Cybersecurity: The Enabler of Software-defined Vehicles

The automotive industry is going through its biggest transformation since the commercial production of cars began. In the coming decades, people’s relationships with their vehicles will fundamentally change in ways we have yet to fully understand. New features, business models, and ownership experiences will evolve, assisted by the emergence of software-defined vehicles (SDVs).

The most prominent end customer benefit of SDVs is the ability to continuously upgrade a car with new features throughout its lifetime. As more of a vehicle’s functions come under the control of software, the vehicle’s electrical architecture will change and provide opportunities to convey benefits in safety, convenience, and comfort – all key areas where vehicle manufacturers compete and seek commercial differentiation. This has the potential to bring substantial cost, timescale, and revenue benefits for vehicle manufacturers, as well as opportunities for software developers looking to target SDVs with their applications. For example, subscription models for features like adaptive headlights, innovations that extend the battery range of the vehicle, or supporting multiple driver profiles for in-vehicle personalization. 

However, the moment anyone says “we need more software”, security engineers hear this as “more assets to protect” and “larger attack surfaces”, which means “we need more security.” This is why alongside these new opportunities for the automotive industry, there are complex security threats that need to be managed and considered now. With the imminent rollout of SDVs worldwide, the nature of software will only get more complicated with profound implications for automotive security.

Larger code base, growing attack surface

SDVs do not simply have more software. This software has more assets to protect, more interfaces between the vehicle and the cloud, and is designed to operate within more complex architectures delivered by a more diverse ecosystem of developers. All these facets mean a larger attack surface requiring more robust cybersecurity.

Embedded systems with high-value assets are often targeted with physical tampering and side-channel attacks, with automotive components increasingly hardened against these types of threats. However, the most prevalent attack vector is the software. SDVs have extended the attack surface into the cloud. This means that the type of attacks we see in smartphones, the internet of things (IoT), and cloud server domains will need mitigation and remediation in vehicles as well. The SDV ecosystem will need to deploy similar defences to those used across other technology markets. Moreover, the long operational life of vehicles compared to other devices means that today’s vehicles must be capable of defending against future threats now, adding another layer of security complexity.

Higher complexity brings trust issues

SDVs also require increasingly complex software architectures, which bring their own hazards. Deployment of processes at different levels of trust and the use of software components from multiple developers require robust isolation mechanisms to choreograph their interactions securely. Platforms need to establish and maintain trust boundaries to ensure software has no more privilege than is necessary for specific components to function.

Scalable threats

The threat of attackers taking remote control of vehicles and potentially harming people inside and outside is a real threat and needs to be mitigated. However, in practice, these are difficult to scale and seldom the most realistic way of achieving the primary illicit goal of most hackers. The most common threats for SDVs are likely to come from ransomware and other financially motivated crimes, such as vehicle theft or fraudulent feature enablement. We are already beginning to see these attacks being carried out in today’s vehicles.

Rights of privacy

There is likely to be a bigger focus on privacy across SDVs. This stems from both the desire to use more personalized assets in the vehicle and assisted driving making high use of video cameras that consume vast amounts of environmental images. Automotive software will need more resilient access control and lifecycle-aware policies to protect such data from attackers, while also complying with emerging laws on the use of personally identifiable data.

Regulation

The emergence of SDVs has brought the need for national authorities to be confident that the risks to transport systems and users are suitably managed by auditable processes. Governments worldwide are placing cybersecurity obligations on vehicle manufacturers, including the need for a certified cybersecurity management system (CSMS). This requires each manufacturer to “demonstrate a risk-based management framework for discovering, analyzing, and protecting against relevant threats, vulnerabilities, and cyber-attacks.”

Appropriate cybersecurity throughout the ecosystem is now mandated as a condition of approval for sale via a set of UN vehicle regulations adopted by the World Forum for Harmonization of Vehicle Regulations. These align with work done by ISO, which has established a standard for the cybersecurity engineering of road vehicles. However, the regulations primarily concern people and processes, and do not address technological implementations. This is why the ecosystem needs architectural frameworks and software standards that increase the efficiency of how the compliant cybersecurity can be achieved.

Architectural building blocks

From a hardware perspective, there are two types of building blocks that architectures provide. The first is support for a rich set of defensive execution technologies. These shield the flow of control as a program executes and protect against memory safety bugs. Arm widely deploys these technologies in processors for mobile and consumer computing devices, and they are now becoming essential in the automotive market. These include Arm’s Pointer Authentication (PAC), Branch Target Indicator (BTI), and Memory Tagging Extension (MTE) technologies.

The second type of building block manages software complexity by providing hardware-supported isolation mechanisms to provide the hardware enforcement of trust boundaries. One such mechanism is provided by Arm TrustZone, which helps to reduce the exposure to hypervisor and kernel vulnerabilities and secure data while in use. TrustZone is regularly enhanced and updated to meet evolving security requirements.

Standard Frameworks for complex automotive software

The importance of widespread adoption of platform standards in the pursuit of automotive cyber resilience is also crucial. One way to achieve this is through PSA Certified, a mature and popular framework, which provides an efficient certification process widely recognized as a metric of cybersecurity quality across the IoT market. PSA Certified is now starting to be used to increase visibility and communication around security robustness within the automotive supply chain. This is providing built-in foundational security through established best practices and a robust root-of-trust (RoT) that can be used across the entire ecosystem.

Arm is also heavily involved in the development of SOAFEE (Scalable Open Architecture for Embedded Edge), which is a cloud-native software architecture framework and open-source reference software stack. The key objective for SOAFEE is to bring industry collaboration, working together to deliver a standards-based software framework for the SDV. This will also address safety and real-time requirements and industry complexity. SOAFEE intends to build on several Arm platform standards, including SystemReady which enhances portability by standardizing common device interfaces and boot firmware.  

Future trends

In the future, software will determine the ownership experience and capability of a vehicle, but security will enable this value to be realized by the key stakeholders in the SDV evolution. The inability to protect SDVs and their assets could be deeply consequential for car users and other stakeholders in the automotive industry. Robust and efficient cybersecurity will become fundamental to all future vehicle development.

At Arm, we have taken the security building blocks of defensive execution and isolation within the Arm architecture and shown how to use them to support automotive platform standards. These efficiently comply with automotive cybersecurity regulations and promote efficient software reuse and interoperability that will benefit the broader ecosystem. Whatever use cases or new transport and business models emerge from the SDV rollout, deploying computing systems built on the established Arm architecture and adopting widely agreed automotive platform standards and guidance is a good place to start for the industry.