This page contains a Flash digital edition of a book.

Delivering secure V2V communications

Will Keegan explains why secure hypervisors are key to delivering safe and intelligent vehicles


new acronym, V2V, burst into the embedded world when the US government threw its weight behind the idea of vehicle-to-vehicle communications. The goal of V2V is to create a wireless network in which cars send messages to each other with information about what they are doing to improve traffic flows, reduce fuel consumption, and most of all reduce accidents. Initially, V2V systems would simply warn drivers, but the possibility exists to identify and avoid hazards and respond to traffic signals. Whilst the potential benefits are unarguable, the potential risks are also great should a V2V system be hacked or fail in some way.

The momentum behind V2V Earlier this year the U.S. Department of Transportation's (DOT) National Highway Traffic Safety Administration (NHTSA) announced that it will begin taking steps to enable vehicle-to- vehicle (V2V) communication technology for light vehicles. Vehicles are already filled with a variety of sensors, processors, software, and displays that are increasingly being connected to the internet.

The addition of V2V communications, which could become mandatory, takes "intelligence" to a new level. With these new innovations, vehicles will be connected in several different ways both to the internet and each other. Each of these new connectivity ports also opens up a point of attack to internal computing platforms, platforms which might in the future directly control the car.

V2V security

Most attacks on information systems originate from external sources through system inputs. When vehicles are allowed access to the global internet, anyone can launch an attack against the internal electronic systems. The only way to prevent these complex systems from being compromised is by providing secure separation between information domains or applications. Using similar techniques found in critical avionics and military systems, intelligent vehicle platforms can partition the computing domain according to system criticality level and provide narrow communication paths between partitions on a need to know basis.

Pair these new communication capabilities with technologies such as GPS, cameras, proximity sensors, machine actuators, touch screen displays etc. and manufacturers will struggle to manage the cost and integration of the overwhelming choices of processors,

4 CIE electronica 2014

operating systems, applications, devices, and drivers. Utilizing a single monolithic operating system as a vehicle host platform faces the traditional OS problems with limited app and device driver support, and exposes major safety and security problems due to insufficient kernel and application separation control.

have been segregated to the configuration specification because the hardware has been programmed to match it. A well-designed Separation Kernel Hypervisor solves these complex issues using a simple least privilege design and can guarantee that configurations of segregated applications and

The role of hypervisors These challenges are similar to those faced by the military and aerospace industry, and hypervisors developed for these applications are well suited for the automotive industry. Appropriately re-configured for the vehicle environments, they will allow vehicle platforms to run best in breed application and device support, allowing a mixture of different OSes and applications to run concurrently on a consolidated platform. However, the selection of hypervisors is an arduous task when considering security, as not all hypervisors offer more protection and segregation from safety critical data and general applications than a monolithic operating system. With the increasing number of emerging vehicle-hosted applications such as collision avoidance and toll payments, this separation becomes vital. Traditional software mechanisms can only provide assurance down to the operating system level and are at the mercy of the operating system's kernel or the device drivers that control the hardware. With a kernel like LynxSecure, designers are guaranteed that hardware memory resources

hardware can be verified to match the original specification to assure expected behavior is executing on the vehicle.


V2V communication is a subset of the much- discussed Internet-of-Things, and a special case of M2M communications. With major safety benefits and the potential of the US and other governments mandating its introduction, it has the potential to become a massive market. But in order for the market to grow, it is essential that manufacturers get the technology right in addressing warranted security concerns. Therefore addressing safety and security from the ground up is paramount. Separation Kernel Hypervisors provide a robust foundation for protecting critical applications and allows for future expansion of vehicle capabilities without re-tooling of vehicle equipment.

Lynx Software Technologies |

Will Keegan is Technical Director, Software Security, Lynx Software Technologies

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70