GRIMM's Defensive Automotive Engineering Training at Washtenaw Community College
with AutoSec Team
In this course, participants will gain an understanding of the automotive cybersecurity threat-landscape from an attackers perspective. Automotive attack surfaces will be highlighted, with a focus on attack techniques to provide insight into creating better defensive designs. In addition to traditional course lectures, the attendee will benefit from hands-on offensive exercises in a lab environment. These exercises will ensure each student cements their new-found comprehension of real-world exploitation. Participants will enhance their abilities to integrate defensive security measures into their vehicle networks.
This 5-day course will expose each student to the attacker’s perspective of automotive security. Each day the student will have hands-on labs to complement the days lecture. During this week students will learn to develop strategies for minimizing attack surfaces and creating designs that are more resistant to security breaches. They will leave the course knowing:
- How to think about attackers and security in Automotive Design
- What lengths attackers can and will go to in order to
- What kinds of information/capability is available to attackers, how to discover it, and how to use it
- Pragmatic approaches to managing risk in vehicle networks
- How to improve Automotive Cybersecurity today, planning for the complete vehicle lifecycle
- Strategies for Connected Legacy Vehicles
- Where to apply significant security resources to the best result
Building on Real-World examples, students will gain hands-on experience and classroom details of many currently-deployed security problems -- and how to detect, avoid, and fix them -- including:
- Poor Cryptographic Implementations
- Code Signing Flaws
- Code Management Issues
- UDS Design and Implementation Bugs
- Code Update Design Flaws
- Inter-ECU Communication Weaknesses
And the basics of Reverse Engineering of Hardware and Software to make it all real.
- Approach to Secure Design Thinking.
- CAN Tools and Low-Level Interactions
- ISO-TP Details
- Interactive UDS
- J2534, Software Updates, and ECU Configuration
- Introduction to Hardware Reverse Engineering
- Remote Code Execution
- FlexRay, LIN, and other modern communication Details
- Infotainment Flaws and Remedies
- Telematics Attack Surface and Current Design Flaws
- J1939 and CAN
- Supply Chain Woes and Guidance
- Automotive Risk Assessment
- Remote Keyless Entry and Passive/Proximity Key Problems
- Introduction to Software Reverse Engineering
- Vehicle to Everything (V2X) Attack Surface and Methods
- Automotive Ethernet
- Capture The Flag!
Things Students Should Know
GRIMM’s trainers strive to accommodate students with all levels of technical knowledge. However, students with some technical background and knowledge of automotive technologies will glean more from the hands-on lab portions of the course. Additionally, several of the tools used will be learned more easily by students with a passable understanding of a programming language (e.g, have written more than a “Hello World”-type program).
Items Students Should Bring
Students need to bring a laptop that can run the VirtualBox virtualization software (Windows/Linux/Mac, no Chromebooks). All other necessary material will be provided by GRIMM.
Feb 25 - Mar 1st, 2019
Mon - Fri from 8:30 am - 5:00 pm
Washtenaw Community College; Business Education Building, Ann Arbor, MI
4800 E. Huron River Drive
Ann Arbor, MI 48105 Get directions
Room: BE 160