A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

Size: px
Start display at page:

Download "A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG"

Transcription

1 A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG SYSGO AG 1

2 Secure Software Update Unified Diagnostic Services DiagnosticsSessionControl (0x10) SYSGO AG 2

3 Secure Software Update SYSGO AG 3

4 Secure Software Update SYSGO AG 4

5 Secure Software Update SYSGO AG 5

6 Secure Software Update on Mixed-Criticality ECUs Consolidation of Vehicular Functions Characteristics Multiple security domains Multiple safety levels ADAS, Diagnosis Navigation Media Player Requires different runtime environments Autosar POSIX Map Data Android e.g. AUTOSAR, Linux (Genivi, Yocto) System on Chip Consolidation Challenge: Sharing of Resources e.g. memory, time, devices, cores.. SYSGO AG 6

7 Secure Software Update on Mixed-Criticality ECUs Consolidation of Vehicular Functions Solution: Separation Kernel 1. Spatial Separation 2. Temporal Separation ADAS, Diagnosis Navigation Map Data Media Player 3. Secure Communication Channels Autosar POSIX Android Partitions/Containers with controlled information flow PikeOS Separation Kernel System on Chip SYSGO AG 7

8 Secure Software Update on Mixed-Criticality ECUs ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 8

9 Secure Software Update on Mixed-Criticality ECUs Agenda Software Update use-cases Secure Update architecture based on Separation Kernel Mapping of Security and Safety functionality ADAS, Diagnosis Navigation Map Data Media Player Design decisions Certification perspective Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 9

10 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 10

11 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 11

12 Secure Software Update on Mixed-Criticality ECUs Use cases 1. Platform Update 2. Partition Update 3. Application Update ADAS, Diagnosis Navigation Media Player Map Data Autosar POSIX Android PikeOS Separation Kernel System on Chip SYSGO AG 12

13 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity SYSGO AG 13

14 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 14

15 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 15

16 Secure Update: Security Requirements Req 1: Secure and Authenticated Communication + Client-Server Authentication + Encrypted Channel + Message Integrity TLSv1.2 using OpenSSL TPM for client key storage and random number generation SYSGO AG 16

17 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting + Before providing the update, UpdateServer needs to verify that the ECU is not tampered Implemented using two approaches towards booting the system 1. Secure Boot 2. Measured Boot SYSGO AG 17

18 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting Secure Boot Measured Boot SYSGO AG 18

19 Secure Update: Security Requirements Req 2: Integrity Measurement and Reporting Secure Boot Measured Boot SYSGO AG 19

20 Secure Update: Security Requirements Req 3: Secure Sharing of GUI Why: User consent is taken before the update using the GUI that is shared with a vulnerable application UI can be DoSed/Hijacked by a compromised Android App SYSGO AG 20

21 Secure Update: Security Requirements Req 3: Secure Sharing of GUI How: Partitioning of Graphics and Touchscreen device by a trusted component SYSGO AG 21

22 Secure Update: Safety Functionality + Global and ECU state management + Interference free update process with guaranteed access to resources + Error handling and recovery + Reprogramming Implemented in UpdateManager Partition with highest privileges SYSGO AG 22

23 Secure Update: Sequence Diagram 0. Initiate Update SYSGO AG 24

24 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel SYSGO AG 25

25 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting SYSGO AG 26

26 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent SYSGO AG 27

27 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent 5. Integrity Checking SYSGO AG 28

28 Secure Update: Sequence Diagram 0. Initiate Update 1. Establish Secure Channel 2. Integrity Reporting 3. State Management 4. User Consent 5. Integrity Checking 6. Reprogramming 7. Partition Restart 8. Acknowledgement SYSGO AG 29

29 Secure Update: Design with Least Privileges Components implemented as Separated Partitions Partitions given the minimum privileges required for the functioning (resources, communication rights,.. ) SYSGO AG 30

