Advancing Protection for the Next-Generation of Vehicles
Modern vehicles offer a network of connected, asset-rich ECUs, which are exposed to a large and complex attack surface—one that has only gotten larger as the software-defined vehicle comes to fruition. Our focus remains on enabling highly robust system architectures and working with our ecosystem to ensure the delivery of standards and open-source software, as well as adherence to product security standards. Combined, these enable the automotive industry to establish trust, while ensuring the integrity and confidentiality of assets—all essential factors in enabling the success of software defined vehicles.
.png?rev=60eec3806ebf4ee8803629dd8a9a33ef&revision=60eec380-6ebf-4ee8-8036-29dd8a9a33ef&h=204&w=204&la=zh-TW&hash=6C08CEAB912966412B8131E9C23AAEDF)
“As the promise of software defined vehicles become a reality, it continues to be an imperative that security-by-design is a top priority. Arm has been building security features into our products for three decades, and we continue to invest into architectural features and research projects to ensure our products and IP are robust against the rising threats. We’re proud to be at the center of an incredible ecosystem, which are collaborating towards a more secure future, through collaborative projects such as SOAFEE and AVCC."
Our Commitment to Automotive Security
Arm is at the forefront of continued security research and industry collaboration to democratize the development of security for vehicles. We believe that securing the world’s data will continue to be one of the greatest technology challenges over the next decade of compute. It’s a challenge that can only be tackled and scaled with collaboration across the ecosystem.
Arm Architectural Security Features
With more than three decades of building foundational security features in the Arm architectures, we’ve based our world-class architecture security development on four main categories:
- Defensive execution technologies
- Isolation technologies
- Platform security services
- Standard security APIs
Together, these four categories offer integrated security across all Arm Automotive Enhanced (AE) IP products. The most recent AE solutions bring the latest architecture features, including Pointer Authentication and Branch Target Identification (PACBTI), Arm Memory Tagging Extension (MTE), S-EL2 and Arm Realm Management Extensions (RME) to automotive in response to the ever-growing automotive attack surface. Learn more about the Arm architectural investments for automotive in our latest blog.
Collaboration on Standards and RoT
Establishing root of trust (RoT) as a baseline for security in vehicles is critical, and we must establish a common set of RoT security requirements which match automotive requirements. An agreed common set of principles is an important tool for reducing fragmentation and ensuring that we achieve appropriate security robustness. Arm has always believed that open collaboration across the ecosystem is key to achieving this.
Arm is a cofounder of the PSA Certified scheme, which helps improve the security credentials of connected devices. As the promise of SDV becomes a reality, PSA Certified can help the automotive market in a number of ways:
- Understanding the complex set of security requirements/regulation from governments and private schemes.
- Reduced security costs while implementing a Vehicle Root of Trust.
- Improved visibility and communication about robustness within the value chain.
Security Considerations for Automotive ECUs
IVI
The evolution of the IVI and digital cockpit combines multiple displays and blurs the lines between safety and non-safety displays. The consolidated cockpit is becoming a multichip experience, and security is only as strong as the weakest link.
As the digital cockpit has the largest attack surface across multiple vectors (cloud connectivity, connectivity to personal devices, USB plugin, and the ability to download apps), we have to protect against the theft of both personal data and feature enablement.
ADAS and AD
The reliance on ADAS introduces more security requirements, as the value of assets and data that need protecting is only rising.
The complexity lies in the physical access always available to hackers, and vulnerable assets (including sensor input data and actuator control data, map data, and attestation keys) paired with a huge attack surface and huge amounts of software.
There is a need to protect the safety of the car, alongside valuable ML models.
MCU Zonal and Telematics
The area of MCU zonal and telematics has not historically been a primary security consideration, however, ever-increasing connectivity means that all these chips are now accessible.
These chips are also being integrated into larger systems, which means their threat model is changing. Therefore, best-practice security must be made a reality, and protecting against scalable software attacks as a minimum-viable product is essential.
Advancing Protection for the Next-Generation of Vehicles
Product security is an essential quality metric for the solutions we deliver to partners and the wider ecosystem. At Arm, we want to be sure we're continually delivering IP solutions that meet industry needs, standards, and regulations, including ISO/SAE 21434. To do this, we are building on a systematic approach to product security across four key areas:
- A tailored security development lifecycle.
- A dedicated Product Security Incident Response Team (PSIRT).
- Independent product security engagement.
- Proactive community collaboration to ensure we meet development best practices.
Arm’s Journey to ISO/SAE 21434
Vehicles are becoming so much more complex, that a new set of attack surfaces is creating new opportunities for attackers. Learn how Arm is on a continuous path of innovation to deliver the best ISO/SAE 21434 support in the industry for existing and future products.
- Automotive security regulation and standardization.
- Product security at Arm.
- ISO/SAE 21434 support for Arm products.
Arm Automotive Solutions Built for Security
Our commitment to built-in security means we actively evaluate the latest product security trends and requirements and, when applicable, apply them into our development and post-development practices. Our goal is to provide top-class processor IP, tools, and software solutions for automated driving, SDVs, and unique in-vehicle experiences with security built in.