Advanced security and privacy in connected vehicles

Designing secure vehicles is becoming increasingly important as a result of recent advances in potential cyber-attacks against vehicles. This security needs to be considered over the course of the product lifecycle and includes a consideration of requirements definitions, design, development, testing, and maintenance. Even though many technologies and guidelines have been proposed to address end-to-end security design problems for the IT (information technology) industry, there are often significant differences between securing IT equipment (such as servers and PCs) and securing vehicles. Thus, purely IT-based approaches often have limited applicability in the domain of vehicle security because human safety is a primary design consideration in the development of vehicles, while relatively less attention has been paid to IT security. In addition, the lifecycle of a vehicle is often much longer than the lifecycle of many PCs and related IT equipment. Security design tends to be performed in "silos" and is not well coordinated among all of the stakeholders who are involved in the development of a vehicle. We have devised a specialized approach for designing secure in-vehicle infotainment systems, including the electronic control system and software. Our approach is based on secure engineering, an established methodology used in the IT industry to cover the entire software lifecycle.