30 Secure Update: Design with Least Privileges Components implemented as Separated Partitions Partitions given the minimum privileges required for the functioning (resources, communication rights,.. ) Privacy Fault containment SYSGO AG 31

31 Secure Update: Separation of Concerns - Safety and Security Security functions UpdateDownloader Safety functions UpdateManager User partition with minimum privileges required Uses large libraries (e.g. OpenSSL, TrouSerS) and runtime environment (Linux) Only certified for Security Vulnerabilities may exist System partition with highest privileges Native PikeOS application with small codebase Certified for Safety at the highest level High probability of being error free Reduced attack surface Multiple independent security checks ( Defense-in-depth ) Fault containment Reduced Certification Costs SYSGO AG 32

32 Secure Update: Certification Perspective For a Common Criteria certified product, Secure Update is a part in the process (flaw remediation component ALC_FLR.3) to stay certified Independent update of separated domains, e.g. applying Hot-fixes, without affecting other partitions Independent update of separated domains without the need of costly recertification of the whole product SYSGO AG 33

33 Secure Update: Take Home Messages Software Update process for mixed-critical consolidated system shall satisfy certain special requirements e.g. secure sharing of GUI A good architecture will have separated safety and security functionality A partitioned system provides security by design that enables reducing the recertification costs safe deployment of Hot-fixes SYSGO AG 34

34 Thank you for your attention! Questions? SYSGO AG 35

Using a Certified Hypervisor to Secure V2X communication

Using a Certified Hypervisor to Secure V2X communication SYSGO AG PUBLIC 1 Using a Certified Hypervisor to Secure V2X communication Author(s): Date: Version Chris Berg 08/05/2017 v1.1 SYSGO AG PUBLIC 2 Protecting Assets People started protecting their assets

More information

Safety and Security for Automotive using Microkernel Technology

Safety and Security for Automotive using Microkernel Technology Informationstag "Das Automobil als IT-Sicherheitsfall" Berlin, 11.05.2012 Safety and Security for Automotive using Microkernel Technology Dr.-Ing. Matthias Gerlach OpenSynergy TwoBirds withonestone Safety

More information

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project

ViryaOS RFC: Secure Containers for Embedded and IoT. A proposal for a new Xen Project sub-project ViryaOS RFC: Secure Containers for Embedded and IoT A proposal for a new Xen Project sub-project Stefano Stabellini @stabellinist The problem Package applications for the target Contain all dependencies

More information

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public Franz Walkembach for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public 2018-04-19 1 What you can expect Quick introduction of SYSGO AG What are the market trends for hypervisor? Market size and main

More information

Security: The Key to Affordable Unmanned Aircraft Systems

Security: The Key to Affordable Unmanned Aircraft Systems AN INTEL COMPANY Security: The Key to Affordable Unmanned Aircraft Systems By Alex Wilson, Director of Business Development, Aerospace and Defense WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY

More information

10 th AUTOSAR Open Conference

10 th AUTOSAR Open Conference 10 th AUTOSAR Open Conference Dr. Moritz Neukirchner Elektrobit Automotive GmbH Building Performance ECUs with Adaptive AUTOSAR AUTOSAR Nov-2017 Major market trends and their impact Trends Impact on E/E

More information

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018 Scalable and Flexible Software Platforms for High-Performance ECUs Christoph Dietachmayr Sr. Engineering Manager, November 8, Agenda A New E/E Architectures and High-Performance ECUs B Non-Functional Aspects:

More information

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC W I N D R I V E R H E L I X C H A S S I S SIMPLIFYING THE WIND RIVER HELIX CHASSIS Helix Chassis brings together software, technologies, tools, and services to help automotive manufacturers unify, simplify,

More information

Autonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma

Autonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why

More information

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM 1 SRIFY: A COMPOSITIONAL APPROACH OF BUILDING SRITY VERIFIED SYSTEM Liu Yang, Associate Professor, NTU SG-CRC 2018 28 March 2018 2 Securify Approach Compositional Security Reasoning with Untrusted Components

