The ever-increasing complexity of automotive platforms combined with the introduction of commercial off-the-shelf software components (e.g., for the entertainment system) creates multiple attack vectors that adversaries can leverage to attack the platform. Traditional analysis techniques have difficulty dealing with such complex environments, especially considering the need for low-cost solutions. Hence, we propose in this paper to turn the logic around, and instead of trying to discover all possible vulnerabilities, we monitor the execution of a software system to ensure that it does not deviate from its nominal profile. In this paper, we demonstrate a technique for creating a state model mapping the execution of a system, and then by observing its interaction with the runtime environment through its invocation of various library functions, we can ensure that off-nominal behavior can be detected and acted upon. The valuation results provide further evidence of the wrapper mechanism's effectiveness and highlight its potential to enhance security while minimizing the impact on performance.

This work is supported by the following European Union-funded projects: a) JCOP (Agreement No.: INEA/CE- F/ICT/A2020/2373266), b) CyberSecPro (Agreement No.: 101083594), c) SecOPERA (Agreement No.: 101070599) and d) CyberSecDome (Agreement No.: 101120779).