Workshops - escar Europe 2023
Please note: The escar Europe 2023 program is being developed. Following is the 2022 workshop as a reference. The 2023 workshops will be published soon.
In order to guarantee a good workshop atmosphere and for you to be able to gain new insights or deepen your knowledge successfully the number of participants is limited to 35 in each workshop.
Workshops
- Workshop 1: Know your risk: ISO/SAE 21434 compliant Threat Analysis and Risk Assessment supported by CycurRISK
- Workshop 2: I want it all, I want it now: Software-defined Car, Hardware-rooted Security
Workshop Fee
On site: EUR 299,00 (plus VAT 19%)
Please note: the workshops are not included in the conference fee.
Workshop 1: Workshop 1: Know your risk: ISO/SAE 21434 compliant Threat Analysis and Risk Assessment supported by CycurRISK (Lena Steden, Sebastian Burg)
With UNECE WP.29 cybersecurity has become type approval relevant for the first vehicle types this summer.
Automotive OEMs and their suppliers face the challenge that they have to perform a large number of threat analyses and risk assessments (TARAs) for critical elements of each vehicle type. Performing TARAs manually faces limits when changes have to be propagated between item variants and sharing knowledge from previous analyses causes additional effort. In this workshop, we give an overview of risk assessment in the automotive industry, discuss current challenges and present practical examples using CycurRISK, the ETAS tool for TARAs.
Outline of the workshop:
- Introduction to Threat Analysis and Risk Assessment (TARA)
- Motivation
- Methodology
- Relevance of TARAs in the context of ISO/SAE 21434 and UN R 155
- Requirements
- Current challenges in the industry
- CycurRISK
- Live tool demo
- Practical example of a TARA of automotive component using ISO 21434 compliant methodology
Workshop 2: I want it all, I want it now: Software-defined Car, Hardware-rooted Security (Dr.-Ing. Ferdinand Brasser, M.Sc. Patrick Jauernig, Dr.-Ing. Emmanuel Stapf)
The automotive industry is moving towards a truly software-defined car – with a plethora of services coming from different suppliers. Hence, the automotive industry faces the unique challenge of combining high safety demands with complex security requirements. Trusted Execution Environments (TEEs), which are already extensively used in mobile devices, can help to maintain a strong isolation between services and completely separate sensitive applications from the operating system and third-party services.
In this workshop, we give an overview about the current landscape of automotive software architectures. Then, we introduce TEEs and the history of trusted computing technologies, currently deployed TEE architectures, TEE-based services, and next-generation TEEs. Afterwards, we have a hands-on demonstration in small groups to set up a TEE, Arm TrustZone, on a real device. We close the workshop with a discussion on selected attacks on commercial TEEs, and finally, analyze the applicability of these concepts to automotive scenarios.
For the hands-on demonstration, it is advised to bring a laptop that can run a virtual machine (the development environment) and attach a USB-to-Serial adapter to the VM.
Outline of the workshop:
- Trusted Execution Environments
- Landscape of automotive software architectures
- History and background on Trusted Computing technologies
- Currently deployed Trusted Execution Environments (TEEs)
- TEE-based services & next-generation TEEs
- Hands-On Demonstration
- Set up Arm TrustZone
- Deploy your own Trusted Application
- Perform a remote attestation (integrity measurement) of the Trusted Application
- TEEs in the Real World
- TEEs in the real world
- Suitability for the software-defined car