More information

Secure automotive on-board networks

Secure automotive on-board networks Secure automotive on-board networks Basis for secure vehicle-to-x communication Dr.-Ing. Olaf Henniger Fraunhofer SIT / Darmstadt 2 December 2010 Presentation overview EVITA project overview Security challenges

More information

Trusted Platform Modules Automotive applications and differentiation from HSM

Trusted Platform Modules Automotive applications and differentiation from HSM Trusted Platform Modules Automotive applications and differentiation from HSM Cyber Security Symposium 2017, Stuttgart Martin Brunner, Infineon Technologies Axiom: Whatever is connected can (and will)

More information

Security and Performance Benefits of Virtualization

Security and Performance Benefits of Virtualization Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered

More information

BlackBerry UEM + Samsung Knox

BlackBerry UEM + Samsung Knox Datasheet BlackBerry UEM + Samsung Knox Comprehensive EMM Management + Together, Samsung and BlackBerry secure and enable key enterprise workflows, from the boardroom to the battlefield, exceeding the

More information

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Improving Security in Embedded Systems Felix Baum, Product Line Manager Improving Security in Embedded Systems Felix Baum, Product Line Manager The Challenge with Embedded Security Business Imperatives Security Imperatives I need to keep my production expenses as low as possible.

More information

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser. AUTOBEST: A microkernel-based system (not only) for automotive applications Marc Bommert, Alexander Züpke, Robert Kaiser vorname.name@hs-rm.de Outline Motivation AUTOSAR ARINC 653 AUTOBEST Architecture

More information

MASP Chapter on Safety and Security

MASP Chapter on Safety and Security MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio

More information

Securing the future of mobility

Securing the future of mobility Kaspersky Transportation System Security AVL Software and Functions Securing the future of mobility www.kaspersky.com #truecybersecurity Securing the future of mobility Connected car benefits The need

More information

Adding value to your MS customers

Adding value to your MS customers Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,

More information

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems Alexander Much 2015-11-11 Agenda About EB Automotive Motivation Comparison of different architectures Concept for

More information

Using the MPU with an RTOS to Enhance System Safety and Security

Using the MPU with an RTOS to Enhance System Safety and Security Using the MPU with an RTOS to Enhance System Safety and Security By Stephen Ridley 10 December, 2016 www.highintegritysystems.com WITTENSTEIN WITTENSTEIN high integrity systems: A World Leading RTOS Ecosystem

More information

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles Safety & Security for the Connected World Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles 16 th June 2015 Mark Pitchford, Technical Manager, EMEA Today

More information

PKI Credentialing Handbook

PKI Credentialing Handbook PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key

More information

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017 Smart Antennas and : Enabling Secure Convergence July 5, 2017 About OpenSynergy OpenSynergy develops software solutions for embedded automotive systems. OpenSynergy s product portfolio includes key software

More information

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have

More information

Introduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017

Introduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017 Introduction to Adaptive AUTOSAR Dheeraj Sharma July 27, 2017 Overview Software Platform and scope of Adaptive AUTOSAR Adaptive AUTOSAR architecture and roadmap EB Adaptive Platform and Prototyping solution

More information

Adaptive AUTOSAR. Ready for Next Generation ECUs V

Adaptive AUTOSAR. Ready for Next Generation ECUs V Adaptive AUTOSAR Ready for Next Generation ECUs V0.4 2017-10-18 Introduction Being Prepared for the Next-Generation of ECUs Additional, high performance ECUs hosting applications for upcoming use cases

More information

Windows IoT Security. Jackie Chang Sr. Program Manager

Windows IoT Security. Jackie Chang Sr. Program Manager Windows IoT Security Jackie Chang Sr. Program Manager Rest Physical access to a device will not give access to data Data & Control Execution Data owner has full control over data processing Motion Transport

More information

10 th AUTOSAR Open Conference

10 th AUTOSAR Open Conference 10 th AUTOSAR Open Conference Yuchen Zhou, Thomas E Fuhrman, Prathap Venugopal General Motors Scheduling Techniques for Automated Driving Systems using the AUTOSAR Adaptive Platform AUTOSAR Nov-2017 Agenda

