Towards Secure and Safe Appified Automated Vehicles

The advancement in Autonomous Vehicles (AVs) has created an enormous market for the development of self-driving functionalities,raising the question of how it will transform the traditional vehicle development process. One adventurous proposal is to open the AV platform to third-party developers, so that AV functionalities can be developed in a crowd-sourcing way, which could provide tangible benefits to both automakers and end users. Some pioneering companies in the automotive industry have made the move to open the platform so that developers are allowed to test their code on the road. Such openness, however, brings serious security and safety issues by allowing untrusted code to run on the vehicle. In this paper, we introduce the concept of an Appified AV platform that opens the development framework to third-party developers. To further address the safety challenges, we propose an enhanced appified AV design schema called AVGuard, which focuses primarily on mitigating the threats brought about by untrusted code, leveraging theory in the vehicle evaluation field, and conducting program analysis techniques in the cybersecurity area. Our study provides guidelines and suggested practice for the future design of open AV platforms

On the road with third-party apps: Security analysis of an in-vehicle app platform

Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internetconnected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars

Security Analysis of Web and Embedded Applications

As we put more trust in the computer systems we use the need for securityis increasing. And while security features like HTTPS are becomingcommonplace on the web, securing applications remains dicult. This thesisfocuses on analyzing dierent computer ecosystems to detect vulnerabilitiesand develop countermeasures. This includesweb browsers,web applications,and cyber-physical systems such as Android Automotive.For web browsers, we analyze how new security features might solve aproblem but introduce new ones. We show this by performing a systematicanalysis of the new Content Security Policy (CSP) directive navigate-to.In our research, we nd that it does introduce new vulnerabilities, to whichwe recommend countermeasures. We also create AutoNav, a tool capable ofautomatically suggesting navigation policies for this directive.To improve the security of web applications, we develop a novel blackboxmethod by combining the strengths of dierent black-box methods. Weimplement this in our scanner Black Widow, which we compare with otherleading web application scanners. Black Widow both improves the coverageof the web application and nds more vulnerabilities, including ones inPrestashop, WordPress, and HotCRP.For embedded systems,We analyze the new attack vectors introduced bycombining a phone OS with vehicle APIs and nd new attacks pertaining tosafety, privacy, and availability. Furthermore, we create AutoTame, which isdesigned to analyze third-party apps for vehicles for the vulnerabilities wefound

Reallocating Uncertainty in Incumbent Firms through Digital Platforms: The Case of Google’s Automotive Ecosystem Involvement

This research examines how incumbent firms decide on the degree of involvement of technology players in their digital strategies, by integrating insights from digital innovation and digital platform research. We conducted an embedded case study on the adoption of Google’s Android Automotive OS and Google Automotive Services by the automotive industry, using semi-structured interviews with industry experts and senior decision-makers. We build on affordance-actualization theory to develop a grounded model of uncertainty reallocation consisting of five aggregate dimensions: (1) external digital platform by tech firm, (2) incumbent firm and its goals, (3) uncertainty tradeoffs and affordance of reallocation, (4) strategic actions by incumbent firm, and (5) short- and long-term outcomes. Our results provide valuable insights into the selection of non-binary platform strategies and the effects of various levels of technology firm involvement. This addition to the knowledge base of the information systems discipline provides practical guidance for incumbent firms navigating digital transformation

Accessible user interface support for multi-device ubiquitous applications: architectural modifiability considerations

The market for personal computing devices is rapidly expanding from PC, to mobile, home entertainment systems, and even the automotive industry. When developing software targeting such ubiquitous devices, the balance between development costs and market coverage has turned out to be a challenging issue. With the rise of Web technology and the Internet of things, ubiquitous applications have become a reality. Nonetheless, the diversity of presentation and interaction modalities still drastically limit the number of targetable devices and the accessibility toward end users. This paper presents webinos, a multi-device application middleware platform founded on the Future Internet infrastructure. Hereto, the platform's architectural modifiability considerations are described and evaluated as a generic enabler for supporting applications, which are executed in ubiquitous computing environments

Connected Car: technologies, issues, future trends

The connected car -a vehicle capable of accessing to the Internet, of communicating with smart devices as well as other cars and road infrastructures, and of collecting real-time data from multiple sources- is likely to play a fundamental role in the foreseeable Internet Of Things. In a context ruled by very strong competitive forces, a significant amount of car manufacturers and software and hardware developers have already embraced the challenge of providing innovative solutions for new generation vehicles. Today’s cars are asked to relieve drivers from the most stressful operations needed for driving, providing them with interesting and updated entertainment functions. In the meantime, they have to comply to the increasingly stringent standards about safety and reliability. The aim of this paper is to provide an overview of the possibilities offered by connected functionalities on cars and the associated technological issues and problems, as well as to enumerate the currently available hardware and software solutions and their main features

Car Infotainment: An early analysis of driver perceptions towards apps in the car

Driven by technological advances, the vision of a Connected Car finally becomes reality. As one of the Connected Car innovations, Car Infotainment Systems now get an internet connection. Following the example of the mobile industry, app ecosystems are about to emerge in cars. In-Vehicle technology has already become the new differentiation battleground in the automotive industry. Being technologically possible, however, does not guarantee the success of app-based Car Infotainment Systems. It is not clear whether these systems are appreciated by car drivers, seeing that apps not necessarily provide assistance for driving, but in contrast can be a source of driver distraction and thus threaten traffic safety. It was therefore the purpose of this study to explain the perceptions of car drivers towards Car Infotainment Systems that provide access to an App ecosystem and thereby determine success factors from a user’s perspective. For this reason, a research model that extends the Technology Acceptance Model with hypothetical factors has been proposed based on a literature review on driver acceptance. By analyzing data collected through an online survey, perceptions have been measured and nine hypotheses among these factors have been tested. It could be shown that drivers’ perceptions of Car Infotainment Systems are slightly positive. Task-technology-fit, usefulness, ease of use, risk and costs could be approved as being influencing factors of the behavioral intention to use Car Infotainment Systems. However, the perceived risk seems to have no direct influence. Implications for both practice and academia could be drawn from these results