Abstract The secure boot has successfully protected systems from executing untrusted software (SW), but low-power controllers lack sufficient time to check every memory cell while satisfying real-time functional safety requirements. Automotive controllers need to maintain security through multiple cycles of remote, unsupervised operation and safely reach a secure state when an anomaly is detected. To accelerate the boot time, we propose Sliced Secure Boot: build fingerprints by slicing orthogonally through memory blocks, protect each cell with a reusable fingerprint using a reproducible pattern with sufficient entropy, and randomly check one fingerprint pattern during boot. We do not claim that sampling offers equivalent protection to exhaustive checks but demonstrate that careful sampling can provide a sufficient level of detection while maintaining compatibility with both startup time and functional safety requirements.
This document includes technical considerations on the planning and execution of verification and validation (“V&V”) of the cybersecurity of items and components of road vehicles, in the context of ISO/SAE 21434:2021. This document offers considerations on: • strategic approaches for V&V activities; • lists of, or references to, methods that can be applied; • distribution of V&V activities (between customer and supplier); • timing and execution thereof.