Abstract
This is a proposal for forming a research project at MIT Computer Science and Artificial Intelligence Labs (CSAIL) that would be separate but a compliment to the World Wide Web Consortium (W3C) Automotive standards activity.
This is a proposal for forming a research project at MIT Computer Science and Artificial Intelligence Labs (CSAIL) that would be separate but a compliment to the World Wide Web Consortium (W3C) Automotive standards activity.
In-Vehicle-Infotainment (IVI) systems are ecosystems for third party apps to leverage and interact with information and services from the underlying vehicles and the Internet. The Internet is the biggest attack surface concern for connected vehicles.
Use cases for these applications range from on-board sampling/edge computing for feeding data silos, event listeners for triggering the sending of v2x messages, proactive maintenance, navigation, media/entertainment and payment processing.
Interactions with Internet services' data can be manipulated, malicious content interjected and attempts made to execute arbitrary code on the head unit.
Autonomous vehicles' and driver assist decisions are data driven. It is essential that this information is accessible instantly and consistently. Additionally it is absolutely critical this information is accurate and from authenticated sources. Any systems acting on this data should be able to identify and react to potentially erroneous, missing, malicious, injected or fabricated data that could otherwise result in catastrophe.
Automotive application platforms are entirely too fragmented. There are multiple competing vehicle signals APIs, typically manufacturer specific which is preventing innovation in the industry and discouraging third party content providers to write applications for them.
W3C Automotive Working Group and AutoWeb Platform Business Group are working on a rich application ecosystem for connected vehicles.
The main distinctive attribute of this work is that it combines the perspectives of Open Web Platform architects, prospective content providers,privacy and security experts and the automotive industry.
Ability to influence privacy and security aspects of W3C Automotive standards.
Scope is subject to change based on agreed interests from contributing sponsors.
Evaluate vehicle-to-everything (V2x) data exchanges and systems information interactions, define a full attack tree, find weaknesses and devise risk mitigations applicable at various layers of protection. See also presentation to Genivi Security Expert Group.
Create an implementation of an application, network security layer that is capable of controlling information access to and from authenticated sources including data integrity checks. Data sampling and integrity checks would be a combination of defined rulesets and machine learning and applicable to internal/on-board data such as CAN signals and data sources external to the vehicle. This information flow engine will need to enforce adherence to security guidelines and constantly assess the accuracy and viability of data based on sampling identifying deviation from expected value ranges and other heuristics.
*Note: Guidelines should be platform agnostic to the extent possible and not assume W3C marketplace acceptance and dominance.
Three Years with possibility to extend.
Desired annual budget of 700k USD for staff, equipment, travel and other expenses.
W3C, headquartered at MIT's Computer Science and Artificial Intelligence Labs (CSAIL), is the Standards Body for the Web. It has three other host sites at Keio University in Japan, ERCIM in France and Beihang University in China.