More information

Manufacturing Tools in the UEFI Secure Boot Environment

Manufacturing Tools in the UEFI Secure Boot Environment Manufacturing Tools in the UEFI Secure Boot Environment Presented by Stefano Righi presented by UEFI Plugfest May 2014 Agenda Introduction Transition of Manufacturing Tools to UEFI Manufacturing Tools

More information

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018 Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018 Agenda Motivation Introduction of Safety Components Introduction to ARMv8

More information

CompTIA A+ Certification ( ) Study Guide Table of Contents

CompTIA A+ Certification ( ) Study Guide Table of Contents CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System

More information

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Securing the Connected Car. Eystein Stenberg CTO Mender.io Securing the Connected Car Eystein Stenberg CTO Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled Software defined

More information

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases

More information

CERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010

CERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010 Secure Coding Practices COMP620 CERT Secure Coding Initiative Works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors Many of the slides

More information

Countermeasures against Cyber-attacks

Countermeasures against Cyber-attacks Countermeasures against Cyber-attacks Case of the Automotive Industry Agenda Automotive Basics ECU, domains, CAN Automotive Security Motivation, trends Hardware and Software Security EVITA, SHE, HSM Secure

More information

Bringing Android to Secure SDRs

Bringing Android to Secure SDRs Bringing Android to Secure SDRs David Kleidermacher Frank Vandenberg SDR 11 WinnComm - Europe Agenda Overview Why Android in SDR? Android Security Proposed Architecture Typical red-black architecture for

More information

Vendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo

Vendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo Vendor: CompTIA Exam Code: 220-902 Exam Name: CompTIA A+ Certification Exam (902) Version: Demo DEMO QUESTION 1 Which of the following best practices is used to fix a zero-day vulnerability on Linux? A.

More information

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters IDACCS Wireless 2014 Integrity protection in a smart grid environment for wireless access of smart meters Prof- Dr.-Ing. Kai-Oliver Detken DECOIT GmbH Fahrenheitstraße 9 D-28359 Bremen URL: http://www.decoit.de

More information

EMC2. Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4

EMC2. Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4 EMC2 Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4 Introduction Multi-core architectures will be adopted in the next generations of avionics and aerospace systems. Integrated

More information

10 th AUTOSAR Open Conference

10 th AUTOSAR Open Conference 10 th AUTOSAR Open Conference Nadym Salem, Jan Hegewald Carmeq GmbH Dealing with the Challenges for Future Software Systems in the Automotive Industry with the AUTOSAR Standards AUTOSAR Nov-2017 Dealing

More information

Multicore platform towards automotive safety challenges

Multicore platform towards automotive safety challenges Multicore platform towards automotive safety challenges Romuald NOZAHIC European Application Engineer mentor.com/automotive Android is a trademark of Google Inc. Use of this trademark is subject to Google

More information

Software integration challenge multi-core experience from real world projects

Software integration challenge multi-core experience from real world projects Software integration challenge multi-core experience from real world projects Rudolf Grave 17.06.2015 Agenda About EB Automotive Motivation Constraints for mapping functions to cores AUTOSAR & MultiCore

More information

Software Updates for Connected Devices

Software Updates for Connected Devices Software Updates for Connected Devices Key Considerations Eystein Stenberg CTO Mender.io Who am I Eystein Stenberg Mender.io 7 years in systems security management Over-the-air updater for Linux, Yocto

More information

IoT It s All About Security

IoT It s All About Security IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds

More information

Cyber security of automated vehicles

Cyber security of automated vehicles Cyber security of automated vehicles B. Steurich Infineon Technologies Conference Sep. 2017, Berlin Building blocks of automated driving: Cooperation of multiple system and disciplines Data Processing

