Power Architecture Research Collaboration

Power Architecture Research Collaboration

Power Architecture Research Collaboration

The National Motor Freight Traffic Association, Inc. (NMFTA), NXP® Semiconductors and GRIMM, a cybersecurity research firm, recently partnered to conduct an R&D project focused on Power Architecture®, also known as PowerPC®, a technology commonly found in automotive ECUs, to determine its cyber security impact on the heavy vehicle industry. NMFTA commissioned the research project to deliver an open-source software library and/or code enhancements. The research also supported testing validation code and tooling accuracy to perform the necessary regression testing on the NXP-provided devices built on Power Architecture® technology. “Conducting this type of fundamental platform research and making it publicly available will ultimately lead to better and more secure end products,” said Urban Jonson, Chief Technology Officer of NMFTA.

Symboliks view of a PowerPC “prolog function”

About Power Architecture Technology

Power Architecture technology was originally developed by Apple, Intel and Motorola (the AIM alliance) to compete with Intel and Microsoft. However, the AIM coalition eventually disbanded and each company continued with its own development and use cases for Power Architecture.

  • Apple used Power Architecture for the majority of their Mac product line, until switching to Intel in 2006.
  • IBM has used Power Architecture since the 1990’s for their POWER Series of high-end servers (at times known as P-Series).
  • Motorola spun-off Freescale Semiconductor, which then merged with NXP in 2015. Today, NXP offers the broadest portfolio of processors built on Power Architecture technology that enable networks, automotive, consumer and industrial applications.

While Power Architecture usage declined in server, desktop, and laptop applications, NXP SoCs (system-on-a-chip) built on Power Architecture became popular in the automotive and aerospace markets and were frequently incorporated into Heavy Truck ECUs.

Research Project

NMFTA invited NXP Semiconductors to participate in the research project. GRIMM was asked to disassemble and emulate a Power Architecture-based unit and to conduct the testing on the NXP-provided equipment.

Lab setup – testing on a Freescale T424RDB

During the three month project, GRIMM’s Senior Principal Researcher Matt Carpenter and Senior Researcher Aaron Cornelius developed and tested deep-analysis tools for Power Architecture for the purposes of security research on automotive, heavy-vehicle, and aerospace systems. These tools included a Power Architecture disassembler for converting binary code into assembly language, a lightweight system emulator used for virtually executing PowerPC instructions on a simulated computer, and a symbolic analysis tool for programmatically analyzing lists of instructions and their underlying meaning. The tools will help researchers discover vulnerabilities and provide security assistance to truck OEMs and product developers. The tools have been published to https://github.com/vivisect/vivisect for public use. Jonson said, “NMFTA greatly values the work by GRIMM and the strong support from NXP throughout this research project.”

Emulation implementation for the "addis" or "Add Immediate with Shift" instruction.

About NMFTA:

The National Motor Freight Traffic Association, Inc. (NMFTA) is a nonprofit membership organization headquartered in Alexandria, Virginia. Its membership is comprised of motor carriers operating in interstate, intrastate and foreign commerce. NMFTA publishes the National Motor Freight Classification® (NMFC®) and ClassIT®, the online version of the NMFC. NMFTA also assigns the Standard Carrier Alpha Codes (SCAC®) and the Standard Point Location Codes® (SPLC). For more information on NMFTA, the National Motor Freight Classification, SCAC or SPLC, contact us at 800-539-5720, sales@nmfta.org, or visit www.nmfta.org.

About GRIMM:

GRIMM is a forward-looking cybersecurity organization led by industry experts focused on demonstrating the impact of security risks and providing the technical solutions to address and mitigate the critical risks. GRIMM is also a recognized provider of automotive security training and provider of technical and non-technical consulting. GRIMM gives back through strategic partnerships and mentorship programs with educational programs such as the Cyber Truck Challenge and CyberAuto Challenge to groom the next generation of cyber-automotive talent.

For more information about this research contact:

Urban Jonson, NMFTA, Urban.Jonson@nmfta.org

Matthew Carpenter, GRIMM, info@grimm-co.com