Current In-Vehicle Networks (IVNs) connect Electronic Control Units (ECUs) via domain busses. A gateway forwards messages between these domains. Automotive Ethernet emerges as a flat, high-speed backbone technology for IVNs that carries the various control flows within Ethernet frames. Recently, Software-Defined-Networking (SDN) has been identified as a useful building block of the vehicular domain, as it allows the differentiation of packets based on all header fields and thus can isolate unrelated control flows. In this work, we systematically explore the different strategies for integrating automotive control flows in switched Ether-networks and analyze their security impact for a software-defined IVN. We discuss how control flow identifiers can be embedded on different layers resulting in a range of solutions from fully exposed embedding to deep encapsulation. We evaluate these strategies in a realistic IVN based on the communication matrix of a production grade vehicle, which we map into a modern Ethernet topology. We find that visibility of automotive control flows within packet headers is essential for the network infrastructure to enable isolation and access control. With an exposed embedding, the SDN backbone can establish and survey trust zones within the IVN and largely reduce the attack surface of connected cars. An exposed embedding strategy also minimizes communication expenses.

翻译：目前Vethernet (IVNs) 通过域内公交车连接电子控制单位(ECUs) 。 在这两个域间,我们系统地探索了将汽车控制流动纳入转换的Ether网络的不同战略,并分析其对于软件定义的IVN的安全影响。我们讨论如何将控制流动识别器嵌入不同的层层,从而产生一系列解决方案,从完全暴露到深封封封中。我们根据生产级车辆的通信矩阵,在现实的IVN中评估这些战略,我们将其映射成现代的Ethernet表层。我们发现,将汽车控制流动在最小化的Ether-网络内,对于最小化的网络基础设施,实现隔离和进入安全影响至为关键。我们讨论了控制流动识别器如何嵌入不同层,导致从完全暴露到深封封封封的解决方案。我们用生产级车辆的通信矩阵对这些战略进行了评估,我们将其映射成现代的Ethernet表层。我们发现,在软件头顶部内部的可见度对于最小化控制流动对于最小化的网络基础设施至关重要,对于能够实现隔离和访问控制状态,从而大大降低对软件定义的IV的地面安全。我们也可以建立对暴露的SDlave 。