Vehicles are becoming cluttered with technologies inside and outside of the car. Introduction of more ECUs inside the vehicle or external services in the well known security domain of public networks or clouds increases the threat model (and attackers possibilities). Automotive Industry security is on the verge right now with newspaper headlines covering vulnerabilities and attacks, while fundamental architecture flaws torturing automotive vendors.

In the world of technology there are more than 60 available assistance systems for passenger vehicles, which help to prevent traffic accidents from happening. To enable this large range of assistance functionality, modern cars contain up to 80 electronic control units (ECUs) and a variety of network platforms.

It is necessary to improve the control units already installed in cars, and also constantly monitor software operations, to find and fix any possible problems that may otherwise put drivers seriously at risk. Improvements must be made constantly, and as soon as possible, in order to avoid safety issues. To achieve these targets, more flexible update mechanisms are needed, along with configurable data collection for many systems. This means accessing vehicles for diagnostic and update purposes will not only need to take place in garages through wired connections, but anywhere via OTA links.

Complexity and security
Complexity and security are conflicting features. The more complex system and code you have, the more chances to miss bugs even after very thorough testing procedures.

That is what KasperskyOS was designed for – make complex solutions secure. Two main principles are necessary to form a trusted platform – even when the components themselves are not trusted.

1. Strong separation – preventing unwanted interference with components
2. Security Policy Enforcement – allowing valid communications between different components

Secure platform for connected cars
The unique nature of our solutions lies in the fact that we protect platforms through a secure operating system, and a development approach based on secure methodology and unique patented technologies. This makes the entire solution trusted and reliable. We follow a holistic approach to ensure the security of vehicles:
> Threat-modelling and risk-analysis;
> Methodological approach that allows us to create secure-by-design solutions;
> Microkernel secure operating system – KasperskyOS;
> Natively implemented Separation Kernel Architecture;
> Patented security policy enforcement engine;
> Trusted channel framework with state of the art encryption functionality;
> Implementation of intrusion detection and prevention systems (IDPS);
> Security evidence by software assurance according to enhanced automotive V-cycle.
Only a minimum number of components are considered trust-worthy
> Microkernel operating system (KasperskyOS) which contains only basic functions that are easy to test and verify;
> Security policy engine (Kaspersky Security System) based on formal models like Domain Type Enforcement, Object Capability, Role Based Access, various dialects of Temporal Logics and others;
> Trusted channel framework that includes a set of crypto algorithms as well as low level protection services, based upon hardware capabilities.
These mechanisms, along with AUTOSAR, and AUTOSAR adaptive platform aligned features, implement secure onboard communications and protect various E/E architectures including car network topologies with domain controllers or a central gateway.
This enables the implementation of cutting-edge features and services for equipped vehicles:
> Over-the-air security updates
> Secure IVN communications
> Remote diagnostics
> Proactive service and maintenance
> Fleet management
> Autonomous driving
> Remote driver assistance
> Driver health, wellness and wellbeing digitization