Electronic control unit network security
First Claim
1. A method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network, comprising the steps of:
- operating a network of ECUs that include at least first and second ECUs installed in the vehicle and in communication with each other over the network, wherein the first ECU comprises an external access point that enables access to the network via the first ECU by devices external to the network;
establishing communication between the first ECU and an external device;
providing the external device with limited privilege access to the network via the first ECU, wherein the step of providing limited privilege access comprises one or both of;
(i) sending digital instructions from the first ECU to the second ECU based on a communication received at the first ECU from the external device; and
(ii) transmitting from the vehicle via the first ECU digital data that is sent from the second ECU to the first ECU;
detecting unauthorized escalated privilege access of the first ECU; and
in response to the detection, selectively restricting use of the first ECU as the external access point at least partially, thereby preventing external devices from using the first ECU for the limited privilege access to the network;
wherein the step of providing limited privilege access to the network further comprises providing access to the network under control of an operating system that limits what actions may be initiated by the external device to a subset of all of the actions capable of being carried out using the operating system; and
wherein the step of detecting unauthorized escalated privilege access comprises detecting occurrence of an action at the first ECU that is not within the subset of actions.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network. The method carried out by the system operates a network of ECUs that include at least first and second ECUs in communication with each other over the network. The first ECU may be an external access point which can establish communication with an external device. The first ECU provides the external device with limited privilege access to the network. The method further includes detecting unauthorized escalated privilege access of the first ECU, and in response to the detection, at least partially restricting use of the first ECU as the external access point, thereby preventing external devices from using the first ECU for the limited privilege access to the network.
24 Citations
16 Claims
-
1. A method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network, comprising the steps of:
-
operating a network of ECUs that include at least first and second ECUs installed in the vehicle and in communication with each other over the network, wherein the first ECU comprises an external access point that enables access to the network via the first ECU by devices external to the network; establishing communication between the first ECU and an external device; providing the external device with limited privilege access to the network via the first ECU, wherein the step of providing limited privilege access comprises one or both of; (i) sending digital instructions from the first ECU to the second ECU based on a communication received at the first ECU from the external device; and (ii) transmitting from the vehicle via the first ECU digital data that is sent from the second ECU to the first ECU; detecting unauthorized escalated privilege access of the first ECU; and in response to the detection, selectively restricting use of the first ECU as the external access point at least partially, thereby preventing external devices from using the first ECU for the limited privilege access to the network; wherein the step of providing limited privilege access to the network further comprises providing access to the network under control of an operating system that limits what actions may be initiated by the external device to a subset of all of the actions capable of being carried out using the operating system; and wherein the step of detecting unauthorized escalated privilege access comprises detecting occurrence of an action at the first ECU that is not within the subset of actions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A vehicle network of electronic control units (ECUs), comprising:
-
a plurality of ECUs installed in a vehicle; and a communication means for enabling communication between one or more of the plurality of ECUs, wherein at least one of the plurality of ECUs is an external access point ECU, wherein the external access point ECU is programmed to execute a process that detects an unauthorized escalation of privileges at the external access point ECU and selectively restricts access via the external access point ECU in response to the detection; wherein the external access point ECU is programmed to selectively restrict access via the external access point ECU by providing access under control of an operating system that limits what actions may be initiated by an external device to a subset of all of the actions capable of being carried out using the operating system, wherein the unauthorized escalated privilege access is detected when an action at the external access point ECU is detected that is not within the subset of actions. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification