Search Results

A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. ...This document specifies engineering requirements for cybersecurity risk management regarding concept, product development, production, operation, maintenance and decommissioning of electrical and electronic (E/E) systems in road vehicles, including their components and interfaces. ...This document does not prescribe specific technology or solutions related to cybersecurity.

Strategies designed to deal with these challenges differ in the way in which added duties are assigned and cybersecurity topics are integrated into the already existing process steps. Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. ...Cybersecurity requirements often clash with existing system requirements or established development methods, leading to low acceptance among developers, and introducing the need to have clear policies on how friction between cybersecurity and other fields is handled. A cybersecurity development approach is frequently perceived as introducing impediments, that bear the risk of cybersecurity measures receiving a lower priority to reduce inconvenience. ...For an established development process and a team accustomed to this process, adding cybersecurity features to the product initially means inconvenience and reduced productivity without perceivable benefits.

A significant milestone in advancing cybersecurity within the automotive industry is the release of the first international standard for automotive cybersecurity ISO/SAE 21434:2021 ‘Road Vehicles — Cybersecurity Engineering’. A recently published type approval regulation for automotive cybersecurity (UN R155) is also tailored for member countries of the UNECE WP.29 alliance. ...Thus, the challenges for embedded automotive systems engineers are increasing while frameworks, tools and shared concepts for cybersecurity engineering and training are scarce. Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. ...Hence, cybersecurity training in the automotive domain necessitates an understanding of domain-specific intricacies and the unique challenges at the intersection of cybersecurity and embedded systems engineering, elevating the need for improving the skill set and knowledge of automotive cybersecurity engineers. This paper delves into an automotive cybersecurity training concept aimed at enhancing the proficiency of development engineers.

Abstract Aircraft cybersecurity efforts have tended to focus at the strategic or tactical levels without a clear connection between the two. ...CSSEP’s process model postulates that security is best achieved by a balance of cybersecurity, cyber resiliency, defensibility, and recoverability and that control is best established by developing security constraints versus attempting to find every vulnerability. ...CSSEP identifies the major functions needed to do effective aircraft cybersecurity and provides a flexible framework as the “missing link” to connect the strategic and tactical levels of aircraft cybersecurity.

The VCE Laboratory testbeds are connected with an Amazon Web Services (AWS) cloud-based Cyber-security Labs as a Service (CLaaS) system, which allows students and researchers to access the testbeds from any place that has a secure internet connection. ...VCE students are assigned predefined virtual machines to perform designated cyber-security experiments. The CLaaS system has low administrative overhead associated with experiment setup and management. ...VCE Laboratory CLaaS experiments have been developed for demonstrating man-in-the-middle cyber-security attacks from actual compromised hardware or software connected with the TestCube.

A framework is defined that includes requirements for cybersecurity processes and a common language for communicating and managing cybersecurity risk. ...This document specifies requirements for cybersecurity risk management regarding engineering for concept, development, production, operation, maintenance, and decommissioning for road vehicle electrical and electronic (E/E) systems, including their components and interfaces. ...This document does not prescribe specific technology or solutions related to cybersecurity.

Therefore, engineers should ensure that systems are designed free of unreasonable risks to motor vehicle safety, including those that may result due to existence of potential cybersecurity vulnerabilities. The automotive industry is making vehicle cybersecurity an organizational priority.

IOOs and ADS developers agree that cost, communications, interoperability, cybersecurity, operation, maintenance, and other issues undercut efforts to deploy a comprehensive connected infrastructure.

This document addresses the development of security material for application specifications in SAE V2X Technical Committees. The assumption in this document is that two groups with distinct missions contribute to the development of each standard: the “Application Specification Team is in charge of specifying the application functionality and the “Security Specification Team” is in charge of specifying the security. The two teams may, of course, have a significant overlap of members.

SAE is developing a number of standards, including the SAE J2945/x and SAE J3161/x series, that specify a set of applications using message sets from the SAE J2735 data dictionary. (“Application” is used here to mean “a collection of activities including interactions between different entities in the service of a collection of related goals and associated with a given IEEE Provider Service Identifier (PSID)”). Authenticity and integrity of the communications for these applications are ensured using digital signatures and IEEE 1609.2 digital certificates, which also indicate the permissions of the senders using Provider Service Identifiers (PSIDs) and Service Specific Permissions (SSPs). The PSID is a globally unique identifier associated with an application specification that unambiguously describes how to build interoperable instances of that application.

Recent developments in the commercialization of mobility services have brought unprecedented connectivity to the automotive sector. While the adoption of connected features provides significant benefits to vehicle owners, adversaries may leverage zero-day attacks to target the expanded attack surface and make unauthorized access to sensitive data. Protecting new generations of automotive controllers against malicious intrusions requires solutions that do not depend on conventional countermeasures, which often fall short when pitted against sophisticated exploitation attempts. In this paper, we describe some of the latent risks in current automotive systems along with a well-engineered multi-layer defense strategy. Further, we introduce a novel and comprehensive attack and performance test framework which considers state-of-the-art memory corruption attacks, countermeasures and evaluation methods.

Abstract Threat identification and security analysis have become mandatory steps in the engineering design process of high-assurance systems, where successful cyberattacks can lead to hazardous property damage or loss of lives. This article describes a novel approach to perform security analysis on embedded systems modeled at the architectural level. The tool, called Security Threat Evaluation and Mitigation (STEM), associates threats from the Common Attack Pattern Enumeration and Classification (CAPEC) library with components and connections and suggests potential defense patterns from the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 security standard. This article also provides an illustrative example based on a drone package delivery system modeled in AADL.

