Designing Secure Applications for the Internet of Vehicles - Exploring how existing languages and techniques impact future security & safety

Abstract

Connected vehicles are becoming increasingly important in light of autonomous driving, new features, and improved road safety. The recent phenomenon of vehicles communicating with the cloud, other vehicles, and user devices is often referred to as the Internet of Vehicles and promises more features while also promising increased road safety, leveraging the increased available computational power and cloud data. As vehicles begin communicating with each other and rely on cloud connectivity for features such as media systems, hazard warnings, and route planning, security concerns are raised as these features also increase the attack surface and make vehicles more susceptible to hacking, possibly leading to property damage or loss of life. This thesis aims to investigate how the use of modern languages and development techniques may prevent malicious actors from exploiting vehicles, causing harm to individuals and society. More specifically we propose a framework for evaluating the advantages and drawbacks of new developments technologies. We then follow this framework by implementing a promising vehicle-to-vehicle network protocol across several ecosystems, showing how the industry might adopt more secure tools and languages in future automotive development. We find that these paradigms can provide benefits to automotive development in the form of improved security. In particular, we find that the memory paradigm of Rust provides ample protection against memory-based attacks while also providing an ecosystem that is actively working towards better security in the supply chain. Meanwhile, languages that require runtimes or work at a high abstraction level such as MicroPython are found to be unsuitable due to lack of support and performance costs.