road vehicle management...security into software they are coding. 3. to manage open source and...
TRANSCRIPT
© 2019 Synopsys, Inc. 1
Road Vehicle ManagementSIP ADUS 2019
Chris Clark
Embedded Systems Ecosystems
Synopsys Software Integrity Group
© 2019 Synopsys, Inc. 2
A modern vehicle
COMFORT
POWERTRAININFOTAINMENT
ADAS
CONNECTIVITY
GATEWAY
P O W E R T R A I N ( E C U )
A D A S
B C M ( B o d y C o n t r o l M o d u l e )
I N F O TA I N M E N T
G AT E W AY & C O N N E C T I V I T Y
© 2019 Synopsys, Inc. 3
The future of vehicle computing
C e n t r a l i z e d C o m p u t i n g
V i r t u a l i z a t i o n
C o n t a i n e r i z a t i o n
P e r v a s i v e C o n n e c t i v i t y
D i s t r i b u t e d C o m p u t i n g
P O W E R T R A I N ( E C U )
A D A S
B C M ( B o d y C o n t r o l M o d u l e )
I N F O TA I N M E N T
G AT E W AY & C O N N E C T I V I T Y
COMFORT
POWERTRAININFOTAINMENT
ADAS
CONNECTIVITY
GATEWAY
© 2019 Synopsys, Inc. 4
COMFORT
POWERTRAININFOTAINMENT
ADAS
CONNECTIVITY
GATEWAY
What is the long term impact?
https://www.visualcapitalist.com/
How does this impact early
vehicle development activities?
• Manufacturing
• Vehicle release
• Recalls
• Technical Debt
• COTS
• Reuse
• Safety
• Privacy
How will these systems be
maintained?
© 2019 Synopsys, Inc. 5
Defense in DepthOr something else…
Defense in Depth Zero Trust Zones
Policies, Procedures, & Awareness
Physical
Perimeter
Network
Host
App
Data
ORNever Trust
Always VerifyLeast Privilege Full Visibility
Central
Management
© 2019 Synopsys, Inc. 6
Information Sharing
Information
Sharing
Continuous
Cybersecurity
Activities
Monitoring
Event Assessment
Triage
Is:
• The Consumer
• Responsible
For all data
Vulnerability
Analysis
Vulnerability
ManagementIncident
Response
© 2019 Synopsys, Inc. 7
Conclusion
First off, don’t be this guy! 1. Commit to making security a priority. Shift your focus from a reactive
“we’ll deal with it when the time comes” or “that is another team”
mentality to one of proactivity so as to avoid the time from ever
arriving.
2. Enable developers with the tools and training they need to build
security into software they are coding.
3. To manage open source and software supply chain risk, you must
include open source security considerations within your overall
software security initiative.
4. Address the root cause. By building expertise and providing
necessary information to prevent bugs from entering the code base in
the first place.
5. Base the plan on a maturity model.
6. Be open to new ideas and ways of doing things.
7. Communicate!
Thank You