Once again, high assurance logical isolation can solve many of these problems. However, “high assurance” is an incredibly rare commodity in modern electronics. As of this writing, only the U.S. government has ever performed a high assurance software certification under the ISO 15408 Common Criteria security standard (for a single product, Green Hills Software’s INTEGRITY-178B), and the government program to foster these high assurance Common Criteria certifications was shuttered years ago due to cost and schedule overruns (read: government bureaucracy). For now, automotive manufacturers and Tier-1s must rely on independent assessments from security consultants and the high assurance pedigree and experience of its suppliers.
The industry must also take strides to protect the privacy of information generated within ADAS and other intelligent subsystems as it is distributed to the cloud for analysis, monetization, etc. While the ownership of such data may be murky, clearly it is valuable, and the aggregation of this information across many millions of cars presents a compelling target for sophisticated, well-funded attackers. Data owners must adopt a “zero trust” posture wherein the owner demands ownership and control of the private keys used to protect such information. By addressing data protection orthogonally to the choice of system software protocols and products, the privacy challenge can be met in a scalable way. 2014 may be known as the year of SSL embarrassments after the incredible variety of failures: POODLE,