More information

Accelerating the implementation of trusted computing

Accelerating the implementation of trusted computing Infineon Network Use Case Accelerating the implementation of trusted computing Building Confidence in Our Connected World with TPM middleware Products OPTIGA TPM www.infineon.com/ispn Use Case Use case

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Mixed Critical Architecture Requirements (MCAR)

Mixed Critical Architecture Requirements (MCAR) Superior Products Through Innovation Approved for Public Release; distribution is unlimited. (PIRA AER200905019) Mixed Critical Architecture Requirements (MCAR) Copyright 2009 Lockheed Martin Corporation

More information

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io Securing the Connected Car Eystein Stenberg Product Manager Mender.io The software defined car Electronics Telematics Infotainment Connected Assisted driving Autonomous Hardware enabled Software enabled

More information

Software Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015

Software Architecture for Secure ECUs. Rudolf Grave EB TechDay-June 2015 Software Architecture for Secure ECUs Rudolf Grave EB TechDay-June 2015 Agenda No safety without security and vice versa Established Safety Concepts Safety Analysis Methods for Security Analysis Secure

More information

Technical Brief Distributed Trusted Computing

Technical Brief Distributed Trusted Computing Technical Brief Distributed Trusted Computing Josh Wood Look inside to learn about Distributed Trusted Computing in Tectonic Enterprise, an industry-first set of technologies that cryptographically verify,

More information

Cyber security mechanisms for connected vehicles

Cyber security mechanisms for connected vehicles Infineon Security Partner Network Partner Use Case Cyber security mechanisms for connected vehicles Protecting automotive vehicle networks and business models from cyber security attacks Products AURIX

More information

Security by Default. Overview CHAPTER

Security by Default. Overview CHAPTER CHAPTER 3 This section contains the following topics: Overview, page 3-1 Trust Verification Service, page 3-2 Initial Trust List, page 3-2 Autoregistration, page 3-3 Supported Cisco Unified IP Phones,

More information

The Adaptive Platform for Future Use Cases

The Adaptive Platform for Future Use Cases The Adaptive Platform for Future Use Cases Vector Congress 2016 - Stuttgart, 2016-11-30 V0.1 2016-09-21 Agenda Introduction Adaptive AUTOSAR Architecture Use Cases and Requirements Adaptive AUTOSAR at

More information

Car2Car Forum Operational Security

Car2Car Forum Operational Security Car2Car Forum 2012 14.11.2012 Operational Security Stefan Goetz, Continental Hervé Seudié, Bosch Working Group Security Task Force: In-vehicle Security and Trust Assurance Level 15/11/2012 C2C-CC Security

More information

Infotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive

Infotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive Infotainment Solutions with Open Source and i.mx6 Andrew Patterson Business Development Director Embedded Automotive mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject

More information

SECURING DEVICES IN THE INTERNET OF THINGS

SECURING DEVICES IN THE INTERNET OF THINGS SECURING DEVICES IN THE INTERNET OF THINGS WHEN IT MATTERS, IT RUNS ON WIND RIVER EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including

More information

CS6501: Great Works in Computer Science

CS6501: Great Works in Computer Science CS6501: Great Works in Computer Science Jan. 29th 2013 Longze Chen The Protection of Information in Computer Systems Jerome H. Saltzer and Michael D. Schroeder Jerry Saltzer Michael Schroeder 1 The Meaning

More information

Operating system hardening

Operating system hardening Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications

More information

Tessellation: Space-Time Partitioning in a Manycore Client OS

Tessellation: Space-Time Partitioning in a Manycore Client OS Tessellation: Space-Time ing in a Manycore Client OS Rose Liu 1,2, Kevin Klues 1, Sarah Bird 1, Steven Hofmeyr 3, Krste Asanovic 1, John Kubiatowicz 1 1 Parallel Computing Laboratory, UC Berkeley 2 Data

More information

Advanced Security Tester Course Outline

Advanced Security Tester Course Outline Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,

More information

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes. Introducing MVISION Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls Jon Parkes McAfee 1 All information provided here is subject to non-disclosure

More information

Operating System Security

Operating System Security Operating System Security Operating Systems Defined Hardware: I/o...Memory.CPU Operating Systems: Windows or Android, etc Applications run on operating system Operating Systems Makes it easier to use resources.