Autonomous vehicles might one day be able to implement privacy preserving driving patterns which humans may find too difficult to implement. In order to measure the difference between location privacy achieved by humans versus location privacy achieved by autonomous vehicles, this paper measures privacy as trajectory anonymity, as opposed to single location privacy or continuous privacy. This paper evaluates how trajectory privacy for randomized driving patterns could be twice as effective for autonomous vehicles using diverted paths compared to Google Map API generated shortest paths. The result shows vehicles mobility patterns could impact trajectory and location privacy. Moreover, the results show that the proposed metric outperforms both K-anonymity and KDT-anonymity.

Abstract The rapid development of connected and automated vehicle technologies together with cloud-based mobility services is transforming the transportation industry. As a result, huge amounts of consumer data are being collected and utilized to provide personalized mobility services. Using big data poses serious challenges to data privacy. To that end, the risks of privacy leakage are amplified by data aggregations from multiple sources and exchanging data with third-party service providers, in face of the recent advances in data analytics. This article provides a review of the connected vehicle landscape from case studies, system characteristics, and dataflows. It also identifies potential challenges and countermeasures.

Automotive system functionalities spread over a wide range of sub-domains ranging from non-driving related components to complex autonomous driving related components. The requirements to design and develop these components span across software, hardware, firmware, etc. elements. The successful development of these components to achieve the needs from the stockholders requires accurate understanding and traceability of the requirements of these component systems. The high-level customer requirements transformation into low level granularity requires an efficient requirement engineer. The manual understanding of the customer requirements from the requirement documents are influenced by the context and the knowledge gap of the requirement engineer in understanding and transforming the requirements.

Digitally enabled mobility vehicles and services, including dockless bikesharing and electric scooter sharing, are generating and collecting a growing amount of mobility data. Mobility data holds great potential to support transportation officials and their efforts to manage the public right-of-way, but the unlimited distribution of mobility data carries untested risks to privacy and public trust. The Mobility Data Collaborative™ has identified the need to improve and coordinate understanding among all parties around foundational policy and legal issues to support mobility data sharing, including privacy and contracting. The guidelines are geared towards supporting a scalable mobility data sharing framework that aligns the interests of the public and private sectors while addressing privacy, transparency, data ownership, and consumer trust.

Editorial V2Reality Blockchain Unchained! The weird world of cryptocurrency exists because of the intense mathematics of blockchain technology. The mobility sector is looking beyond Bitcoin to put blockchain to work in potentially game-changing ways. Are Blockchain and 'Smart Contracts' the Secure Future? Legal risk and reward of blockchain and smart contracts as a prescription for automotive applications Software Building Blocks for AV Systems Elektrobit's unique software framework is designed to smooth development of automated driving functions. Cyber Security Goes Upstream The first cloud-based solution for connected vehicles was born in Israel and is now pilot testing at global OEMs. Electronic Architectures Get Smart Upgradable, scalable and powerful new architectures will help enable data-hungry connected, autonomous vehicles. Aptiv's VP of Mobility Architecture explains.

Rethinking the HUD Advanced tech solutions move toward augmented reality to bring greater capability to head-up displays. Motor matters New designs and materials are key to the next generation of electric machines for EV propulsion. Harnessing the power of Sim Serious cost savings could come from eliminating vehicle- and systems-level tests. Powerful simulation tools may be the only way to tackle the increasing complexity in mobility development. An OBE for the SAE Meet Paul Mascarenas-SAE International's 2019 president. He's a staunch advocate for professional development for engineers amid the mobility industry's transformation. Solving the propulsion puzzle Must-attend expert panels at SAE's WCX '19 will cover the propulsion-tech future like no other. Editorial Kill the EV tax credit by 2025 SAE Standards News SAE and Synopsys collaborate on cyber study Supplier Eye New Co. vs. Old Co.

Editorial The consolidation plot thickens The Navigator As the world turns to C-V2X, Europe picks WiFi Complexity of Autonomous-Systems Simulation, Validation Soars to the Clouds Scalable, cloud-based architectures are gaining greater acceptance for simulating and testing the myriad development aspects of automated driving. Connectivity Solutions for AVs The promises of fully connected autonomous vehicles are great, but so are the challenges. What M&E Can Teach the AV Industry About Data Media & entertainment offers important learnings on data retention, management, scalability and security. The Rodney Dangerfield of Automated-Driving Sensors Radar and lidar get all the attention, but Inertial Measurement Units are the backbone of sensor fusion. Suppliers are scrambling to make IMUs more accurate-and much less expensive. The Sense-itive Side of Autonomous Vehicles BASF is exploring how specific materials-and even paint colors and finishes-can improve the capabilities of AV sensors.

Editorial Fool Self-Driving II The Navigator What will result from NHTSA's Tesla Autopilot investigation? Data Drives Driverless Truck Launch Smart diagnostics and advanced validation help support the reliability metrics required to gain confidence that autonomous trucks are ready for the road. Peering into the Distance New sensors of all types look out longer distances - and provide higher resolutions - for engineers pushing ADAS capabilities and higher-level vehicle automation. Ford Drives into SAE Level 2 Driver monitoring was an essential component to engineering the new "hands-free" BlueCruise/Active Glide enhanced ADAS system. A Chore No More? The Detroit Smart Parking Lab opens to develop and test emerging parking technology in real-world settings. Share and Share Alike The concepts of rideshare and urban mobility continue to evolve as new projects test what's possible.