Modern Automotive Vulnerabilities: Causes, Disclosures, and Outcomes

Monday, January 25, 2016 - 1:30pm2:00pm

Stefan Savage, Professor, Department of Computer Science and Engineering, University of California, San Diego

Abstract: 

Over the last six years, a range of research has transformed our understanding of automobiles. What we traditionally envisioned as mere mechanical conveyances are now more widely appreciated as complex distributed systems "with wheels." A car purchased today has virtually all aspects of its physical behavior mediated through dozens of microprocessors, themselves networked internally, and connected to a range of external digital channels. As a result, software vulnerabilities in automotive firmware potentially allow an adversary to obtain arbitrary control over the vehicle. Indeed, multiple research groups have been able to demonstrate such remote control of unmodified automobiles from a variety of manufacturers. In this talk, I'll highlight how our understanding of automotive security vulnerabilities has changed over time, how unique challenges in the automotive sector give rise to these problems, and how different approaches to disclosure have played a role in driving industry and government response.

Stefan Savage, Professor, Department of Computer Science and Engineering, University of California, San Diego

Stefan Savage is part of the Systems & Networking and Security research groups at the University of California, San Diego. His interests are all over the map, ranging from the economics of e-crime, to characterizing availability, to automotive systems to routing protocols, data center virtualization and back again. He has very broad interests (i.e. "try me if you have a crazy idea").

Stefan got his undergrad degree in Applied History from CMU and his Ph.D. from the University of Washington (courtesy Brian Bershad and Tom Anderson). He was Co-founder and Chief Scientist at Asta Networks (now kaput), served on the Strategy Advisory Council of Rendition Networks (since acquired by OpsWare) and helped develop some of the technology used by Netsift (since acquired by Cisco). He does other consulting here and there.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@conference {206260,
author = {Stefan Savage},
title = {Modern Automotive Vulnerabilities: Causes, Disclosures, and Outcomes},
year = {2016},
address = {San Francisco, CA},
publisher = {{USENIX} Association},
month = jan,
}

Presentation Video 

Website Maintenance Alert

Due to scheduled maintenance on Wednesday, October 16, from 10:30 am to 4:30 pm Pacific Daylight Time (UTC -7), parts of the USENIX website (e.g., conference registration, user account changes) may not be available. We apologize for the inconvenience.

If you are trying to register for LISA19, please complete your registration before or after this time period.