Preventing Attack Kill-Chains with a better Security Testbed

  • Join the LiveStream
  • When: April 22, 2021 | noon Eastern Daylight Time (North America)(UTC−04)

    Where: LiveStream

    Who: Sekar Kulandaivel PhD Candidate at Carnegie Mellon University

    Preventing Attack Kill-Chains with a better Security Testbed

    The last few years of my PhD have been pretty exciting. We found some surprising and unexpected vulnerabilities when it comes to onboard vehicle security. Unfortunately, when you string these vulnerabilities together, we can build a new attack kill-chain! This kill-chain lets an attacker use a compromised in-vehicle ECU to target and control another ECU on the CAN bus. In hindsight, these vulnerabilities that enable this kill-chain should have been caught at design time. In this talk, I will present concrete examples of how we identify new vulnerabilities, and I will suggest methods to build a better security testbed. The goal here is to not only capture basic security vulnerabilities, but also capture unforeseen vulnerabilities as a vehicle's complex design changes over time. With this new approach, we can likely worry less about adding new fancy features while not inherently adding new vulnerabilities for tomorrow's attackers.

    About the Presenter:

    Sekar Kulandaivel is an ECE PhD candidate at Carnegie Mellon University, where he is advised by Vyas Sekar and has research appearing in IEEE S&P ‘21 and USENIX Security ’19. He received his BS in 2016 from the University of Maryland, Baltimore County, where he graduated Summa Cum Laude as a Meyerhoff Premier Scholar and an Outstanding Senior with Honors. Sekar has interned at Bosch RTC-NA, STEER Tech and MIT Lincoln Lab on projects related to his interest in automotive network and systems security. He received a first-place team award for an automotive reverse-engineering competition designed by Craig Smith (author of The Car Hacker's Handbook) at DEF CON 24's Car Hacking Village. He has also served as a program committee member for the International Workshop on Automotive and Autonomous Vehicle Security (AutoSec) over the last two years.

    Visit Speaker Profile