Abstract: A method for operating a computing device for a control unit of a motor vehicle. The computing device including a processor core, and is configured to control an exchange of data between a connectivity zone and a security zone. The security zone includes at least one component which is necessary to drive the vehicle and has an elevated relevance with regard to safety. The connectivity zone including at least one component whose operation requires communication outside of the vehicle but is not required to drive the vehicle and does not have an elevated relevance with regard to safety. At least one first program executable by the computing device is assigned to a non-trustworthy zone, and at least one further program is assigned to a trustworthy zone. The component of the connectivity zone is assigned to the non-trustworthy zone, and the component of the security zone being assigned to the trustworthy zone.

Abstract: A method for handling an anomaly of data, in particular in a motor vehicle, is provided. At least one sensor obtains data for the anomaly detection. The sensor examines the obtained data for anomalies, and generates an event as a function of the associated data when an anomaly is detected. An event report is generated as a function of the event. The event report includes at least one variable that changes for each event report and/or is cyclically sent.

Abstract: A computer-implemented method. The method includes recognizing the possibility of a manipulation of the software of a first component of a plurality of components of a vehicle electrical system of a vehicle in a central device for mitigating a manipulation of software. The central device for mitigating a manipulation is part of the vehicle electrical system, and is designed to mitigate a manipulation of software in each component of the plurality of components of the vehicle electrical system. The method further includes initiating a countermeasure for mitigating the manipulation of the software of the first component and carrying out the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure includes changing a functionality of the first component and at least partially shifting the functionality of the first component to one or multiple other components of the plurality of components.

Abstract: A method for handling an anomaly of data, in particular in a motor vehicle. At least one sensor obtains data for the anomaly detection. The sensor examines the obtained data for anomalies, and generates an event as a function of the associated data when an anomaly is detected. It is decided whether the event is further processed, in particular stored and/or further communicated, at least in part.

Abstract: A method for operating a computing unit including at least one processor core. The method includes: assigning one or multiple application programs executable by the computing unit to one of at least two zones, the zones characterizing resources of the computing unit, which are usable for an execution of a relevant application program, executing at least one of the application programs as a function of the zone to which it is assigned.

Abstract: A method for operating a computing unit including at least one processor core. The method includes: assigning one or multiple application programs executable by the computing unit to one of at least two zones, the zones characterizing resources of the computing unit, which are usable for an execution of a relevant application program, executing at least one of the application programs as a function of the zone to which it is assigned.

Abstract: A method for processing data stored in a memory unit. The method includes the following steps: ascertaining a randomly or pseudo-randomly formed test pattern, which characterizes at least one first subarea of a memory area of the memory unit, forming, as a function of the test pattern, a test variable associated with data stored in the at least one first subarea.

Abstract: A computer system for providing a plurality of functions for a device, in particular for a vehicle, by separation of a plurality of zones. The computer system has a plurality of system modules configured to provide functions that are differently critical for the operational security of the device. A zone is a logically and/or physically delimitable unit in the computer system. A first zone is more trustworthy than a second, less trustworthy zone. The danger of a manipulation of a more trustworthy zone is less than of a less trustworthy zone. The first zone is assigned a first number of protective mechanisms and the second zone is assigned a second number of protective mechanisms. The first number of protective mechanisms protecting the first zone from manipulation to a greater extent than that to which the second number of protective mechanisms protects the second zone.

Abstract: A computer system for providing a plurality of functions for a device, in particular for a vehicle. The computer system has a plurality of system modules configured to provide functions that are differently critical for the operational security of the device. Each system module or a part of a system module is assigned to one zone of a plurality of zones, a zone being a logically and/or physically delimitable unit in the computer system. A first zone is more trustworthy than a second, less trustworthy zone, the danger of a manipulation of a more trustworthy zone being less than of a less trustworthy zone. A first, more critical function being provided by a system module of the first zone and a less critical function being provided by a system module of the second zone.

Abstract: A method for remote verification of the integrity of a computer program in a computing unit to be checked using a verification unit. The computer program is specified by a reference program code and is in the form of stored program code in the computing unit to be checked. The method includes: selecting, by the verification unit, a pair from a list of pairs in which each pair includes a random character string and a reference check value calculated using a check value function based on the random character string of the pair and the reference program code; transmitting the random character string of the pair to a validation unit; receiving a comparison check value calculated using the check value function based on the transmitted random character string and the stored program code; comparing the received comparison check value to the reference check value of the selected pair.

