ECU Cyber Security: SELinux & Host Protection – PlaxidityX Ep 3

00:00:00:08 - 00:00:03:11 Automotive Cybersecurity Podcast Host Welcome to cars, hackers, and cybersecurity. 00:00:04:00 - 00:00:07:00 Automotive Cybersecurity Podcast Host Here we break down the latest in automotive cybersecurity, 00:00:07:00 - 00:00:10:15 Automotive Cybersecurity Podcast Host helping you stay ahead in building secure connected vehicles. 00:00:12:16 - 00:00:23:21 Automotive Cybersecurity Podcast Host Hi. Today we'll discuss the role of SELinux and host protection in safeguarding vehicle ECUs or electronic control units from evolving and robust cyber threats. 00:00:23:21 - 00:00:24:17 Automotive Cybersecurity Podcast Host ECUs, 00:00:24:17 - 00:00:26:16 Automotive Cybersecurity Podcast Host or the intelligence hub of a vehicle 00:00:26:16 - 00:00:31:06 Automotive Cybersecurity Podcast Host responsible for controlling media and entertainment, external communication 00:00:31:06 - 00:00:52:07 Automotive Cybersecurity Podcast Host and other functions. With the emergence of software-defined vehicles, these ECUs are now interconnected, communicating with each other and external networks. While this increased connectivity enables enhanced functionality and convenience, it also expands the attack surface with respect to software vulnerabilities and other cyber threats. 00:00:52:09 - 00:00:59:01 Automotive Cybersecurity Podcast Host ECUs that run on Linux, and some that run on Android, come with a free, open-source layer of protection known as 00:00:59:01 - 00:01:00:02 Automotive Cybersecurity Podcast Host Linux 00:01:00:02 - 00:01:23:17 Automotive Cybersecurity Podcast Host Security-Enhanced Linux. While SELinux is an effective general-purpose tool for software developers, it doesn't check all the boxes from an automotive cybersecurity standpoint. Accordingly, many OEMs are deploying intrusion detection and prevention systems (IDPs) to protect their in-vehicle networks and components and to comply with emerging automotive cybersecurity regulations and standards. 00:01:23:17 - 00:01:28:14 Automotive Cybersecurity Podcast Host For example, ISO 21434, UNR 155, 00:01:28:14 - 00:01:30:11 Automotive Cybersecurity Podcast Host and Chinese GB/T regulations. 00:01:30:13 - 00:01:39:21 Automotive Cybersecurity Podcast Host In this post, we'll review why OEMs and tier-one suppliers need more than SELinux to protect connected ECUs from sophisticated cyber threats. 00:01:40:00 - 00:01:43:03 Automotive Cybersecurity Podcast Host SELinux in automotive: strengths and challenges. 00:01:43:24 - 00:02:11:02 Automotive Cybersecurity Podcast Host SELinux is a Linux kernel security module that provides a mechanism for managing and enforcing access control security policies set by the system administrator for users, programs, and services. As such, applications within any Linux-enabled environment are protected from attempts to access system resources beyond their designated boundaries. This safeguard ensures the consistent and secure behavior of applications. 00:02:11:04 - 00:02:14:17 Automotive Cybersecurity Podcast Host SELinux plays a pivotal role in managing and securing automotive 00:02:14:17 - 00:02:15:13 Automotive Cybersecurity Podcast Host ECUs, 00:02:15:13 - 00:02:39:24 Automotive Cybersecurity Podcast Host that run on Linux. It offers granular control over system processes, enhancing the security of mission-critical vehicle systems. This functionality is crucial for both OEMs and tier-one suppliers looking to protect vehicle ECUs from increasingly sophisticated cyber threats. Despite its strengths, the implementation of SELinux in the automotive sector encounters several industry-specific challenges. 00:02:40:15 - 00:02:43:17 Automotive Cybersecurity Podcast Host Maximizing security without compromising functionality. 00:02:44:07 - 00:02:50:11 Automotive Cybersecurity Podcast Host When implementing cybersecurity, there's a constant need to balance between minimizing the attack surface, 00:02:50:11 - 00:02:51:05 Automotive Cybersecurity Podcast Host For example, 00:02:51:05 - 00:03:11:16 Automotive Cybersecurity Podcast Host limiting the system and allowing the capabilities needed for normal system functionality. In other words, you want to harden the system against abnormal behavior, but you also need to keep it open enough to enable routine operations. This requires the flexibility to limit capabilities for one process while allowing the same capabilities for another. 00:03:11:18 - 00:03:13:11 Automotive Cybersecurity Podcast Host This is difficult to achieve using 00:03:13:11 - 00:03:14:12 Automotive Cybersecurity Podcast Host Linux 00:03:15:20 - 00:03:18:19 Automotive Cybersecurity Podcast Host The need for real-time response capabilities. 