Autonomous Driving needs Safety & Security. Embedded World 2018 Dr. Ciwan Gouma

Similar documents
Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

MASP Chapter on Safety and Security

Safety and Security for Automotive using Microkernel Technology

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

13W-AutoSPIN Automotive Cybersecurity

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

Turbocharging Connectivity Beyond Cellular

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Automotive Anomaly Monitors and Threat Analysis in the Cloud

10 th AUTOSAR Open Conference

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

KPIT S Connected Vehicle Practice

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

PENETRATION TESTING OF AUTOMOTIVE DEVICES. Dr. Ákos Csilling Robert Bosch Kft., Budapest HUSTEF 15/11/2017

Using a Certified Hypervisor to Secure V2X communication

Convergence of Safety, Systems & Cybersecurity Bill StClair, Director, LDRA, US Operations

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

Automotive Gateway: A Key Component to Securing the Connected Car

OVERVIEW OF AUTOMATED DRIVING RESEARCH IN EUROPE. Dr. Angelos Amditis Research Director, ICCS

Secure Product Design Lifecycle for Connected Vehicles

Autonomous Driving From Fail-Safe to Fail-Operational Systems

Security and Privacy in Car2Car Adhoc Networks

AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS

S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation

Autorama, Connecting Your Car to

Cyber security of automated vehicles

Cyber security mechanisms for connected vehicles

Ido Sarig, General Manager, IOT Solutions Group DELIVERING END-TO-END INTELLIGENCE FOR THE INTERNET OF THINGS

Open Source in Automotive Infotainment

Cyber Security and Vehicle Diagnostics. Mark Zachos DG Technologies

BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS

Conquering Complexity: Addressing Security Challenges of the Connected Vehicle

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

DEx. Other initiatives, ongoing projects and applications within the strategic program Automotive Security and Privacy.

Addressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1

Security Challenges with ITS : A law enforcement view

Compute solutions for mass deployment of autonomy

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

Innovation policy for Industry 4.0

How Security Mechanisms Can Protect Cars Against Hackers. Christoph Dietachmayr, CIS Solution Manager EB USA Techday, Dec.

Automotive Linux Summit 2017 May 31-June 2, 2017, Tokyo, Japan Advances and challenges in remote configuration of connected cars

ACARE WG 4 Security Overview

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Functional Safety Architectural Challenges for Autonomous Drive

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Automotive Security: Challenges, Standards and Solutions. Alexander Much 12 October 2017

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

General Framework for Secure IoT Systems

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Introduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Automotive Cybersecurity: A steep learning curve

SECURIFY: A COMPOSITIONAL APPROACH OF BUILDING SECURITY VERIFIED SYSTEM

Applying MILS to multicore avionics systems

Trusted Platform Modules Automotive applications and differentiation from HSM

Introduction to Device Trust Architecture

White Paper. Connected Car Brings Intelligence to Transportation

The Programmable World Opportunities and Challenges

Cybersecurity program & best practices

ISO meets AUTOSAR - First Lessons Learned Dr. Günther Heling

Automotive Security An Overview of Standardization in AUTOSAR

Hardening Attack Vectors to cars by Fuzzing

How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT

Functional Safety and Cyber-Security Experiences and Trends

The Safe State: Design Patterns and Degradation Mechanisms for Fail- Operational Systems

Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure

Airport Security & Safety Thales, Your Trusted Hub Partner

Securing the future of mobility

Internet of Things Security standards

Virtual Open Systems (VOSyS)

10 th AUTOSAR Open Conference

Click ISO to edit Master title style Update on development of the standard

Connected Car Solutions Based on IoT

Automotive Security Standardization activities and attacking trend

Singapore Autonomous Vehicle Initiative (SAVI)

Integrated Security Management Framework

Heavy Vehicle Cybersecurity Update. National Motor Freight Traffic Association, Inc.

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

5G promotes the intelligence connected vehicles. Dr. Menghua Tao Senior Solution Manager China Unicom

Enhancing the cyber security &

To realize Connected Vehicle Society. Yosuke NISHIMURO Ministry of Internal Affairs and Communications (MIC), Japan

Security: The Key to Affordable Unmanned Aircraft Systems

Siemens Research Cyber Security

Addressing Complexity in Connected & Autonomous Vehicles (and in fact everything else )

AUTOBEST: A microkernel-based system (not only) for automotive applications. Marc Bommert, Alexander Züpke, Robert Kaiser.

