Corso Re Umberto 10
Cyber security for automotive and IoT
Drivesec S.r.l. is a company born with the aim of developing security solutions for the world of the Internet of Things (IoT). The strategic goal is to develop methodologies and products for testing and validating the security requirements of connected systems. Over the years Drivesec has developed a product / certification process for automotive systems. This has led to a partnership with TUV Sud, one of the major certification bodies which, within the collaboration with Drivesec, deals with the marketing of the product. The methodology follows the ISO 21434 standard. To support the certification product, a platform (SW + HW) is being developed which aims to make the certification process faster, more reliable and less expensive. The platform (object of the request for support to research and development activities) has two main objectives. The first is to allow security experts to remotely carry out validation and testing activities (short term objective). The second objective is to develop software tools that automatically carry out the activities necessary for the certification of the quality of the security measures implemented by the manufacturer (long term). The market analysis shows a strong increase in the demand for validation services but also shows the inexistence of automatic tools. The key points of success are the speed on the market and the collaboration with specialized research institutes. The validation of product safety today takes place through “penetration tests” (PT), which are performed at the end of the product validation and before the market launch. These are performed by specialists who must necessarily have physical access to the systems to be tested. The duration of these tests varies depending on the complexity of the product. The method described has impacts on cost, quality and time. Drivesec optimizes the execution of PTs with a two-step approach. First: to provide a platform for remote access to the systems to be tested, with the advantage in terms of logistics, time and costs, allowing PTs to be accompanied by the regular tests carried out by the product teams. Second: to develop automatic tools to be made available to the product teams for a self assessment and self certification of the safety posture of the developed product. The availability of automatic tools will make it possible to compensate for the scarcity of physical resources (with relative cost reduction), and will allow to anticipate the results of the PTs in the preliminary stages of product testing. The Drivesec platform consists of access servers and KITs (HW to be installed at the product teams). In the short term remote access services and KIT (HW) will be sold, in the long term it will switch to software tools. The platform is in the proof of concept phase, while the sw tools are in the initial design phase. There is currently no platform similar to the one developed by Drivesec on the market.