Page History

Title: GENIVI Security Team Overview:

Abstract:  COVESA's Automotive Cybersecurity team continues to lead and provide our membership and greater community with an overview of the cybersecurity team initiatives, how you and your organization can become engaged, and lastly what to look forward to in today's cybersecurity workshop track

Keynote Title:   Trust and Security of Software in Connected Vehicles

Abstract:  Code is new fuel for a modern car. It is more dependent on code than petrol. Nowadays, a car is powered by a network of 70 to 100 electronic car units (ECUs) which constantly communicate over Control Area Network (CAN). Indeed, it takes 100 million¹ lines of code for a modern car to function, and it is expected to rise to 300 to 500 million. In contrast, a Boeing 787 Dreamliner runs on 12 million lines of code².  

The complexity of software in a car and multi-tier supply chain have raised many challenges for quality, functionality and security testing. Moreover, WP.29 regulations by UNECE mandates frameworks essential for connected cars in the area of cyber security and software updates.    

asvin has designed and developed a novel solution to improve overall DevOps process integrity testing using the distributed and decentralized technologies. It consists of Distributed Software Bill of Materials (D-SBOM)⁴ and secure software supply chain services.

The D-SBOM service aims to pioneer creation of a list of software constituents, its storage and retrieval using the distributed ledger technology (DLT). Additionally, the objective of secure software supply chain services is to trace the track of software from its development to installation. Each event in the software lifecycle will be recorded on a distributed ledger.  

Both services will help in establishing an unbroken chain of ownership, software provenance, transparency, security, trust and integrity for DevOps process in automobile industry. A ledger is inherently immutable and secure. Therefore, the solution will strengthen and streamline the process of auditing and compliance adherence set by government and regulatory institutions.

Title:  VSS Meets NDN: Securing Vehicle Communications through Named Data Networking

Abstract:  The Vehicle Signal Specification (VSS) is a standardized vehicle data specification that allows the automotive industry to use a common naming space for communication and abstract underlying vehicle implementation details. A standardized vehicle data specification, however, has significant additional benefits: it can enhance security and efficiency in vehicle communications when coupled with Named Data Networking (NDN) that communicates using names at the network layer rather than endpoint addresses. The use of names enables cryptographically binding content to unique names to build a strong security foundation by only allowing valid content to be delivered and enables efficient content delivery (both unicast and multicast) by allowing the network to locate the nearest source of the requested content and suppress duplicate requests and data. As implemented in NDN, standardized names result in far simpler application implementations by reducing communication complexity and eliminating all address allocation and management functions such as DNS.

Title:  Keep your vehicles safe by continuously managing the software vulnerabilities 

Abstract:  Fuzz Testing? Pen Testing? Vulnerability Scanning? Functional Testing? Verification Testing? Whether you're an automaker or supplier, you'll inevitably need to get comfortable with security testing as ISO/SAE 21434 permeates the automotive supply chain. In this talk, we'll walk through each type of testing to discuss what it is, why it's done, and when/how to do it. Finally, we'll end this talk with a few recommendations for ways you can get ahead of the curve and start thinking about automating cybersecurity testing for ISO/SAE 21434

Automotive Privacy Update for 2022

Abstract:  There is more data than ever being collected by the OEMs, Tier 1s, and Application and OS providers than ever. Who is responsible for the security and safety of this data? Opt-in or opt-out? Have a seat, grab your tinfoil hats, and listen in as our Security Team Chair, Joby Jester, and resident privacy expert, Jennifer Dukarski, discuss the automotive privacy landscape of 2022 including the biggest issues, regulations, and offer suggestions towards protecting the personal and confidential information on the vehicle.