INSPIRING IOT INNOVATION: MARKET EVOLUTION TO REMOVE BARRIERS. Mark Chen Taiwan Country Manager, Senior Director, Sales of Broadcom

Deriving safety requirements according to ISO for complex systems: How to avoid getting lost?

Development of Intrusion Detection System for vehicle CAN bus cyber security

New ARMv8-R technology for real-time control in safetyrelated

Designing a software framework for automated driving. Dr.-Ing. Sebastian Ohl, 2017 October 12 th

Security Standardization and Regulation An Industry Perspective

Internet of Things Toolkit for Small and Medium Businesses

Building cyber resilience into our railway s DNA. Matthew Simpson. Technical Director, Cyber Security

Securing Devices in the Internet of Things

Deterministic Ethernet & Unified Networking

Transcription:

Autonomous Driving needs Safety & Security Embedded World 2018 Dr. Ciwan Gouma

Autonomous Driving The Vision The vision is not new. Picture left (maybe you have seen this in other presentations) but why is that here: 1957 --- Vintage illustration from an advertisement by H. Miller of a family of four playing a board game, while their futuristic electric car automatically drives itself. Very interesting it s published in an advertisement for electrical power plant in the US to present different use cases: how to use electrical power in the future! Why not from an automotive company? - Long story How does the vision lock today? Some changes compared to the left picture. - People are not playing domino they are working ;(

But back to the why What is the real why for autonomous driving - Not the number of billion IoT devices - Not the available technology Always start with asking why: (Simon Sinek) - our mobility expectation has changed - Time that we spend in traffic jam! - Number of accidents 1.3 million / year! From 2006 2016 between 11 and 35 thousand people died caused by terrorist attacks! - Lessons from avionic industry: 95% of accidents are caused by human errors! - Same result for cars source https://crashstats.nhtsa.dot.gov/api/public/viewpublication/812115

Autonomous WHY s SYSGO AG PUBLIC 4 Increase safety 69% Reduce traffic congestions / increase road capacity 65% Independent mobility of non- drivers 55% Reduce stress level / advanced ease of use 49% Increase productivity for the driver 43% Enhance quality of live 38% Emission and cost reduction 31% Source: Survey Report tech.ad 2018, Berlin https://autonomous-driving-berlin.com/

Safety Concerns / Fail safe concepts Legal restrictions Cyber Security SYSGO AG PUBLIC 5 Main Challenges Fail safe concepts - mission complete - simply stop the car Not part of this presentation As well legal restrictions Cyber Security, always mentioned as an important topic same moment saying we will handle this later! My personal view: that is the wrong approach! continuously and seriously successful cyberattacks could be a show stopper for autonomous driving.

ƵƚŽŶŽŵŽƵƐ ƌŝǀŝŷő ŶĞĞĚƐ ^ĂĨĞƚLJ Θ ^ĞĐƵƌŝƚLJ New Thinking SYSGO AG PUBLIC 6 Main stream autonomous vehicle adoption will create a new economy 7 trillion by 2050 business (Intel, Strategic Analytics) A sep. passenger economy will include new type of products (autonomous cars, hyperloops, changing or smart Cities, homes) new services and complete new business modells New vehicle of the future will be able of retrieve and share real time traffic data, vehicle2vehicle communication, use AI algorithm, for optimizing autonomous driving and route and other useful tasks parking space etc. Side note: Intel sees: shared commuting on autonomous vehicles as norm, and individual vehicle ownership as less important New class of vehicle spawned for dense urban environement -- What are the impacts for our industry?! Source: https://newsroom.intel.com/newsroom/wpcontent/uploads/sites/11/2017/05/passenger-economy.pdf!"#$ %&'(#) *!"#$ +&'(#,-.-+& *&( ϲ

Connectivity & Security New Thinking Complexity Domain Integration SYSGO AG PUBLIC 7 Life Cycles & Development processes Connectivity as a base for new and helpful feature, user and OEMs love that. Complete new use cases and business models are possible perfect! BUT with connectivity we are facing tremendous security issues nothing is secure. A new thinking has to start. Complexity Domain integration -> Combining systems increase the attack surface! ECU integration How will that be realized with existing E/E structures? New business models, new cloud-based service -> complete different player, entire different lifecycles have to be handled.