More information

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016 Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016 andrew_patterson@mentor.com Embedded Software & Electric Vehicles Combustion Engine Electric

More information

*NSTAC Report to the President on the Internet of Things.

*NSTAC Report to the President on the Internet of Things. North Carolina Highway Signs Compromised By a Foreign Hacker* Penetration of a Water Treatment Facility by a Foreign Hacker* *NSTAC Report to the President on the Internet of Things. www.dhs.gov/sites/default/files/publications/

More information

FIPS Mode Setup

FIPS Mode Setup This chapter provides information about FIPS 140-2 mode setup. FIPS 140-2 Setup, page 1 FIPS Mode Restrictions, page 9 FIPS 140-2 Setup Caution FIPS mode is only supported on releases that have been through

More information

Introducing a new temporal partitioning scheme to AUTOSAR OS

Introducing a new temporal partitioning scheme to AUTOSAR OS 8 th AUTOSAR Open Conference Introducing a new temporal partitioning scheme to AUTOSAR OS 29 th Oct., 2015 Hiroaki TAKADA Professor, Inst. of Innovation for Future Society, Nagoya Univ. Executive Director

More information

Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors

Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors Safety & Security for the Connected World Achieving safe, certified, multicore avionics systems with Separation Kernel Hypervisors 13 October 2015 Mark Pitchford, Technical Manager, EMEA Achieving safe,

More information

Secure boot under attack: Simulation to enhance fault injection & defenses

Secure boot under attack: Simulation to enhance fault injection & defenses Secure boot under attack: Simulation to enhance fault injection & defenses Martijn Bogaard Senior Security Analyst martijn@riscure.com / @jmartijnb Niek Timmers Principal Security Analyst niek@riscure.com

More information

Applications of Attestation:

Applications of Attestation: Lecture Secure, Trusted and Trustworthy Computing : IMA and TNC Prof. Dr. Ing. Ahmad Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Germany Winter Term 2011/2012 1 Roadmap: TC

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform

More information

Certification Report

Certification Report Certification Report Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada, Communications Security Establishment,

More information

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle Conquering Complexity: Addressing Security Challenges of the Connected Vehicle October 3, 2018 Securely Connecting People, Applications, and Devices Ted Shorter Chief Technology Officer CSS Ted.Shorter@css-security.com

More information

PJFS (Partitioning, Journaling File System): For Embedded Systems. Ada-Europe 6-June-2006 Greg Gicca

PJFS (Partitioning, Journaling File System): For Embedded Systems. Ada-Europe 6-June-2006 Greg Gicca PJFS (Partitioning, Journaling File System): For Embedded Systems Ada-Europe 6-June-2006 Greg Gicca Why File Systems Are Important Most computer systems today, even deeply embedded, have ample storage

More information

Chapter 2. Operating-System Structures

Chapter 2. Operating-System Structures Chapter 2 Operating-System Structures 2.1 Chapter 2: Operating-System Structures Operating System Services User Operating System Interface System Calls Types of System Calls System Programs Operating System

More information

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental

More information

Automotive Anomaly Monitors and Threat Analysis in the Cloud

Automotive Anomaly Monitors and Threat Analysis in the Cloud Automotive Anomaly Monitors and Threat Analysis in the Cloud Dr. André Weimerskirch Vector Automotive Cyber Security Symposium October 12, 2017 Cybersecurity Components Secure Internal & External Communications

More information

Compliant. Secure. Dependable.

