Verification and Validation in the cybersecure automotive world

Rasadhi Attale and James Keen from UltraSoC share their thoughts on the recent AESIN virtual event

The AESIN conference held on the 15th July 2020 was a real eye opener into the cybersecure automotive world, and what each party needs to do to make it a reality. As mentioned in the CyRes report by AESIN as of April 2020, 40 million vehicles were registered in the UK of which 2.4 million were new cars. Worldwide, an estimated 92 million new cars will be on the roads within a year. The report further stated that by 2025 the industry aim is to have ‘every new car connected’ which highlights just how crucial cybersecurity is to the future of the automotive industry.

In 2017, on average, every 26 minutes a new threat to a connected car was reported to VulnDB. If this trend continues, then 250,000 new threats will be identified over the average (8 year) lifespan of a car. This fact emphasizes how critical it is to have the right verification and validation (V&V) model and how important on-chip detection is for the future.

249 (>50%) of the milestones in the UK 2030 CAM (Connected and Automated Mobility) Roadmap report are influenced by cyber-resilience.

Cybersecurity is a subset of cyber resilience. Resilience looks beyond defending against hacking attempts, and also factors in how the loss of power or communications could potentially impact safe and efficient services.

Traditional verification and validation methods fail to be effective in an environment where the parameters and variables at design time will be unbounded, leading to an infeasible task of performing analysis over the entire range. Traceability is essential in the automotive industry to demonstrate that defined functional and operational cybersecurity and safety requirements are met. It is also vital to identify and rectify any new emerging threats.

This highlights just how important it is to have early detection of security threats in real life and it also gives a heightened awareness of the need for cybersecurity integrated at the chip design stage.  Runtime V&V helps to move away from the “one size fits all” concept, to monitoring a specific instance of the system. At runtime, the parameters and variables are bound to the specific values the system used which helps to reduce the state space for V&V.

Moving to run-time based operation also allows for verification and validation of systems that incorporate significant engineered differences. In the classical approach, V&V would need to be performed on a per-unit basis which is a financially intractable task, especially since the economics of chip design favor high-volume manufacturing to secure a return on investment. By performing V&V at run-time each unit can be specifically tested to see how each one performs and interacts under the system-parameters.

One of the three principles of AESIN’s CyRes Methodology is to increase the engineering of ‘significant differences’ into automotive systems. This can help prevent fleet-wide catastrophe – by ensuring that not all vehicles can be affected in the same way via a single cyber-attack. This seems to be an important step towards achieving cyber resilience. This approach highlights the need for run-time V&V and a chip IP which can support its operation.

UltraSoC embedded analytics lives in the hardware, providing traceability and early detection. The on-chip monitors constantly gather fine-grained targeted data which helps with the V&V process by highlighting unusual behavior. The data gathered across the chip allows profiling under normal operation which is vital in identifying emerging cyber threats.

You May Also Like