Holistic verification change needed for self-driving cars

By Chris Edwards |  No Comments  |  Posted: June 19, 2018
Topics/Categories: Blog - Embedded  |  Tags: , , ,

  • Print
  • Share

Related Posts

  1. Automotive companies form self-driving vehicle computing group
  2. Arm gives Helium to low-end Cortex-M core
  3. Codasip pips Arm to commercial CHERI with RISC-V version

The coming generation of highly autonomous vehicles and the malicious attacks they are likely to come under will require a rethink of validation and verification (V&V) strategies, according to Peter Davies, director of security concepts at Thales.

The key problem, Davies explained in his keynote at the Verification Futures conference organized by TV&S in Bracknell, UK in mid-June that the key problem is the degree to which systems will be interconnected and be “part of an economic system”. The expectation that many people will rent autonomous vehicles for short periods of time, will alter business models and open various possibilities for criminal gain.

”Everywhere we look there are massive amounts of money that depend on getting these benefits of digitisation,” Davies said.

Having many commercial and real-time systems interacting will pose problems for those responsible for verifying not just correct operation but that they are well-protected against malicious attacks.

“I have to allow people to put other things in there. Whatever my verification strategy it can’t be that I force everyone to do it the same way as me,” Davies explained, and noted how vital components will have to interact with others that may have gaping holes in their security infrastructure. “Trust and security features add exponentially to the complexity of verifying the circuit design.”

“We don’t think about remediation enough. These systems are going to fail. They are too big not to. The question is how you get it back and make sure it fails gracefully. The issue is not the fact that it will fail. The fact that it will fail catastrophically is important,” Davies argued. “This will probably change how we do V&V.”

Like the system itself, V&V is faced with the problem of how interactions between subsystems open up holes. “It’s not at all clear that V&V is composable.”

Davies asked: “Do we need to move to much more dynamic verification techniques and techniques that are far less requirements driven? I know it’s sacrilege but increasingly we’ve been thinking about that.”

Comments are closed.

PLATINUM SPONSORS

Synopsys Cadence Design Systems Siemens EDA
View All Sponsors