotive industry. What are the major challenge areas?

There were also demonstrations from AutoCHERI and ResAuto innovation projects showed how advanced hardware security might be applied.

Beam-Connectivity Beam-Connectivity