Carwall — Autonomous Security for Autonomous and Connected Cars

Vehicle software consists of tens of millions of lines of code. Software of this scale, in any system, includes hundreds to thousands of undiscovered security bugs. These security bugs are the hackers’ gateways into the connected car, and their stepping stone to access critical systems.

What if you could automatically ensure that these security bugs can't be exploited?

Introducing Carwall — the automotive industry’s first Autonomous Security solution!

Carwall hardens the ECU's software runtime environment to detect and prevent all attempted attacks. Carwall doesn't fix the security bugs in your code; it prevents their exploitation by permitting only operations that comply with your ECU's factory settings to run.

Carwall seamlessly integrates into your software development environment and automatically seals your software against cyber attacks. Its lightweight, embedded software contains multiple security layers, which:

  • Validate in-memory functional flows to avoid in-memory attacks
  • Inspect and enforce programs so they load according to factory settings
  • Control ECU Internet connectivity to avoid architectural flaws
  • Control input from external devices to eliminate malware implants by a peripheral device

Protects Against In-Memory Attacks

Hardening against in-memory attacks. Everybody wants it. Carwall provides it.

When Carwall automatically generates an ECU's security policy, based on its factory settings, it creates a call graph mapping all acceptable calling relationships. Based on the ECU's unique call graph, Carwall inspects binaries in runtime to determine if they've been hijacked from their expected, factory-based, calling sequence and if so, blocks the exploit attempt.

Carwall checks every function call made in real time, to see whether the call complies with a path mapped out in the factory settings. When a hacker makes an in-memory attack to manipulate a process, that process is necessarily now outside the call graph. Carwall runs its check, sees the noncompliance, and stops the call.

In-Memory Attack Incident

Only Authorized Code Allowed

ECUs are hardened against foreign intrusions. Any code or function call that isn't part of the factory settings is detected and prevented. Carwall automatically generates a whitelist of all the programs and scripts that are permitted, which is used to stop the loading of any application not on the whitelist.

Whitelist enforcement bars hackers from exploiting vulnerabilities to drop malware into the ECU's flash storage. As soon as the malware attempts to run, it's tagged as a mismatch to the whitelist and stopped.

Blocked Attack Report

Automatic Policy Generation

Vendors want their development teams focused on functionality: safety components, driver comfort and value-add features. Carwall becomes part of the developer’s software build environment. The factory-settings-based security policy is autonomously generated during the ECU’s software build process and gets embedded back into the ECU’s code.

When creating the image of the ECU code, which should go to production, Carwall is automatically installed into the ECU’s operating system where it functions autonomously.

No developer resources or expertise is required to implement Carwall security on the ECU.

Carwall Management Console shows the automatically generated policy and allows policy customization when needed.

Automatic Policy Generation

Runtime Protection and Incident Reports

Carwall monitors all code execution, making decisions whether to block or execute code in runtime and without having to query the cloud. As an autonomous security solution, Carwall makes security decisions on the ECU.

When a hacker tries to run foreign code or attack functions in memory, Carwall detects and blocks the attack attempt. It also reports the attempt with all the relevant contextual information. The result is attack prevention with forensics data that pinpoints the vulnerability and enables fast response time and fixes.

Negligible Performance Impact

Carwall suite was built with performance in mind. Running the ECU's customized security policy generated by Carwall uses a scant 1%-2% of additional CPU resources. No hardware upgrades or software changes are needed to deploy Carwall on an ECU.

Operating System Agnostic

Any ECU's operating system can support Carwall. It doesn’t even need an OS, Carwall runs on schedulers too. Whatever ECU needs to be protected, Carwall protects it.

Operating System Agnostic

Get Karamba Security’s Technology Whitepaper