39 Cybersecurity | Tech focus unsafe programming languages such as C and C++ to be adapted to provide strong, compatible and efficient protection against many widely exploited vulnerabilities. The scalable compartmentalisation feature enables the fine-grained decomposition of operating system (OS) and application code to limit the effects of security vulnerabilities. RISC-V The first automotive core to implement CHERI fine-grained memory protection provides 100% coverage in checking for memory errors. It uses the RISC-V open instruction-set architecture (ISA) and includes logic in the core check read/write permissions, and it validates memory accesses. The core has ISO/SAE 21434 and ISO 26262 compliance up to the ASIL D integrity level, and the CHERI capabilities are implemented with a small increase in area and low impact on performance to protect against known and future vulnerabilities, and to help simplify the development of secure systems. However, this requires recompiling the code with a CHERI-aware compiler, which can be a complex and time consuming task to meeting automotive certification. Instead, there is the ability to recompile only critical areas of code to reduce software efforts to gain the protection of the CHERI architecture. The baseline microarchitecture is a 64 bit, dual-issue core, which has been extended to efficiently handle capabilities and implement CHERI’s new instructions and functions. The register file has been extended to 129 bits to accommodate, while the memory system has been extended to atomically handle capability tags while still using standard interfaces. Most CHERI operations are implemented in a custom unit in the core with all safety checks, so every instruction is issued to the custom unit, along with another execution unit, such as the Load/Store Unit for a store, and their outputs are combined when the instruction is committed. The core incorporates optional safety mechanisms and advanced security features, providing system engineers with flexibility with a fully verified and supported core IP, which adds the RISC-V Scalar Crypto Extension. Validating and testing Validating automotive cybersecurity requires connectivity gateways, a test management server, a reconnaissance and fuzzing server, and a library of known vulnerabilities and threats. Car makers must perform controlled cyber attacks, functional cybersecurity tests, protocol fuzzing and vulnerability scans to validate that their implementations meet their cybersecurity goals. Testing must cover multiple attack vectors and account for all communication interfaces, including cellular, wi-fi, Bluetooth, CAN bus and Automotive Ethernet. To manage cybersecurity risks in vehicle components and subsystems, OEMs must evaluate component and subsystem vulnerabilities against known vulnerabilities and emerging cyber threats. If vulnerabilities are found and remediated, re-verification tests are required to ensure the remediations didn’t introduce new vulnerabilities. A test execution environment helps to automate verification testing, improve test coverage and demonstrate compliance within a cybersecurity management system (CSMS), as outlined by the ISO/SAE 21434 standard and mandated by regulations such as UN R155. This allows automotive cybersecurity testing from the hardware level through all layers of the OSI stack. This allows developers to find and fix vulnerabilities with hardware, software and services into a single test system. Devices under test are connected to onboard interfaces and the software emulates attacks against vehicular interfaces to validate automotive cybersecurity against a database of known threats. E-Mobility Engineering | March/April 2025 The X730 secure automotive RISC-V processor core with CHERI memory safety (Image courtesy of Codasip)
RkJQdWJsaXNoZXIy MjI2Mzk4