Protection of Intellectual Property Rights in Automotive Control Units 2014-01-0338
Intellectual property rights and their protection is a cornerstone of the automotive value chain. The automotive industry is composed by a meshwork of tightly integrated organizations that cooperate and compete in a hierarchical marketplace. Trading know-how and other virtual assets between participants is an essential part of this business. Thereby, software as a medium to transport ideas, innovations, and technologies plays a particular role. Protection of virtual goods and their associated rights is a current issue whose solution will determine how business will be done in the future automotive market. Automotive experts and researchers agree that ICT security technologies are a vital part to implement such a market. In this paper we examine the software life cycle of an automotive Electronic Control Unit (ECU) and discuss potential threats and countermeasures for each stage. In particular, we will look at the following threats: (1) development (leakage of know-how through insiders or industrial espionage), (2) production (leakage through split inventor/producer companies, (3) deployment and service (manipulation of ECUs), and (4) aftersales (combating counterfeit ECUs and spare parts). Next, we link our findings to the AUTOSAR methodology and life cycle model. Thus, we assess the state-of-the-art in automotive software development against the anticipated threats and countermeasures. As a result, we are able to propose improvements for the secure development and maintenance of software for automotive ECUs. Moreover, we are able to forecast the prospects of security technologies to protect automotive software.