Abstract: In various embodiments, methods, systems, and vehicle apparatuses are provided. A method for determining a trusted context of operation by an in-vehicle Network Intrusion Detection System (NIDS) for learning of a vehicle platform, including executing the NIDS to monitor a set of Electronic Control Units (ECUs) and vehicle state elements by receiving a set of vehicle derived inputs about a vehicle's operating state; in response to a determination about the vehicle's operating state, identifying the trusted window during which learning about network topology and whitelisted messages contained in a vehicle platform is allowable; creating a vehicle-specific configuration containing a list of networks of topologies and whitelisted messages in use by the ECUs in the vehicle platform, and preventing misconfiguring of at least one network in the list of network topologies and whitelisted messages of the vehicle-specific configuration in the vehicle platform outside the trusted window.

Abstract: A method for securing an electronic control unit (ECU). The method may include generating a granular security control adjustment authorization ticket (G-SCAAT) for securing the ECU according to a plurality of security parameters determined based on to a role selected for a corresponding user. The G-SCAAT may include security values to be used in controlling the ECU to operate according to the security parameters.

Abstract: A method for securing an electronic control unit (ECU). The method may include generating a granular security control adjustment authorization ticket (G-SCAAT) for securing the ECU according to a plurality of security parameters determined based on to a role selected for a corresponding user. The G-SCAAT may include security values to be used in controlling the ECU to operate according to the security parameters.

Abstract: A method for performance tuning an electronic control unit (ECU). The performance tuning may include determining one or more tunable values stored on a tunable implementation memory of the ECU to specify tunable calibration data for one or more tunable calibration parameters selected for performance tuning and controlling an application software of the ECU to execute according to the tunable calibration data.

Abstract: A vehicle system comprising a plurality of subsystems, each of the plurality of subsystems configured to perform at least a portion of at least one of a plurality of functions. The plurality of functions are organized in a hierarchy of functions including complex higher order functions and simpler lower order functions. The vehicle system further comprises an advanced computing module configured to control the plurality of subsystems in order to perform a higher order function and a lower order function that supports the higher order function. The advanced computing module comprises software instructions including a first gate point. The first gate point may be activated to prevent the advanced computing module from performing the higher order function.

Abstract: In various embodiments, methods, systems, and vehicle apparatuses are provided. A method for determining a trusted context of operation by an in-vehicle Network Intrusion Detection System (NIDS) for learning of a vehicle platform, including executing the NIDS to monitor a set of Electronic Control Units (ECUs) and vehicle state elements by receiving a set of vehicle derived inputs about a vehicle's operating state; in response to a determination about the vehicle's operating state, identifying the trusted window during which learning about network topology and whitelisted messages contained in a vehicle platform is allowable; creating a vehicle-specific configuration containing a list of networks of topologies and whitelisted messages in use by the ECUs in the vehicle platform, and preventing misconfiguring of at least one network in the list of network topologies and whitelisted messages of the vehicle-specific configuration in the vehicle platform outside the trusted window.

Abstract: A vehicle system comprising a plurality of subsystems, each of the plurality of subsystems configured to perform at least a portion of at least one of a plurality of functions. The plurality of functions are organized in a hierarchy of functions including complex higher order functions and simpler lower order functions. The vehicle system further comprises an advanced computing module configured to control the plurality of subsystems in order to perform a higher order function and a lower order function that supports the higher order function. The advanced computing module comprises software instructions including a first gate point. The first gate point may be activated to prevent the advanced computing module from performing the higher order function.

Abstract: A vehicle control module is provided and includes a hybrid memory and a processor. The hybrid memory includes: application memory that stores application code; boot memory that stores a first RMTS code, where the first RMTS code includes first risk functions; and ETM that temporarily stores a second RMTS code. The second RMTS code includes second risk functions. The processor: based on an operating mode of the vehicle control module, executes the application, first RMTS and second RMTS codes; erases the ETM prior to installation of the vehicle control module in a vehicle or delivery of the vehicle; and based on the first RMTS code, permits execution of the first RMTS code prior to and subsequent to installation of the vehicle control module in the vehicle and the second RMTS code prior to installation of the vehicle control module in the vehicle or delivery of the vehicle.

Abstract: A system for in-vehicle network intrusion detection includes a microcontroller having first and second cores and memory. The first core may be configured to obtain one or more network messages from one or more communication buses of a vehicle describing one or more events associated with the vehicle. The memory may be configured to store the one or more network messages obtained by the first core. The second core may be configured to: (i) read the one or more network messages from the memory; (ii) detect whether at least some of the one or more events constitute an anomaly based on predefined rules; (iii) generate one or more resident incident logs including metadata associated with one or more detected anomalous events based on the detected anomaly event data; and (iv) generate one or more transmitted incident logs based on the one or more resident incident logs.

Abstract: A system for in-vehicle network intrusion detection includes: (i) an anomaly detection module configured to obtain one or more network messages from one or more communication buses of a vehicle describing one or more events associated with the vehicle and detect whether at least some of the one or more events constitute an anomaly based on predefined rules to provide detected anomaly event data; (ii) a resident log generation module configured to generate one or more resident incident logs based on the detected anomaly event data, wherein the one or more resident incident logs comprise metadata associated with one or more detected anomalous events; and (iii) a transmitted log generation module configured to generate one or more transmitted incident logs based on the one or more resident incident logs, wherein each of the one or more transmitted incident logs corresponds to a resident incident log.

