Specifically ADAS and AD require decisions to be made in real-time, based on sensor information or on data delivered via V2X communication. OEMs are aware of the exposure risk, and vulnerabilities do exist. How can they execute the proper procedure for cybersecurity, risk assessment and analysis?

There have been many vulnerabilities demonstrated over the last decade that have had safety-critical consequences. Typically attackers use one of the exploits in the infotainment system which frequently runs a general-purpose operating system, such as Linux or Android.

Then, malicious software is run in an attempt to access the CAN bus or similar bus protocols. CAN has worked well for reliably connecting safety-critical modules, however, the CAN bus can be sniffed, the protocol can be analyzed and eventually a fake message can be introduced.

How can developers minimize critical system failures with the wide range of complex software modules in a vehicle, often developed by third parties, sometimes using open-source software? Correct software design and development process can prevent vulnerabilities and developers must assess each component and track interactions with other components.

For functional safety, ISO 26262 is an established standard, however, it does not consider software lifecycle, such as the over-the-air update.

In contrast, ISO 21434 is a framework that pertains directly to automotive cybersecurity. ISO 21434, which is supported by the Green Hills Software, is of increasing importance as various governments worldwide are turning the requirements for a cybersecurity management system into law. ISO 21434 covers lifecycle management rather than a specific technology, method, or system – it also includes operation and maintenance, and describes how cybersecurity risk assessments can be applied in each part of the lifecycle.

Using the right tools and processes makes managing the product lifecycle easier. A safety- and security-certified real-time operating system (RTOS) is essential to build modules that are impenetrable to attack. Such an RTOS, or separation kernel, uses hardware memory protection to isolate and protect drivers, third-party software, communications, embedded applications and even host one or more instances of guest operating systems. Secure partitions guarantee separation of tasks and are more robust than typically found within general-purpose operating systems. The minimized interference between applications makes the risk assessment more manageable and provides more options to mitigate risk.

A trusted separation partition architecture executes multiple arbitrary guest operating systems alongside mission-critical real-time software functions. Applications and guest operating systems are efficiently scheduled across one or multiple cores and can communicate efficiently with each other and share peripherals, according to a strict access control model.

In summary, to secure the large attack surface of any SDV, it is essential to use safety- and security-certified tools and building blocks, like the Green Hills INTEGRITY RTOS, as well as applying a fundamental framework like the ISO/SAE 21434 for automotive cybersecurity.