Abstract: A computer-implemented method. The method comprises analyzing a communication, secured by one or more cryptographic methods, between a first component of a plurality of components of an on-board network of a vehicle and a central device for mitigating a software manipulation. The central device for mitigating a manipulation is part of the on-board network and is designed for software mitigation in each of the plurality of components of the on-board network. The method further comprises identifying the possibility of a manipulation of the software of the first component in the central device for mitigating a software manipulation, based on the analysis of the communication, and initiating a countermeasure to mitigate the manipulation of the software of the first component by way of the central device for mitigating a manipulation.

Abstract: A computer-implemented method for detecting the possibility of a manipulation of the software of a first component of a multiplicity of components of an onboard network of a vehicle in a central device for mitigating a manipulation of software. The central device for mitigating a manipulation is part of the onboard network and configured for the mitigation of software in each of the multiplicity of components of the onboard network. The method includes the initiation of a countermeasure for mitigating the manipulation of the software of the first component by the central device for mitigating a manipulation and the implementation of the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure against the manipulation includes resetting the software of the first component using a security module of the first component and/or an unalterable module of the first component.

Abstract: A computer-implemented method. The method includes recognizing the possibility of a manipulation of the software of a first component of a plurality of components of a vehicle electrical system of a vehicle in a central device for mitigating a manipulation of software. The central device is part of the vehicle electrical system, and mitigates a manipulation of software in each component of the plurality of components. The method further includes initiating a countermeasure for mitigating the manipulation of the software of the first component by the central device; and carrying out the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure for mitigating the manipulation includes a measure for preventing a repetition of the manipulation, which is selected based on an analysis of information concerning data traffic in the vehicle electrical system that took place before the possibility of a manipulation was recognized.

Abstract: A computer-implemented method. The method includes recognizing the possibility of a manipulation of the software of a first component of a plurality of components of a vehicle electrical system of a vehicle, initiating a countermeasure for mitigating the manipulation of the software of the first component, and carrying out the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure includes activating a write lock and/or read lock of a memory of the first component. In some examples, the recognition and the initiation may be carried out in a central device for mitigating a manipulation of software. The central device for mitigating a manipulation is part of the vehicle electrical system and is designed to mitigate a manipulation of software in each component of the plurality of components of the vehicle electrical system.

Abstract: A computer-implemented method. The method includes recognizing the possibility of a manipulation of the software of a first component of a plurality of components of a vehicle electrical system of a vehicle in a central device for mitigating a manipulation of software. The central device for mitigating a manipulation is part of the vehicle electrical system, and is designed to mitigate a manipulation of software in each component of the plurality of components of the vehicle electrical system. The method further includes initiating a countermeasure for mitigating the manipulation of the software of the first component and carrying out the countermeasure for mitigating the manipulation of the software of the first component. The countermeasure includes changing a functionality of the first component and at least partially shifting the functionality of the first component to one or multiple other components of the plurality of components.

Abstract: A method for handling an anomaly of data, in particular in a motor vehicle. At least one sensor obtains data for the anomaly detection. The sensor examines the obtained data for anomalies, and generates an event as a function of the associated data when an anomaly is detected. It is decided whether the event is further processed, in particular stored and/or further communicated, at least in part.

Abstract: A method for handling an anomaly of data, in particular in a motor vehicle, is provided. At least one sensor obtains data for the anomaly detection. The sensor examines the obtained data for anomalies, and generates an event as a function of the associated data when an anomaly is detected. An event report is generated as a function of the event. The event report includes at least one variable that changes for each event report and/or is cyclically sent.

Abstract: A computer-implemented method which identifies the possibility of manipulation of the software of a first component of a plurality of components of an on-board network of a vehicle in a central device for mitigating software manipulation. A central device for mitigating manipulation is designed to mitigate software manipulation in each of the plurality of components in the on-board network. The method includes initiation of a countermeasure for mitigating manipulation of the first component by the central device for detecting and mitigating manipulation.

Abstract: A method for operating a computing device for a control unit of a motor vehicle. The computing device including a processor core, and is configured to control an exchange of data between a connectivity zone and a security zone. The security zone includes at least one component which is necessary to drive the vehicle and has an elevated relevance with regard to safety. The connectivity zone including at least one component whose operation requires communication outside of the vehicle but is not required to drive the vehicle and does not have an elevated relevance with regard to safety. At least one first program executable by the computing device is assigned to a non-trustworthy zone, and at least one further program is assigned to a trustworthy zone. The component of the connectivity zone is assigned to the non-trustworthy zone, and the component of the security zone being assigned to the trustworthy zone.

Abstract: A method for processing data stored in a memory unit. The method includes the following steps: ascertaining a randomly or pseudo-randomly formed test pattern, which characterizes at least one first subarea of a memory area of the memory unit, forming, as a function of the test pattern, a test variable associated with data stored in the at least one first subarea.