00:03:20:00 - 00:03:33:21 Automotive Cybersecurity Podcast Host Hardening protection layers like SELinux are an excellent starting point, but they are static and not built to respond to rapidly evolving attack techniques. In contrast, an agnostic, flexible solution 00:03:33:21 - 00:03:34:15 Automotive Cybersecurity Podcast Host For example, 00:03:34:15 - 00:03:47:09 Automotive Cybersecurity Podcast Host combining SELinux with EDR (endpoint detection and response) or automotive IDPs can provide comprehensive, in-depth protection in a dynamic manner without requiring constant maintenance. 00:03:48:09 - 00:03:50:09 Automotive Cybersecurity Podcast Host Logging of security events. 00:03:51:01 - 00:04:07:02 Automotive Cybersecurity Podcast Host This is a standard feature in SELinux. The hard part is handling the logs once they are created. This includes collecting and storing the events, filtering them, and sending them to a backend management system for analysis. This might sound simple from an IT perspective, 00:04:07:02 - 00:04:11:11 Automotive Cybersecurity Podcast Host but the truth is that most OEMs cannot support this functionality today. 00:04:11:13 - 00:04:15:13 Automotive Cybersecurity Podcast Host Moreover, these logging activities are explicitly required for compliance with 00:04:15:13 - 00:04:16:10 Automotive Cybersecurity Podcast Host UNR 00:04:17:01 - 00:04:18:08 Automotive Cybersecurity Podcast Host 155 and GB. 00:04:19:00 - 00:04:20:06 Automotive Cybersecurity Podcast Host Open source. 00:04:20:23 - 00:04:45:23 Automotive Cybersecurity Podcast Host Open-source software is great for developers, but it can be a double-edged sword from a security standpoint, since the code is readily available and anyone can see how it's implemented. Persistent hackers can eventually find a way to bypass it. Since SELinux can be used for various purposes and is not required for every application, it is removable by design and could be disabled by sophisticated malware. 00:04:46:21 - 00:04:48:07 Automotive Cybersecurity Podcast Host Maintainability. 00:04:48:19 - 00:04:59:09 Automotive Cybersecurity Podcast Host Another drawback of open source is that you need to maintain it over time. Each time you upgrade your own application, you need to check its compatibility with SELinux 00:04:59:09 - 00:05:16:07 Automotive Cybersecurity Podcast Host and vice versa. For example, you need to be aware of bug fixes and upgrades in SELinux and then adapt and update your code to support those updates. In contrast to proprietary software, open-source offers no support and no upgrades. 00:05:16:09 - 00:05:36:00 Automotive Cybersecurity Podcast Host If, for instance, a new requirement is added to a regulation, software vendors serving the automotive industry would address it immediately. Using open source, you would have to rely on internet forums for assistance or use your own resources to meet the requirements. One layer of security is not enough. 00:05:36:16 - 00:05:43:15 Automotive Cybersecurity Podcast Host By way of analogy, if you're trying to protect a famous art museum, you're going to do more than just lock the front gate. 00:05:43:17 - 00:06:10:16 Automotive Cybersecurity Podcast Host You're probably also going to install cameras, motion sensors, and other devices to protect against unauthorized entry. It's too risky to rely on a single layer of security, because that leaves you with a single point of failure, which is unacceptable for art museums and for automotive systems. One of the basic tenets of cybersecurity is that a single layer of protection is not enough to address all the relevant attack vectors, exploits, and scenarios. 00:06:10:18 - 00:06:25:15 Automotive Cybersecurity Podcast Host SELinux in particular can be easily bypassed or disabled, as demonstrated many times by our research department. This is another important reason why Linux shouldn't be relied upon as a single layer of protection. 00:06:25:15 - 00:06:28:08 Automotive Cybersecurity Podcast Host Meeting automotive cybersecurity requirements. 00:06:29:09 - 00:06:36:02 Automotive Cybersecurity Podcast Host The need for multiple layers of security is especially true for today's ECUs, which are comprised of software 00:06:36:02 - 00:06:51:04 Automotive Cybersecurity Podcast Host and other components from multiple vendors. This diverse, tiered ecosystem can create integration issues and unforeseen security vulnerabilities. Accordingly, OEMs require holistic security solutions that provide a comprehensive security picture 00:06:51:04 - 00:06:55:06 Automotive Cybersecurity Podcast Host rather than specific hardening on a trial-and-error basis. 00:06:55:09 - 00:07:16:01 Automotive Cybersecurity Podcast Host SELinux policies are primarily designed around the standard Linux usage paradigm, which does not always align with automotive-specific needs. It is often based on a trial-and-error approach and lacks features and shortcuts that are specific to automotive applications, making it difficult to define the scenarios and use cases required to secure a vehicle, 00:07:16:01 - 00:07:16:20 Automotive Cybersecurity Podcast Host For example, 00:07:16:24 - 00:07:18:06 Automotive Cybersecurity Podcast Host protecting kernel parameters. 00:07:19:06 - 00:07:24:14 Automotive Cybersecurity Podcast Host Host protection and IDPs: bridging the gaps in ECU cybersecurity. 