Automotive Security Checklist
白皮书
Security is not something that can be easily added to a device. During the complete product lifecycle (design, development, production, field, failure analysis), developers have to think from an attacker’s point of view. Every security-relevant feature must be protected against external and internal threats.
A security-relevant feature is not always obvious, as any feature could potentially weaken the rest of the system. Security literature is vast and changes every day. System on Chip (SoC) developers / OEM users lack the time and base to find the relevant information needed for a secure development. Keysight is the established market leader in embedded system security and the source of the relevant security knowledge for the customers it serves.
Security is in essence a trade-off between protection, cost, and time to market and therefore there will never be one right answer. However, there are best practices which can provide a significant barrier against the attackers. The purpose of this document is to empower the developer to self-assess the security of a SoC design by asking security-relevant guiding questions. This list is in no way “the final checklist” but should be used as a starting point to build further questions upon so that all the security features and possible attack avenues and countermeasures are identified.