Abstract: A system for providing privileged access to an internal vehicle communication network is provided. The system includes a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks, a security system configured to enable access to the presentation network bus by verifying access credentials, and a diagnostic service system configured to control access to the presentation network bus. The diagnostic service system is configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network busses for listen-only access to the subset of the in-vehicle networks. The presentation network busses may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network busses be enabled.

Abstract: A vehicle control module is provided and includes a hybrid memory and a processor. The hybrid memory includes: application memory that stores application code; boot memory that stores a first RMTS code, where the first RMTS code includes first risk functions; and ETM that temporarily stores a second RMTS code. The second RMTS code includes second risk functions. The processor: based on an operating mode of the vehicle control module, executes the application, first RMTS and second RMTS codes; erases the ETM prior to installation of the vehicle control module in a vehicle or delivery of the vehicle; and based on the first RMTS code, permits execution of the first RMTS code prior to and subsequent to installation of the vehicle control module in the vehicle and the second RMTS code prior to installation of the vehicle control module in the vehicle or delivery of the vehicle.

Abstract: A communication network implements a Universal Measurement and Calibration Protocol (XCP) policy. The communication network includes a plurality of nodes, each of the nodes being operably connected to a bus to send and to receive data communications to and from others of the plurality of nodes. Certain of the data communications include a Universal Measurement and Calibration Protocol (XCP) identifier indicating the presence of XCP protocol within the data frame. At least one of the nodes is configured to mitigate identified XCP protocol in accordance with the policy.

Abstract: A system for in-vehicle network intrusion detection includes: (i) an anomaly detection module configured to obtain one or more network messages from one or more communication buses of a vehicle describing one or more events associated with the vehicle and detect whether at least some of the one or more events constitute an anomaly based on predefined rules to provide detected anomaly event data; (ii) a resident log generation module configured to generate one or more resident incident logs based on the detected anomaly event data, wherein the one or more resident incident logs comprise metadata associated with one or more detected anomalous events; and (iii) a transmitted log generation module configured to generate one or more transmitted incident logs based on the one or more resident incident logs, wherein each of the one or more transmitted incident logs corresponds to a resident incident log.

Abstract: A system for in-vehicle network intrusion detection includes a microcontroller having first and second cores and memory. The first core may be configured to obtain one or more network messages from one or more communication buses of a vehicle describing one or more events associated with the vehicle. The memory may be configured to store the one or more network messages obtained by the first core. The second core may be configured to: (i) read the one or more network messages from the memory; (ii) detect whether at least some of the one or more events constitute an anomaly based on predefined rules; (iii) generate one or more resident incident logs including metadata associated with one or more detected anomalous events based on the detected anomaly event data; and (iv) generate one or more transmitted incident logs based on the one or more resident incident logs.

Abstract: A communication network implements a Universal Measurement and Calibration Protocol (XCP) policy. The communication network includes a plurality of nodes, each of the nodes being operably connected to a bus to send and to receive data communications to and from others of the plurality of nodes. Certain of the data communications include a Universal Measurement and Calibration Protocol (XCP) identifier indicating the presence of XCP protocol within the data frame. At least one of the nodes is configured to mitigate identified XCP protocol in accordance with the policy.

Abstract: A system for providing privileged access to an internal vehicle communication network is provided. The system includes a presentation network bus configured to provide listen-only access to a subset of in-vehicle networks, a security system configured to enable access to the presentation network bus by verifying access credentials, and a diagnostic service system configured to control access to the presentation network bus. The diagnostic service system is configured to receive a diagnostic service request after the access credentials have been verified to enable the presentation network busses for listen-only access to the subset of the in-vehicle networks. The presentation network busses may be enabled for the listen-only access after credential verification by the security system and in response to receipt of a diagnostic service request from the diagnostic service system requesting that the presentation network busses be enabled.

Abstract: A system and method of regulating data communications between a vehicle electronics system and a computing device includes: communicatively linking a first data port of an isolation device with the vehicle electronics system; communicatively linking a second data port of the isolation device with the computing device; receiving data at the isolation device sent between the computing device and the vehicle electronics system; and permitting the data to pass through the isolation device based on the identity of the computing device, the rate at which the data passes through the isolation device, or the content of the data.

Abstract: A system and method of responding to unauthorized electronic access to a vehicle includes: receiving data indicating unauthorized electronic access to electronic hardware in the vehicle; initiating an electronic hardware countermeasure in response to the unauthorized electronic access; generating a command set that instructs at least a portion of the electronic hardware to implement the electronic hardware countermeasure; and communicating the command set to the portion of the electronic hardware.

Abstract: A system and method of regulating data communications between a vehicle electronics system and a computing device includes: communicatively linking a first data port of an isolation device with the vehicle electronics system; communicatively linking a second data port of the isolation device with the computing device; receiving data at the isolation device sent between the computing device and the vehicle electronics system; and permitting the data to pass through the isolation device based on the identity of the computing device, the rate at which the data passes through the isolation device, or the content of the data.