Low-level memory in automotive embedded system:
An electronic control unit is a part of the vehicle which is used to control and regulate various functions such as processing the information provided by sensors and actuators.
ECU is always connected to a network and other components through busses and gateways. Sensors are responsible for converting a physical input (e.g. speed, temperature) to electrical signals which can be processed by ECUs. Whereas actuators are devices which convert an electronic signal to motion 3, 7.
ECU hardware is a processor which consist of two kinds of memory i.e. FLASH memory and RAM. The program code which defines the behavior of ECU is stored in FLASH memory. It is reprogrammable and nonvolatile. On the other hand, RAM is a temporary storage that provides better performance.
When a system is enabled, the ECU first executes the bootloader. The bootloader is divided into two separate parts: a primary bootloader (PBL) and a secondary bootloader (SBL).
PBL loads the application software stored in the flash memory. Since PBL is of small memory size (16k) and it cannot be modified after the unit is produced. So it is not suitable to be used for programming or updating data in the flash memory. The SBL is instead used for these purposes. The SBL is downloaded by the primary loader into RAM and is then activated 3, 7.
Fig. ECU hardware memory map
Fig. ECU’s execution modes
Attacks on low-level memory:
ECU Stores the important data required for the functioning of automobile components. Usually memory capacity of ECU is very low and if a software is written in an unsafe programming language like C then it becomes vulnerable to a software-based attack such as buffer overflow.
A malicious user can inject unexpected error into the memory by power shutdown, injecting wrong values etc. These failures might cause corruption of data stored in the memory and hence disturb the integrity of the data. The memory of an ECU is also subjected to offline attacks. We can disassemble the ECU and take away the memory chip using an anti-static mat and a soldering iron. By using an EEPROM reader we can get the complete software image. Now to make sense of the software image, we need to use a disassembler. Hence contents of the memory can be easily read out and it is not secure 3.