Road to escar (free pre-event) escar Europe 2021

Uptane Industry Workshop: Securing Software Updates for Vulnerable Vehicles
A tutorial and workshop in two parts

Thursday, September 23, 1:00 p.m. to 4:30 p.m. CET/German time (7 a.m. to 10:30 a.m. New York time)

Uptane is an open source, secure software update standard that protects software delivered over-the-air to the computerized units of automobiles. In this free workshop, you will learn more about Uptane’s security principles, as well as hear real-world stories of the framework’s integration into existing software update systems.

The workshop is organized in two sessions, with a 30-minute break in-between. Each 45-minute session will consist of a 25 to 30-minute presentation, followed by 15 to 20 minutes of question and answer time with representatives from the Uptane community. One registration covers both parts of the workshop.

Part 1: “An Introduction to Uptane: A Compromise-Resilient Defense Against Nation State Actors”

Hosted by Ira McDonald, High North, Inc. and Marina Moore, NYU Tandon School of Engineering

This introductory session presents an overview of Uptane’s design and the threats it is equipped to defend against. It also explains how its emphasis on compromise-resilience — or the ability to limit the damage from any potential compromise — makes it a realistic solution at a time when the rise of organized criminal enterprises and nation state attackers has greatly increased the potential consequences of such attacks, in terms of both economic and human costs.

Ira McDonald

Ira Mc Donald, High North Inc.

Ira McDonald is a consulting cybersecurity architect at automotive OEMs, network equipment vendors, telecom operators, and printer manufacturers. He is a founding member of the Uptane project, and has been a Board member since September 2018.  Since 1973, Ira has consulted for NASA, IBM, FCA, Fujitsu, Samsung, Sharp, Xerox, Norand, DEC, Plantronics, Olympia Brewing, Perkin-Elmer, ARINC, AMTRAK and various US government agencies, and he has co-edited more than 30 IETF, IEEE, DMTF, SAE, TCG, and Linux Foundation security and network management public standards. Currently, Ira serves as a consultant in Toyota Vehicle Security, and has edited global cybersecurity standards for vehicles at Mitsubishi (FOTA) and Stellantis (Internet Suite, TLS, Ethernet, FOTA, IDS).

Marina Moore

Marina Moore, NYU Tandon School of Engineering

Marina Moore is a PhD candidate at NYU’s Tandon School of Engineering where she conducts research on secure software updates and supply chain security in the Secure Systems Lab. While at NYU, she has worked primarily on research and development for The Update Framework (TUF), Uptane, and Notary, and has delivered talks at KubeCon + CloudNativeCon and WiCyS 2019.

Part 2: “Integrating Uptane: Lessons Learned”

Hosted by André Weimerskirch, Lear Corporation, and Patti Vacek, unu Motors

This workshop is designed for those who may already have some familiarity with Uptane and are interested in learning more from companies and organizations that have implemented the framework. The presentation will focus on examples/case studies, as well as recent or emerging challenges that the framework is adapting to meet.

Andre Weimerskirch

André Weimerskirch, Lear Corporation

Dr. André Weimerskirch is Vice President for Platform SW, Cybersecurity and Functional Safety at Lear Corporation. Before that, André established the transportation cybersecurity group at the University of Michigan Transportation Research Institute (UMTRI), and co-founded the embedded systems security company ESCRYPT, which was sold to Bosch in 2012.  André is active in all areas of automotive and transportation cybersecurity and privacy. He is a main designer of the American vehicle-to-vehicle SCMS security system, and is co-founder of the American workshop on embedded security in cars (escar USA).

Patti Vacek

Patti Vacek, unu Motors

Patti Vacek is a software engineer at unu motors in Berlin, Germany, where she is helping to build all-electric urban mobility solutions. Previously, Patti led the embedded engineering team at Here Technologies (formerly Advanced Telematic Systems) that developed aktualizr, part of the first commercial open-source implementation of Uptane. Patti studied Computer Science and Mathematics at Webster University (St. Louis, Missouri) and the Fachhochschule Hannover (Germany). Her interest in open-source technology and information security was reinforced during a 2010 internship at the Cryptography Competence Center of Deutsche Bank in Frankfurt, Germany.