Automotive Linux, Cybersecurity and Transparency

An oft-repeated saying is that no non-trivial program is free of bugs.  An obvious corollary is that no non-trivial program is free of security holes.   Following the recent Miller-Valasek takedown of Chrysler vehicles, the media has often portrayed automotive systems as naive targets waiting for hackers to attack.  There's a lot of room between perfect security and wide-open, though.

The automotive security problem is somewhat familiar upon closer examination.  One highly hardened system (a 'server') talks to the wider Internet, and communicates with clients on a LAN, perhaps through a firewall.    Linux has best-practice solutions for implementing such a system, and common sense dictates starting out by considering their applicability.

Automotive systems have some distinct characteristics, however.   Car controllers must be not only responsive and available, but also meet standards of safety that have been adapted from avionics.   How can automotive networks be updated over-the-air securely?   How can we guarantee that downloaded 'apps' don't compromise the fundamental controls of a car?   Linux can address some of these problems, but is not a complete solution, and is most likely to run on real production systems as a 'guest' in a virtualized environment.

Additionally, drivers may be concerned about privacy and control of their data.   Wholly new concerns that are not applicable to servers or smartphones arise, like the possibility that a repair shop may transmit a virus or download a driver's entire location history.    Enjoying the safety, convenience and cost benefits of autonomous operation is only possible when careful choices are made both by engineers and regulators.