00:07:25:01 - 00:07:34:18 Automotive Cybersecurity Podcast Host Reflecting this multi-layered approach, many OEMs have chosen to deploy host IDPs protection solutions as an additional layer of ECU security 00:07:34:18 - 00:07:50:08 Automotive Cybersecurity Podcast Host on top of SELinux. Host protection is designed to address the unique needs of automotive security, complementing the existing SELinux functionality. Based on simple, easily configurable rules, host protection fills certain security gaps 00:07:50:08 - 00:07:53:15 Automotive Cybersecurity Podcast Host that SELinux might not address or struggles to control, 00:07:53:15 - 00:07:55:14 Automotive Cybersecurity Podcast Host such as strict execution controls. 00:07:55:14 - 00:08:00:18 Automotive Cybersecurity Podcast Host Together, SELinux and host protection provide OEMs with a secure 00:08:00:18 - 00:08:07:17 Automotive Cybersecurity Podcast Host automotive-grade system solution by offering the following additional layers of security protection. 00:08:08:08 - 00:08:09:22 Automotive Cybersecurity Podcast Host Host IDPs 00:08:09:22 - 00:08:27:19 Automotive Cybersecurity Podcast Host protection enhances ECU protection by ensuring the integrity and authenticity of all executables and special files. Each executable running in the system should be identical to the certificate signed by the OEM. If any change or modification to the file is detected, the file is blocked. 00:08:27:21 - 00:08:36:09 Automotive Cybersecurity Podcast Host In addition, host protection allows users to create rules that cover multiple automotive-specific scenarios and prevent their exploitation. 00:08:36:18 - 00:08:37:21 Automotive Cybersecurity Podcast Host Detection. 00:08:38:05 - 00:08:51:13 Automotive Cybersecurity Podcast Host Going back to our example, the protection layer locks the gate, and the detection layer corresponds to the cameras and sensors around and inside the museum. Host protection systems typically include bundles of sensors on the 00:08:51:13 - 00:08:52:09 Automotive Cybersecurity Podcast Host ECUs, 00:08:52:09 - 00:08:55:06 Automotive Cybersecurity Podcast Host that can sense abnormal behaviors of the system. 00:08:55:08 - 00:09:08:09 Automotive Cybersecurity Podcast Host This also includes a dedicated sensor to monitor SELinux itself, to make sure that it has not been removed or tampered with, and monitor system measurements, CPU utilization, etc., to facilitate further investigation. 00:09:08:18 - 00:09:09:22 Automotive Cybersecurity Podcast Host Logging. 00:09:10:06 - 00:09:14:11 Automotive Cybersecurity Podcast Host This layer consists of collecting and managing all the SELinux logs 00:09:14:11 - 00:09:20:23 Automotive Cybersecurity Podcast Host and all other security events in the system, and sending them as security events to the Intrusion Detection System Manager 00:09:20:23 - 00:09:24:03 Automotive Cybersecurity Podcast Host or other configured sync for aggregation and filtering. 00:09:24:05 - 00:09:26:08 Automotive Cybersecurity Podcast Host These operational functions are mandated by 00:09:26:08 - 00:09:27:03 Automotive Cybersecurity Podcast Host UNR 00:09:27:03 - 00:09:28:10 Automotive Cybersecurity Podcast Host 155 and GB. 00:09:28:10 - 00:09:31:24 Automotive Cybersecurity Podcast Host They complement the basic logging functionality in SELinux. 00:09:32:07 - 00:09:39:17 Automotive Cybersecurity Podcast Host As mentioned earlier, each of these layers is essential for OEMs looking to protect their vehicles and ECUs from cyber attacks, 00:09:39:17 - 00:09:46:04 Automotive Cybersecurity Podcast Host as well as for facilitating compliance with cybersecurity requirements for type approval. 00:09:46:06 - 00:09:47:21 Automotive Cybersecurity Podcast Host Bottom line. 00:09:48:09 - 00:10:19:11 Automotive Cybersecurity Podcast Host While Linux provides excellent value for developers, there is still a need to complement SELinux with additional layers of automotive-grade security in order to protect Linux-based ECUs and meet regulatory requirements. The combination of SELinux and host IDPs protection represents a powerful synergy in automotive cybersecurity. SELinux provides a robust foundation, while host protection offers the agility and specificity required to address the unique challenges 00:10:19:11 - 00:10:21:05 Automotive Cybersecurity Podcast Host of the automotive industry. 00:10:21:07 - 00:10:30:23 Automotive Cybersecurity Podcast Host This dual approach ensures that vehicles are not only equipped to handle current cybersecurity threats but are also prepared for the evolving challenges of the future. 00:10:31:19 - 00:10:37:17 Automotive Cybersecurity Podcast Host That's all for today's episode. Keep your engines running smoothly and your cyber defenses sharp. 00:10:37:17 - 00:10:42:05 Automotive Cybersecurity Podcast Host Stay connected by subscribing and visiting PlacidittyX.com. 00:10:42:05 - 00:10:46:05 Automotive Cybersecurity Podcast Host Until next time, stay safe on the road and in the cloud.