Li Yufeng, director of the Department of Network Safety, Shanghai University: The problem of vulnerabilities has become a public harm in the intelligent network car industry. It is urgent to improve the "immunity" to deal with unknown threats

Southern Finance All Media Reporter Wu Liyang Intern Qiu Shuang Beijing report

Recently, 2022 China (Yizhuang) Intelligent Connected Automobile Technology Week was held in Beijing Yinkin International Convention and Exhibition Center. On August 3, in order to prevent the safety of automobile data and ensure the reasonable and effective use of automotive data in accordance with the law, the National Intelligent Connected Automobile Innovation Center and the China Automobile Engineering Society jointly organized a special branch of the "Intelligent Connected Automobile Network Security and Data Security Forum".

At the meeting, Li Yufeng, a professor at Shanghai University and the coordinated innovation director of Shanghai Intelligent Connected Automobile Network Security Industry, gave a keynote speech on the "Intelligent Connected Automobile Endogenic Safety Problems and Coppering Technology".

Regarding the safety problem of the endowment of intelligent connected cars, Li Yufeng pointed out that under the new trend of "software definition cars", the code of some smart cars has exceeded 200 million lines. Once, the software was only part of the car. Now, the software is gradually determining that the car’s car is gradually determining the car’s. Function and value.

However, on the other hand, the number of bugs in intelligent connected cars is amazing, which is also the source of the endogenous problem of connected cars. The hidden bug may be excavated by an attacker to form vulnerabilities, and vulnerabilities can be used to launch network attacks. Even more severe, unknown network attacks based on unknown vulnerabilities can make classic firewalls, IDS and other defensive technologies unable to carry out particularly effective defense due to lack of "priority knowledge".

Li Yufeng pointed out that in addition to improper design, there are also people who deliberately set up the back door in the software and hardware. In the era of globalization, it is difficult for cars to recommend completely self -sufficient supply chains. Most of the software and hardware of the OEMs are provided by dozens of suppliers, and most of these suppliers provide them to the host factory. In the box ", the OEMs know very little about endogenous security problems such as the vulnerability in the code, which increases difficulty to the safety defense of intelligent connected cars.

Li Yufeng emphasized that the vulnerability problem has become the "public harm" of the industry. The network attack launched by hackers in the information space uses the vulnerability back door can not only cause serious harm to the personal and environment in the physical space in the physical space.

In addition, the hazards of physical space will in turn affect the network defense capabilities of the information space, and make the attack effect appear to have a high -level effect. Therefore, the endogenous security problem of intelligent connected cars is the process of physical space, information space and functional security, network security intertwined, and feedback. reason.

Speaking of the current network defense technology, Li Yifeng believes that the lack of endogenous "congenital immunity" capabilities that can effectively respond to the threat of "unknown" is one of the biggest challenges of the current network vertical defense system in the car. Taking people's systemic immune lines as an example, the first line of defense is physical barriers such as skin and sweat, blocking the invasion of the virus. The second line of defense is human congenital immunity. It can cope with various "unknown" viruses. The line of defense is immune to the day after tomorrow. After a human body is infected with a virus or injection of vaccines, antibodies for this specific virus will be produced, that is, the daytime immunity. Moreover, the system of stimulating and immune enhancement between the second and third line of defense. On the other hand, many network security defense plans in the automotive industry are obviously lacking in the second line of defense similar to humans, so it is difficult to produce a systematic defense effect.

Based on the above issues, Professor Li Yufeng introduced his team's innovative exploration in endogenous safety technology.

The first is to develop endogenous security ADAS control systems. The principle is to introduce dynamic mechanisms based on the DRS structure, so that the system has both high reliability and high credibility. At the fourth strong network Arabia defense international elite challenge held by Zijin Mountain Labs in 2021, the system has withstood more than 500,000 attacks launched by 48 elite teams within 72 hours.

The second is to develop endogenous security T-BOX systems that can effectively resist unknown vulnerabilities and unknown backdoor attacks against T-BOX. It is expected that the information interaction of the inner network and the outside of the car has a more trusted safe fortress. It further stated that in the fifth competition this year, it is also expected that more colleagues have contributed to testing and improving the security level of endogenous security T-BOX.

- END -