Abstract: Disclosed herein are a garbage collection method and apparatus. The garbage collection method includes when an area dynamically allocated through a malloc( ) function or a new operator of a standard C library is deallocated through a free( ) function or a delete operator, inserting the deallocated area into a quarantine list, recording a base address and an end address of each of areas inserted into the quarantine list in a CSR_quarantined_chunks register, finding a physical address of a memory page used by a processor and searching data in the memory page for a value included in a quarantined area of the CSR_quarantined_chunks register, when a value included in the quarantined area is not present, setting a state flag bit of the register to 0, and deleting an area which the state flag bit is 0 from the quarantine list, and inserting the area into a free list.

Abstract: Disclosed herein are an apparatus and method for processing vehicle data security based on a cloud.

Abstract: Disclosed herein are a dynamic memory management apparatus and method and a computer-readable storage medium for the same. The dynamic memory management method includes defining a shadow area mapped to a memory area, setting a coloring value in the shadow area, and permitting or denying access to the memory area based on the coloring value when accessing the memory area.

Abstract: Disclosed herein is a method for securing an indirect function call according to an embodiment of the present invention. The method may include searching for an instruction that indirectly calls a function in intermediate representation code, calculating the number of functions that have to be allowed to be indirectly called based on the found instruction, identifying the address of a function loaded at the N-th lowest address arbitrarily set in advance, among the functions, the number of which is calculated, identifying indexes for selecting callee functions to be indirectly called based on the found instruction, determining whether to allow the function to be called using the identified indexes, and determining, when the function is allowed to be called, whether to allow the function to be called using the address of a callee function, the memory address of which is N-th lowest, among the callee functions.

Abstract: An electronic device includes a peripheral device, a processor, an interrupt controller configured to manage interrupts generated by the peripheral device and the processor on the basis of a register, and a virtualizer, wherein the virtualizer may be configured to virtualize a portion of the processor and a portion of the at least one peripheral device to generate a first partition, generate first interrupt information corresponding to an interrupt usable in the first partition, generate first processor information corresponding to a portion of the processor usable in the first partition, check whether a configuration of the register is related to at least one of the first interrupt information and the first processor information when the register is configured by the first partition, and allow the configuration of the register when the configuration of the register is related to the at least one information.

Abstract: Disclosed herein are an in-vehicle network apparatus and method. The in-vehicle network apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to verify the integrity of software stored in advance in the executable memory, to generate a key table by sharing authentication information with a communication target, and to exchange an encrypted message with the communication target using the key table.

Abstract: Disclosed herein are a method for managing an access control list based on an automotive Ethernet and an apparatus for the same. The method includes analyzing a new access control rule that is input to a vehicle in which the automotive Ethernet is applied, searching for any one target unit to manage the new access control rule in consideration of at least one of a destination and an application target corresponding to the new access control rule, and storing the new access control rule by transmitting a storage request message corresponding to the new access control rule to the target unit.

Abstract: Disclosed is a system for performing key management of an in-vehicle network. The key management system of the in-vehicle network includes a reception unit configured to receive a shared secret key of a central gateway and a domain gateway, a memory configured to store a program for performing key management of the in-vehicle network using the shared secret key, and a processor configured to execute the program. The processor generates a secret key to be stored in a node of the in-vehicle network using the shared secret key and a unique ID of the node.

Abstract: Disclosed are an apparatus and method for communicating data in an in-vehicle network. The method, performed by apparatuses for communicating data on a transmission side and a reception side, includes determining, by the apparatus on the transmission side, whether data collected from the in-vehicle network is changed; creating, by the apparatus on the transmission side, an authentication value based on the determination as to whether the data is changed, creating a message including the data and the authentication value and transmitting the message to the apparatus on the reception side; receiving, by the apparatus on the reception side, the message; creating, by the apparatus on the reception side, a verification value using data extracted from the message; and verifying, by the apparatus on the reception side, the integrity of the apparatus on the transmission side by comparing the authentication value extracted from the message with the verification value.

Abstract: Disclosed herein are an apparatus and method for processing vehicle data security based on a cloud.

Abstract: Disclosed herein are a lightweight intrusion detection method and apparatus for a vehicle network. The lightweight intrusion detection method may include collecting Ethernet packets from a domain gateway of a vehicle that provides a mirroring port, performing a primary intrusion detection check on the Ethernet packets using a rule-based intrusion detection technique, and performing a secondary intrusion detection check on the Ethernet packets using a machine learning-based intrusion detection technique when no intrusion attack is detected as a result of the primary intrusion detection check.

