Electronic control unit network security

US 9,854,442 B2
Filed: 11/17/2014
Issued: 12/26/2017
Est. Priority Date: 11/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network, comprising the steps of:

operating a network of ECUs that include at least first and second ECUs installed in the vehicle and in communication with each other over the network, wherein the first ECU comprises an external access point that enables access to the network via the first ECU by devices external to the network;

establishing communication between the first ECU and an external device;

providing the external device with limited privilege access to the network via the first ECU, wherein the step of providing limited privilege access comprises one or both of;

(i) sending digital instructions from the first ECU to the second ECU based on a communication received at the first ECU from the external device; and

(ii) transmitting from the vehicle via the first ECU digital data that is sent from the second ECU to the first ECU;

detecting unauthorized escalated privilege access of the first ECU; and

in response to the detection, selectively restricting use of the first ECU as the external access point at least partially, thereby preventing external devices from using the first ECU for the limited privilege access to the network;

wherein the step of providing limited privilege access to the network further comprises providing access to the network under control of an operating system that limits what actions may be initiated by the external device to a subset of all of the actions capable of being carried out using the operating system; and

wherein the step of detecting unauthorized escalated privilege access comprises detecting occurrence of an action at the first ECU that is not within the subset of actions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network. The method carried out by the system operates a network of ECUs that include at least first and second ECUs in communication with each other over the network. The first ECU may be an external access point which can establish communication with an external device. The first ECU provides the external device with limited privilege access to the network. The method further includes detecting unauthorized escalated privilege access of the first ECU, and in response to the detection, at least partially restricting use of the first ECU as the external access point, thereby preventing external devices from using the first ECU for the limited privilege access to the network.

24 Citations

View as Search Results

16 Claims

1. A method of controlling access to a vehicle network that includes a plurality of electronic control units (ECUs) communicating over the network, comprising the steps of:
- operating a network of ECUs that include at least first and second ECUs installed in the vehicle and in communication with each other over the network, wherein the first ECU comprises an external access point that enables access to the network via the first ECU by devices external to the network;
  
  establishing communication between the first ECU and an external device;
  
  providing the external device with limited privilege access to the network via the first ECU, wherein the step of providing limited privilege access comprises one or both of;
  
  (i) sending digital instructions from the first ECU to the second ECU based on a communication received at the first ECU from the external device; and
  
  (ii) transmitting from the vehicle via the first ECU digital data that is sent from the second ECU to the first ECU;
  
  detecting unauthorized escalated privilege access of the first ECU; and
  
  in response to the detection, selectively restricting use of the first ECU as the external access point at least partially, thereby preventing external devices from using the first ECU for the limited privilege access to the network;
  
  wherein the step of providing limited privilege access to the network further comprises providing access to the network under control of an operating system that limits what actions may be initiated by the external device to a subset of all of the actions capable of being carried out using the operating system; and
  
  wherein the step of detecting unauthorized escalated privilege access comprises detecting occurrence of an action at the first ECU that is not within the subset of actions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first ECU communicates with the external device over one or both of a wired connection and a wireless connection.
  - 3. The method of claim 2, wherein the first ECU communicates wirelessly with the external device or is connected to a wireless communication module that enables the first ECU to communicate wirelessly with the external device via the communication module.
  - 4. The method of claim 1, wherein the step of detecting unauthorized escalated privilege access further comprises detecting a command to perform at a superuser level (SUDo) in an operating system (OS) that does not require SUDos or identifying an unauthorized file on the first ECU.
  - 5. The method of claim 1, wherein the step of detecting unauthorized escalated privilege access further comprises running an operating system (OS) on a first central processing unit (CPU) of the ECU, and running an access monitoring process on a second CPU of the ECU, wherein the access monitoring process monitors the OS on the first CPU for activity indicative of unauthorized privilege escalation.
  - 6. The method of claim 1, wherein access to the network from the external device is carried out via the first and second CPUs and wherein the step of at least partially restricting use of the first ECU further comprises blocking communication between the external device and network at the second CPU.
  - 7. The method of claim 1, wherein the step of at least partially restricting use of the first ECU further comprises switching into a blocking mode at the vehicle during which neither step (i) or (ii) are carried out.
  - 8. The method of claim 1, wherein the step of at least partially restricting use of the first ECU further comprises disabling operation of the first ECU as an external access point.
  - 9. The method of claim 1, wherein the step of at least partially restricting use of the first ECU further comprises restricting communication between the first ECU and one or more other ECUs on the network.

10. A vehicle network of electronic control units (ECUs), comprising:
- a plurality of ECUs installed in a vehicle; and
  
  a communication means for enabling communication between one or more of the plurality of ECUs,wherein at least one of the plurality of ECUs is an external access point ECU,wherein the external access point ECU is programmed to execute a process that detects an unauthorized escalation of privileges at the external access point ECU and selectively restricts access via the external access point ECU in response to the detection;
  
  wherein the external access point ECU is programmed to selectively restrict access via the external access point ECU by providing access under control of an operating system that limits what actions may be initiated by an external device to a subset of all of the actions capable of being carried out using the operating system, wherein the unauthorized escalated privilege access is detected when an action at the external access point ECU is detected that is not within the subset of actions.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. A vehicle network as defined in claim 10, wherein the external access point ECU comprises an interface central processing unit (CPU) and a gateway CPU, wherein the interface CPU is configured for communication with an external device, and wherein the gateway CPU is in communication with at least one of other of the plurality of ECUs via the communication means such that access to the at least one other ECU by the external device is carried out via both the interface CPU and the gateway CPU.
  - 12. A vehicle network as defined in claim 11, wherein the process is carried out on the gateway CPU and is operable to monitor the interface CPU for the unauthorized escalation of privileges.
  - 13. A vehicle network as defined in claim 10, wherein the external access point ECU comprises a partitioned central processing unit (CPU) comprising an interface portion and a gateway portion, wherein the interface portion is configured for communication with an external device, and wherein the gateway portion is in communication with at least one of other of the plurality of ECUs via the communication means such that access to the at least one other ECU by the external device is carried out via both the interface portion and the gateway portion.
  - 14. A vehicle network as defined in claim 13, wherein the process is carried out on the gateway portion and is operable to monitor the interface portion for the unauthorized escalation of privileges.
  - 15. A vehicle network as defined in claim 10, wherein the external access point ECU is operable in a normal mode to provide limited privilege access to the network by external devices via the first ECU, and wherein the external access point ECU is operable to switch to a blocking mode in response to detecting the unauthorized escalation of privileges at the external access point ECU, wherein the blocking mode prevents the limited privilege access by the external devices.
  - 16. A vehicle network as defined in claim 10, wherein the process comprises a root detection program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GM Global Technology Operations LLC (General Motors Company)
Original Assignee
GM Global Technology Operations LLC (General Motors Company)
Inventors
Mazzara, Jr., William E.
Primary Examiner(s)
LE, CHAU D

Application Number

US14/543,120
Publication Number

US 20160142410A1
Time in Patent Office

1,135 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/105   Multiple levels of security

H04L 67/04   specially adapted for termi...

H04L 67/12   specially adapted for propr...

H04L 67/535   Tracking the activity of th...

H04W 12/08   Access security

H04W 12/128   Anti-malware arrangements, ...

H04W 4/40   for vehicles, e.g. vehicle-...

Electronic control unit network security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Electronic control unit network security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others