Attacker-in-the-loop (AIL) is the logical integration of security into the development lifecycle of embedded systems, specifically in the context of connected and autonomous vehicles. It is equally valid across the wider IOT domain.
If ‘security’ is protecting the vehicle from its environment, and ‘safety’ is protecting the environment from the vehicle (and / or human), the traditional ‘V’ or ‘V plus’ model of feature and system development and integration can be augmented throughout with security and safety considerations – an additional loop of requirement capture and solution provision at each stage.
In light of the infamous and well publicised ‘hacks’ of OEM, Tier 1 and tier 2 equipment to the auto-industry, the well articulated issues of automotive cyber security are increasingly in our consciousness. If not a direct or indirect safety issue, the reputational and brand damage that this can cause is a major concern.
As the design and development engineer will typically start with a requirement specification with increasing detail from Model-in-the-loop (MIL) and Software-in-the-loop (SIL) the overlay of AIL at each stage from professionals will assist in the secure by design requirements being captured. As hardware is incrementally added in the loop through component, sub system and whole vehicle integration; AIL testing can validate and verify appropriate tests to provide assurance that known and identified issues can be managed through the product lifecycle development in increasingly complex whole vehicle systems.
Significant detail is required to establish specific tests with which AIL can be executed, indeed AIL requires a foundational research with which to establish a methodological approach that is appropriate for a dynamic and evolving threat catalogues. It has to be capable of handling legacy system integration as well as future architecture and technologies. This foundational research is being undertaken at WMG, The University of Warwick a a UK Engineering and Physical Sciences research council grant.
To kick it off, what do you think about the notion of AIL? How does it feel like it could fit with ISO 26262, AutoSPICE and ASIL levels?