Abstract: Disclosed herein are a method for managing an access control list based on an automotive Ethernet and an apparatus for the same. The method includes analyzing a new access control rule that is input to a vehicle in which the automotive Ethernet is applied, searching for any one target unit to manage the new access control rule in consideration of at least one of a destination and an application target corresponding to the new access control rule, and storing the new access control rule by transmitting a storage request message corresponding to the new access control rule to the target unit.

Abstract: Disclosed herein are a method for replacing vehicle parts using an in-vehicle network based on an automotive Ethernet and a system for the same. The method is configured such that a vehicle diagnosis module included in a vehicle performs vehicle self-diagnosis, such that the vehicle and a vehicle manufacturer server perform an authentication process for a new part when a vehicle part is replaced based on a vehicle part replacement agreement procedure between the terminal of a vehicle owner and the maintenance terminal of a vehicle maintenance company, and such that the terminal of the vehicle owner checks whether replacement of the vehicle part is performed normally by requesting an integrity check result from each of the vehicle and the vehicle manufacturer server when the maintenance terminal transmits a part replacement completion message to the terminal of the vehicle owner after completion of the authentication process.

Abstract: An electronic device includes a peripheral device, a processor, an interrupt controller configured to manage interrupts generated by the peripheral device and the processor on the basis of a register, and a virtualizer, wherein the virtualizer may be configured to virtualize a portion of the processor and a portion of the at least one peripheral device to generate a first partition, generate first interrupt information corresponding to an interrupt usable in the first partition, generate first processor information corresponding to a portion of the processor usable in the first partition, check whether a configuration of the register is related to at least one of the first interrupt information and the first processor information when the register is configured by the first partition, and allow the configuration of the register when the configuration of the register is related to the at least one information.

Abstract: Disclosed herein are an in-vehicle network apparatus and method. The in-vehicle network apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to verify the integrity of software stored in advance in the executable memory, to generate a key table by sharing authentication information with a communication target, and to exchange an encrypted message with the communication target using the key table.

Abstract: An apparatus and method for managing meter data. The apparatus for managing meter data includes a metering unit for acquiring meter data from a target device based on time information; a communication unit for receiving a message including the time information from a server device and transmitting the meter data to the server device; and a security unit for creating a private key using the time information and encrypting the meter data using the private key.

Abstract: Disclosed herein are a method and apparatus for randomizing the address space layout of an embedded system based on hardware. The method is configured such that the hardware loader of the embedded system randomly arranges the respective address regions of multiple peripheral devices and memory using a random number each time a program is loaded, such that the respective random start addresses of the multiple peripheral devices and the memory, which are set based on the randomly arranged address regions, are recorded in an address table, and such that program code loaded into the memory is reengineered based on the address table so as to match the randomly arranged address regions.

Abstract: Disclosed is a system for performing key management of an in-vehicle network. The key management system of the in-vehicle network includes a reception unit configured to receive a shared secret key of a central gateway and a domain gateway, a memory configured to store a program for performing key management of the in-vehicle network using the shared secret key, and a processor configured to execute the program. The processor generates a secret key to be stored in a node of the in-vehicle network using the shared secret key and a unique ID of the node.

Abstract: A transmission method of a domain gateway over a vehicle network based on automotive Ethernet includes receiving, by a domain gateway of a first domain, transmission data on a CAN packet basis from a transmitting-side ECU; transmitting, by the domain gateway of the first domain, the transmission on an Ethernet packet basis to a domain gateway of a second domain; and transmitting, by the domain gateway of the second domain, the transmission data on a CAN packet basis to a receiving-side ECU. The CAN packet includes a CAN ID field, and the CAN ID field includes a CAN message section and an authentication section.

Abstract: Disclosed herein is an apparatus for supporting authentication between devices, which includes a certificate information storage unit for storing certificate data of a first terminal for managing a certificate; a communication unit for receiving a request for a certificate of the first terminal, which uses a signature value and certificate-related information corresponding to the first terminal, from a second terminal and returning information corresponding to a valid certificate of the first terminal to the second terminal in order to enable the second terminal to authenticate the first terminal; and a certificate verification unit for verifying whether a certificate of the first terminal is valid.