- RISE OF THE DOMAIN CONTROLLER
Software has become one of the key drivers for developing new and advanced automotive features and functions. This movement from electro-mechanics to software is leading to something we call the software-defined-car. Software-defined-cars have the potential to simplify vehicle architectures and reduce hardware costs. In a software-defined-car the functionality of groups of related ECUs move into a single, more complex dedicated carputer, sometimes called a domain controller. The first domain Link Motion has worked on is the eCockpit. The Motion T carputer combines the main ECUs of a car cockpit and a connected vehicle gateway with cutting edge telematics, and services, ready to connect with the most advanced connected vehicle platforms.
HARDWARE AND SOFTWARE
Most automotive companies working on computing either do software, or hardware, but not both. When you combine custom software and custom hardware, the complexities and difficulties multiply. Automotive hardware has an especially high barrier to entry caused by the safety and environmental requirements and the long lead times and life times of projects. This is why, in the automotive world, the companies that do both software and hardware are usually tier 1s. They are hardware companies that do some software.
We are different.
We are a software company that has learned to make automotive hardware. We follow a process which we call software-driven hardware design. The goal of this process is to design the hardware and software architectures together, so they work as one.
At the heart of our platform is a single, powerful, custom-designed. multi-functional, automotive grade computer, built around a single SoC and MCU running a number of operating systems each optimized for their specific role.
IS THE NEW SAFETY
Why should we care about security? What could happen if a connected vehicle is not secure? The groups that are interested in attacking connected vehicles includes criminals, terrorists and state actors. Whatever the motivation, the results of poor cyber security and successful cyber-attacks are either stolen assets, i.e. data and credentials, or controlling the car to cause disruption, chaos, or damage. These vulnerabilities are not a Hollywood fantasy. Security researchers have published examples of vulnerabilities in production vehicles and demonstrated the access they can achieve. Through leaked papers we now know that the CIA has been collecting information on connected vehicle software vulnerabilities; we can assume that many more groups around the world are doing the same. As vehicles and the world we live in become more connected, the potential vulnerabilities increase and the potential consequences get worse.
IS NOT A FEATURE
In consumer electronics security is treated as an optional feature that is added on top of a system: you set up a firewall and some monitoring software and you call it security. With something as complex as a carputer, and with security now being equivalent to safety, we have to acknowledge the realities of cyber security. Security is not a feature. Security is a process and a mindset that is applied to a system. It starts with the architectural design and carries on through to the execution of the carputer design and through to the maintenance of the carputer and all the systems that are connected to and trussed by the carputer.
The Link Motion carputer is the most secure connected vehicle computer platform in the world, containing multiple integrated security solutions to protect the assets and mitigate the threats. Security has been designed into the carputer from the beginning, creating a comprehensive, multi-layered security architecture of software, including applications and connectivity features, and software-optimized hardware.
To protect critical system functions from vulnerabilities, the Link Motion Motion T connected vehicle carputer has an in-depth defense using a four-layer security architecture; hardware separation, operating system virtualization, application level security, and over-the-air software and firmware updates.
Hardware is partitioned into two main sub-systems isolating access to the vehicle network connections (e.g. CAN) from the rest of the functions. This puts the critical functions at the centre of the digital fortress, in the most protected and hardest to reach layer.
You could run all the software functions in a single operating system. It would certainly be easier to do it that way. It would also be far less secure. We separate key functional domains into separate operating systems. The main ones are Auto OS for vehicle related functions such as the instrument cluster, IVI OS for infotainment and navigation, and Connectivity OS for all the telematics and connected services. By separating them we can configure each OS to only have access to the resources it needs and to only expose the interfaces that are required. This reduces the potential attack surface for each sub-system and increases the security isolation. Again, this is another ring in our digital fortress.
At the application level we have tools to sandbox applications further isolating them from one another and the rest of the system. For critical functions we have watchdogs that monitor the performance and behavior of applications and when they detect a program that is not working correctly they can re-set it to a known working state.
We also partner with Irdeto to offer their Cloakware for Connected Transport solutions, to add further levels of security, both in the Motion T carputer, and in connected vehicle cloud services.
Unlike a castle or a fortress, a piece of software is not static. What was secure yesterday may not be secure tomorrow. To keep our defenses up-to-date we can update the Motion T carputer with over the air software updates, moreover we offer firmware over the air update capabilities so that OEMs can update the firmware for all the ECUs in a vehicle.
These are just some of the ways that we make our products and solutions are secure, to find out more see our past blog posts and white papers