Compliant. Secure. Dependable. NAVIFY Cloud Security with the NAVIFY Tumor Board solution Compliant. Secure. Dependable. Trust that your oncology patients healthcare information stays protected. In the era of precision medicine, you

More information

Feature Comparison Summary

Feature Comparison Summary Feature Comparison Summary, and The cloud-ready operating system Thanks to cloud technology, the rate of change is faster than ever before, putting more pressure on IT. Organizations demand increased security,

More information

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software presented by Strengthening the Chain of Trust Kevin Lane HP Jeff Bobzin Insyde Software August Updated 22, 2014 2011-06-01 Agenda Quick Intro to UEFI UEFI Myths Using Linux + Secure Boot Continuing the

More information

Automotive Cybersecurity: A steep learning curve

Automotive Cybersecurity: A steep learning curve Automotive Cybersecurity: A steep learning curve Vector Congress 2018 V1.0 2018-11-07 Motivation Attack Surface and Attack History Automotive megatrends Attacks with safety-critical effects Connectivity

More information

Channel FAQ: Smartcrypt Appliances

Channel FAQ: Smartcrypt Appliances Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise

More information

IBM Case Manager on Cloud

IBM Case Manager on Cloud Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the

More information

File Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb

File Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb File Encryption Steven M. Bellovin https://www.cs.columbia.edu/~smb Why Encrypt Files? Theft of files Theft of media Theft of computer Cloud storage? I.e. Someone else s computer 1 Issues with File Encryption

More information

SECURING DEVICES IN THE INTERNET OF THINGS

SECURING DEVICES IN THE INTERNET OF THINGS SECURING DEVICES IN THE INTERNET OF THINGS EXECUTIVE SUMMARY Security breaches at the device level in the Internet of Things (IoT) can have severe consequences, including steep financial losses, damage

More information

IoT Edge within the IoT Framework

IoT Edge within the IoT Framework IoT Edge within the IoT Framework Axel Dittmann Diplom-Betriebswirt (FH) Diplom-Wirtschaftsinformatiker (FH) Global Technical Solution Specialist IOT CISSP, MCP Twitter: @DittmannAxel Waves of Innovation

More information

Feature Comparison Summary

Feature Comparison Summary Feature Comparison Summary,, and The cloud-ready operating system is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure

More information

Who s Protecting Your Keys? August 2018

Who s Protecting Your Keys? August 2018 Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and

More information

Securing Your Wireless LAN

Securing Your Wireless LAN Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP

More information

Certification Report

Certification Report Certification Report McAfee File and Removable Media Protection 4.3.1 and epolicy Orchestrator 5.1.2 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation

More information

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann

Weak Spots Enterprise Mobility Management. Dr. Johannes Hoffmann Weak Spots Enterprise Mobility Management Dr. Johannes Hoffmann Personal details TÜV Informationstechnik GmbH TÜV NORD GROUP Dr. Johannes Hoffmann IT Security Business Security & Privacy Main focus: Mobile

More information

Certification Report

Certification Report Certification Report EMC VNX OE for Block v05.33 and File v8.1 with Unisphere v1.3 running on VNX Series Hardware Models VNX5200, VNX5400, VNX5600, VNX5800, VNX7600, and VNX8000 Issued by: Communications

More information

Default security setup

Default security setup Default security setup This section provides information about the default security setup. Default security features, page 1 Trust Verification Service, page 2 Initial trust list, page 2 Update ITL file

More information

McAfee Embedded Control for Retail

McAfee Embedded Control for Retail McAfee Embedded Control for Retail System integrity, change control, and policy compliance for retail point of sale systems McAfee Embedded Control for retail maintains the integrity of your point-of-sale

More information

MU2b Authentication, Authorization and Accounting Questions Set 2

MU2b Authentication, Authorization and Accounting Questions Set 2 MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2

More information

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update)

UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) UNECE WP29/TFCS Regulation standards on threats analysis (cybersecurity) and OTA (software update) Koji NAKAO, NICT, Japan (Expert of UNECE WP29/TFCS) General Flow of works in WP29/TFCS and OTA Data protection

More information

Economic and Social Council

Economic and Social Council United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization

More information

Introduction to Device Trust Architecture

Introduction to Device Trust Architecture Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform

More information