Connected Car Attack Surface Eldorado Over the time several component providers added connectivity to their devices Bluetooth, WIFI, near-field some of them used IT-based security mechanism like crypto etc. - Sometimes old, outdated protocols are used not safe - Even some time without any security functionality. - Attack surface increased no security concept!

Level of Autonomous Driving Big Difference Autonomous driving trust connectivity! For level 1 and 2 no extra safety certification levels expected! BUT for level 3 and above High Safety Certification has to come - similar to avionic standards Safety! Cyber-Security and Security for Safety.

IT - Security Aviation Industry Other Perspectives SYSGO AG PUBLIC 10

Learning from IT Security Firewalls Cryptography Crypto won t save you either End2End Intrusion Thus, the attack surface is the full system architecture Security is the integral system property! Without a clean design, it is complicated to identify/define the attack surface Security is a process Easy to use update procedures refer WannaCry and Microsoft statements about updates! Positive: due to the impact of security attacks on companies -> Management attention increased over the past years. IT security: Pos. awareness from Management is already there. Security is a process. Firewalls are a good idea. Crypto won t save you either.

Learning from Avionic Industry Safety & Security Process & Certification Fail Safe HW Consolidation Security by design MILS Tremendous changes for the network based infrastructure Aircraft today is network based (AFDX & IP) Increasing usage of common computing resources Integrated Modular Avionics (IMA), Open World Open World domain with COTS software Wi-fi products, Linux New IT services Pilots (tablets), passengers, crew, maintenance Increasing integration and information flow between systems Aircraft is heavily connected to other IT services, Integration of several domains Airlines, ATC Aircraft is connected to INTERNET Common Challenges in Cyber-Physical-Systems Functionality density is increasing Integrate functions on small numbers of ECU Reduce the number of ECUs or keep (at least) the same Benefit on powerful COTS HW and SW Need proper separation and control of functionalities Heterogeneous information flows Systems are interconnected and exposed to external world Usage of common network infrastructure Need proper separation and control of information flows High-assurance for mixed-critical ECUs Functionalities have different assurance requirements, e.g. safety vs. security The overall assurance design shall be enough to run the most demanding one Need proper compositional certification approach

MILS Low-criticality Partition Mediumcriticality Partition High-criticality Partition Application plane MILS is a high-assurance security architecture that supports the coexistence of untrusted and trusted components, based on verifiable separation mechanisms and controlled information flow Please refer for more information to Research Project EuroMils: Please refer for more information to Research Project CertMils:

MILS Architectural Approach Low-criticality Partition Medium-criticality Partition High-criticality Partition Application plane Refinement Low-criticality Partition MILS Architecture Mediumcriticality Partition MILS induced abstraction High-criticality Partition MILS Platform (Separation Kernel) Hardware (CPUs, memory, and devices) Network Resource plane Actuator Please refer for more information to our Research Project EuroMils : Please refer for more information to our Research Project CertMils

Common: Assurance via Standards Adaptive Autosar Genivi / AGL Other OEM Innovations Common Safety and Security Base ISO 26262 SAE J3101 Hardware-Protected Security for Ground Vehicle Applications SAE J3061 Cyber security Guidebook for Cyber-Physical Vehicle Systems ISO 26262 a) Potential interaction between safety and security b) Cybersecurity threats to be analyzed as hazards c) Monitoring activities for cybersecurity, including incident response tracking d) Refer also to SAE J3061, ISO/IEC 27001, and ISO/IEC 15480 ISO/WD PAS 21448 Road vehicles -- Safety of the intended functionality Sotif under development SAE J3101 a) Secure boot b) Secure storage c) Secure execution environment d) Other hardware capabilities... e) OTA, authentication, detection, recovery mechanisms... SAE J3061 a) Enumerate all attack surfaces, conduct threat analysis b) Reduce attack surface c) Harden hardware and software d) Perform security testing (penetration, fuzzing, etc.) SAE Society of Automotive Engineers, U.S.-based, globally active professional association and standards developing organization for engineering professionals in various industries. Principal emphasis is placed on transport industries such as automotive, aerospace, and commercial vehicles. J3061 -Guidebook CyberSecurtiy IEC 27001 : "Information technology Security techniques Information security management systems Requirements ISO IEC 15480: Common Criteria...

