Firmware Security Module

Philipp Jungklass･Claude-Pascal Stoeber-Schmidt･Marco Siebert (IAV)･Jonas Rummel･Taigan Lee (IAV Japan Co., Ltd.)

Modern vehicles based on the conceptual design of the Software Defined Vehicle (SDV) focus on the implementation of new functionalities in software. To secure such vehicles, it is essential to provide a trustworthy and secure enclave that can be used to execute security-relevant functionalities. These secure runtime environments, known as Trusted Execution Environment (TEE), provide the necessary protection mechanisms to achieve the objectives of information security. However, existing TEEs in automotive control units are dependent on dedicated hardware support, which significantly limits their flexibility. For this reason, an alternative, software-based concept for a TEE is presented in this article, which reduces hardware dependencies to a minimum, significantly increasing flexibility compared to previous solutions. To demonstrate the approach, presented here, the secure runtime environment is implemented as an example on an automotive Electronic Control Unit (ECU) platform.

Secure agile software development in the automotive industry

Philipp Jungklass･Carsten Elvers (IAV)･Jonas Rummel (IAV Japan Co., Ltd.)･Claude-Pascal Stoeber-Schmidt (IAV)･Taigan Lee (IAV Japan Co., Ltd.)

Agile methods have established themselves in the development of software for good reasons: they help to incorporate rapidly changing requirements into projects in the best possible way. Regular reviews of iterations through tests also ensure higher quality and more transparency. However, this type of software development contradicts some of the classic requirements of the automotive industry. After all, the development of software for vehicles is subject to process models such as the standardized Automotive SPICE or the V-model, which separates the development process into clearly defined sub-steps. In addition, many other requirements must be observed in the automotive environment, such as the security regulations of the UNECE for cyber security management systems or the specifications for functional safety defined in the ISO26262. For this reason, this article uses an automotive series project to explain the general procedure for meeting these strict requirements using agile methods.

Penetration testing of automotive systems

Claude-Pascal Stoeber-Schmidt (IAV)･Taigan Lee (IAV Japan Co., Ltd.)･Marco Siebert･Philipp Jungklass (IAV)･Jonas Rummel (IAV Japan Co., Ltd.)

To ensure cybersecurity, experts need mechanisms to identify and eliminate vulnerabilities before attackers can exploit them. Penetration tests are crucial in this process, enabling specialists to recognize and close potential security gaps early. By developing specific attacker models and using advanced techniques like scanning, attack simulations, and vulnerability analysis, penetration testers can uncover hidden security risks. This systematic approach not only identifies vulnerabilities but also helps understand how they could be exploited, such as stealing protected data or compromising systems. For this reason, this article uses a series project from the automotive sector to describe the general procedure and the correct use of the various test methodologies.