How Virtualization Helps Secure Connected Cars
Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more).
However, car companies haven’t really explored the opportunities to monetize customer data adequately. We can probably attribute this to cybersecurity threats and a mad rush to market. But as the industry evolves and accelerates adoption, we must address these concerns now.
According to Allied Market Research, experts forecast the worldwide connected car market to be worth $225.16 billion by 2027. As we strive to achieve continuous connectivity, what’s the best approach to secure it? How do we keep drivers and their data safe from threat actors?
Before we dive into the solution, let’s look at some of the connected car challenges.
What Are the Threats to Connected Car Security?
Connected cars are desirable targets for hackers as they have multiple entry points. These intelligent vehicles also present numerous opportunities to profit from an attack.
The most significant threats to connected car security and privacy are as follows:
- Hackers taking control of the vehicle and threatening the safety of the driver and passengers
- Theft of the automobile itself
- Theft of connected vehicle and driver data through a data breach
The industry built connected cars thinking that they would be more secure against theft because they were connected. However, it didn’t take long for them to realize that anyone can hack a car with cheap devices (like repurposed Nintendo Game Boys) to bypass security systems and break into the vehicle.
If that wasn’t bad enough, with never-ending data breaches becoming the new normal, the risk of a nasty security incident is higher than ever. As connected automobiles generate oceans of data, we still must do a lot more to secure that data properly in encrypted repositories.
As an example, you can access someone’s personal data if they left it on a used car’s infotainment system, and that’s just the tip of the hypothetical iceberg. The best approach here is to secure digital cockpits by leveraging virtualization.
What is Virtualization?
Virtualization describes the process of building software-based representations of applications, servers, storage solutions, networks and more. This is a cost-effective approach to improving agility, overall efficiency and (now) connected car cybersecurity.
This form of hardware virtualization for connected automobiles hosts one or more virtual machines that operate independently with their own operating system (OS). In this scenario, you can support multiple OSes and their related workloads from a single graphical user interface. This approach helps optimize resources without jeopardizing the entire system.
As more smart cars hit the marketplace with 5G connectivity, hackers don’t even have to come close to your vehicle to breach it and steal personally identifiable information (PII). Newer models offer a much larger variety of driver-assist functions, including automated parking, that increase your risk exposure (and add to production costs). But with hardware virtualization, you can fortify your security posture while cutting costs.
How Does Virtualization Improve Connected Car Security?
In a digital cockpit, we must contend with consolidated OSes with a variety of different constraints. For example, infotainment systems execute many applications like the air conditioner, browser, radio, video and smartphone applications.
In this case, the digital cluster must display and react in a limited amount of time. To ensure safety, the digital cockpit must be open, secure and predictable. For example, it must display essential information almost immediately while other processes run in the background on the same system.
To boost connected car security, we can use a hypervisor to consolidate systems that demand the setup of communication links between virtual machines (VMs) that live on the hardware peripherals. This approach helps ensure agility and secure, controlled communications.
What’s a Hypervisor?
A hypervisor is like a software, hardware or firmware-based emulator that creates and runs VMs. If your car computer on a hypervisor runs VMs, you call it a host machine, and the VMs are called guest machines.
According to Andrei Filimon, technical director of automotive at Rinf Tech, “modern automobiles come packed with hardware dedicated to safety. Automotive-grade hypervisors, in this case, help ensure the integrity of low-critical systems connected to external networks.”
Traditionally, hypervisors allocate resources dynamically to ensure smooth operations. However, if an allocation fails, it could compromise the whole system. As such, it’s vital to enable predictable security and ensure that VMs don’t fail to allocate resources at boot time and beyond.
“We can partition resources in predefined device trees which we can verify at the peripherals. In this case, you can’t assign memory to multiple guest machines without verification. You can set it up to ensure it during configuration. You can also run a configurations checker to guarantee consistency with the resource partitioning requirements,” Filimon added.
As systems automatically enforce resource partitioning by default, not all guest machines can access the memory of peripherals assigned to a similar VM. You can achieve this type of VM isolation using a system memory management unit (MMU) and a second-stage system MMU. In this scenario, the second-stage MMU blocks access to the memory of other VMs. The hypervisor also intercepts communications between the guest OSes and the trusted zone.
You can also allocate CPUs and VMs and configure them to be fixed or to float. Real-time behavior and real-time guest OSes are bounded and preserved with low overheads on execution. It will also prioritize real-time guest OSes over non-real-time guest OSes.
By enabling secure inter-VM communication, threat actors can’t easily compromise the communication mechanism. You can also leverage the many features of the hypervisor to identify and eliminate malicious activities. This includes interruptions to the throttling mechanism.
When all this comes together, we can fortify connected cars and defend against potential cyberattacks. All this really comes down to securing the digital cockpit. By leveraging VMs and controlling communications, the industry can go a long way to secure its future by ensuring driver and passenger privacy, security and safety on our roads.