Safety & Security Software LifeCycle Requirements Threat Analysis System Requirements Security Goals System Test Execution Validate Security Assumptions Global Design Security Architecture Integration Test Execution Integration and Penetration Tests Detailed Design Attack Tree Analysis (ATA) Unit Test Case Execution Functional and Penetration Tests Implementation Code and HW Implementation Reviews Threat Analysis - Hazard analysis and risk assessment Security Goals - Safety Goals - Requirements Analysis Security Architecture - System Safety Concept - System Architecture Attack Tree Analysis (ATA) - FMEA, FTA, FMEDA - HW/SW Design Failure Mode and Effects Analysis (FMEA ) Fault Tree Analysis (FTA) Failure Modes Effects and Diagnostic Analysis (FMEDA) HW/SW Implementation Guidelines, Reviews, Analyses - Code and HW Implementad HW/SW Test - Test Safety Mechanisms - Functional and Penetration Tests System Integration - Test Safety Mechanisms - Integration and Penetration Tests System Test - Validate Safety Assumptions - Validate Security Assumptions

Benefits MILS OS as base for Future Automotive Platforms Create Multi Domain Platform Supports New Mobility Services Ensure Strict separation, Domain Integration Increase data privacy, Minimise security risks SYSGO AG PUBLIC 17 Reduce development Cost Minimize risk for 3rd party components

Prove our Secure Domain Demonstrator Embedded World 2018, Hall 4-308 & Hall 4A-410 More information: www.sysgo.com Company Video: https://www.youtube.com/watch?v=x5yuhbktxba&feature=youtu.be http://bit.ly/autonomous_driving /0 12 203 4530

AUTOSAR Adaptive New Standard New Feature Hypervisor combines Safety and Linux ISO 26262 Safe Application Barrier: Safe and Secure QM Application Visit Vector at Hall 4-510 SafePOSIX (e.g. PikeOS) Safe Adaptive AUTOSAR Linux QM Adaptive AUTOSAR Hypervisor (e.g. PikeOS) µcontroller More information: www.sysgo.com Press Release SYSGO Vector Joint Venture: https://www.sysgo.com/partners/sysgo-vector

Multi-Domain AI Brain Platform PikeOS & Evolver from OSR More information: www.sysgo.com Press Release SYSGO OSR Cooperation https://www.sysgo.com/news-events/news-and-articles/article/osr-uses-pikeosfor-ai-based-automotive-platform/

Take Away - Understand the Standards and Recommendations - First Secure the HW - Than Secure the SW - System integration concept, i.e. Architecture is the most important Security MEASURMENT - Ask if your SW has: - Monitoring - Assessment - Notifications - Remediations - Safe & Secure SW LifeCycle - Establish End to End Security Consider adverse actors at the very beginning of the system design stage. Your system will not be isolated: neither physically nor information-flow-wise System integration concept, i.e. architecture, is the most important SECURITY MEASURE MILS architectural approach is an enabler for High-assurance safety and security architecture and Compositional certification Develop a system architecture consisting of different safety and security domains, i.e. partition system in domains Assign platform resources to partitions Assign CPUs, CPU time, memory, I/O devices, file access, available services to partitions Define communication channels between partitions Default: everything is forbidden what is not explicitly allowed Optionally, add libraries/run-time environments to partitions e.g. POSIX, ARINC, AUTOSAR, Linux, ANDROID, Ada

Autonomous Driving Let s make the Vision happen SYSGO Website SYSGO Blog LinkedIn Twitter YouTube https://sysgo.com https://blog.sysgo.com https://de.linkedin.com/company/sysgo-ag/ https://twitter.com/sysgo https://www.youtube.com/user/sysgoag/videos http://bit.ly/autonomous_driving/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback