Haochen Gong, Siyu Hong, Shenyi Yang, Rui Chang, Wenbo Shen, Ziqi Yuan, Chenyang Yu, and Yajin Zhou, Zhejiang University
As modern in-vehicle infotainment (IVI) systems become more advanced and feature-rich, their complexity increases, expanding the attack surface. Since IVI systems often support vehicle controls, attackers can exploit their vulnerabilities to gain control of the car, posing a dangerous threat to property and personal safety. In this paper, we systematically analyze the attack surface of the Android Automotive Operating System (AAOS). We identify risks across the vehicle control chain, from the human-machine interface through relevant apps and services to the in-vehicle network communication. To prevent these risks, we propose Harness, a lightweight framework that transparently protects vehicle control from untrusted AAOS. Harness defines a minimal protection domain encompassing trusted software with permissions to perform security-critical vehicle control. Leveraging the hypervisor's capabilities, Harness isolates this domain from AAOS and protects its interactions with the external environment, ensuring vehicle control operations align with user intent. We implement Harness, and our evaluation shows it achieves security guarantees with only modest performance overhead.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
