Application security

CMSEC_24: How do you make sure that only trusted software components are running on vehicle hardware?

[CMSEC_BP24.1] Consider digitally signing software and firmware with a certificate that can be verified by the vehicle hardware during runtime ensuring that only trusted code can run on the vehicle.

Code signing and secure boot are essential for ensuring the security and safety of vehicle software. They help you validate authenticity and integrity of the software running in vehicle making sure that it comes from a trusted source and its behavior has not been altered. A secure boot mechanism helps prevent unauthorized code from running on the vehicle hardware by verifying the integrity of the boot loader and operating system. You can leverage AWS Private Certificate Authority (AWS Private CA) that allows you to create private certificate authority (CA) hierarchies, including root, code signing certificates issuing CAs and code signing certificates. If you are leveraging AWS IoT you can also use AWS Signer to sign code that you create for IoT devices supported by Amazon FreeRTOS and AWS IoT device management. Code signing for AWS IoT is integrated with AWS Certificate Manager.

CMSEC_25: How do you check that you are writing, testing, validating, and deploying vehicle software securely?

[CMSEC_BP25.1] Implement a Secure Development Lifecycle (SDLC) for your vehicle software following open standards.

Start by identifying and creating a list of cybersecurity metrics and requirements that needs to be met to verify your software security regarding ISO 21434 standard from conception, product development to cybersecurity validation.

Create and document early in the design phase a threat model for your in-vehicle software or system such Head Units (HU) or Telematic Control Units (TCU). You can leverage established frameworks such STRIDE (Spoofing, Tampering, Repudiability, Information Disclosure, Denial of Service, and Elevation of Privilege) or the TARA framework in ISO 21434 for in-vehicle products and services, from identifying assets in the target system, vulnerabilities and attack scenarios and their impact, those most likely to be exploited and risk treatment decision. AWS provides an example threat modeling workshop and corresponding blog post to apply some principles when threat modeling a connected vehicle cloud application.

Implement secure coding, development process and architectural design following open standards guidelines such AUTOSAR and ASPICE (examples: input validation, buffer overflow protection, error handling to prevent attacks such as SQL injection and cross-site scripting and hardcoded credentials). Conduct code reviews and security audit of the code to identify security vulnerabilities that may be missed during development. Test and validate the software in simulated and real-world scenarios to check it is safe and reliable.

You can leverage the KPIT Cloud Native Engineering Workbench solution on AWS to help accelerate your software-defined vehicle (SDV) development and testing.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Incident response

Key AWS services