- From: Foster, Jeremiah <JFoster@luxoft.com>
- Date: Fri, 23 Mar 2018 13:00:01 +0000
- To: "skovac@sunrise.ch" <skovac@sunrise.ch>, "Paul.Boyes@inrix.com" <Paul.Boyes@inrix.com>, "peter.winzell@jayway.com" <peter.winzell@jayway.com>
- CC: "wonsuk.lee@etri.re.kr" <wonsuk.lee@etri.re.kr>, "public-autowebplatform@w3.org" <public-autowebplatform@w3.org>, "public-automotive@w3.org" <public-automotive@w3.org>
Hi, I'll hijack this thread no more and return it to the face to face discussions but let me say that I think it's very interesting discussion and I look forward to hearing more from Stiepan and others on this topc. Warm regards, Jeremiah On Fri, 2018-03-23 at 12:46 +0100, Stiepan Aurélien Kovac wrote: > Hi Jeremiah, > > Please find my in-text reply hereafter: > > On 03/22/18 16:14, Foster, Jeremiah wrote: > > > Hi, I may prepare a presentation on what would be needed for > > > Android/AOSP to be secure and safe for use in applications where > > > safety is critical such as cars, based on my own experience in a > > > project I am coordinating with my company and my previous > > > research > > > > on the subject of mobile security in general. > > > > JF - Are you referring to ISO 26262 certification? I think that is > > really the only relevant benchmark for safety-critical software in > > vehicles. OEMs want to have multiple displays in the vehicle and > > have functional safety information, like telltales, appear on any > > screen. This domain interaction (functional safety domain and > > infotainment domain) is GENIVI's focus now. > > For now our focus has been on MISRA, but we will definitely take > better > into account all applicable ISO norms for the future, not only for > safety but also for other domains, thank you for your comment. > > > > Likewise, when it is used for in-car entertainment purposes only, > > > I may provide my perspective on making it compatible with the > > > upcoming GDPR (May!). > > > > JF - This is hugely important as the EU plainly states that GDPR is > > relevant for vehicles. Also, the emerging idea of 'industrial data > > rights' in relation to vehicles is an area that ought to be > > addressed I believe (PDF: http://www.grur.org/uploads/tx_meeting/01 > > -Wiebe_Presentation_Brussels.pdf) in relation ti GDPR. Personally I > > feel that W3C has not been as robust as it might have here in > > promulgating standards around data usage. I think the work is being > > done in other places. W3C needs to clarify its relevance to not > > just the GDPR but to other emerging IPC and display standards. > > Regarding GDPR, now that the EU has a digital strategy (according to > the > cited PDF, Comm. Oettinger said in 2015: „EU lacks a data strategy“), > we > seek to provide means to implement it, as the worse would be that it > remains "lettre morte" and companies infringing the GDPR "simply" see > a > 4% tax increase: on the contrary, they should take this opportunity > to > improve their products (we can help). Likewise, GDPR is one thing as > you > rightly put it, but we should also look at what other countries are > doing in this direction, which would be coherent with better taking > into > account all applicable international norms. > > > > > > Last but not least, if possible, I would like to invite a speaker > > > from a German university who could provide interesting insights > > > on the current mobile base band attack surface, OS-independent > > > (i.e. not restricted to Android/AOSP in particular), with > > > the goal to identify areas that need to be improved upon, > > > thereby avoiding scenarios like getting one's connected car > > > stolen (or worse) with the use of a rogue/manipulated mobile > > > network cell. I know, this is about web technology and I am > > > considering the full stack, but since we speak about Android... > > > Pick your favorite! > > > JF - Interesting stuff and well worth discussing. But there is a > > > lot of automotive specific security work done in other places. > > > Firstly, each OEM has a robust security shell that they deem > > > crucially important. Along with their own approach, they have > > > their own service level agreements and other contractual > > > obligations that they place on their suppliers (right to inspect, > > > vehicle lifetime, etc.). AGL has developed its own security > > > framework, Android obviously has its own. Hypervisors are another > > > layer that are selling security and isolation capabilities (with > > > containers making inroads). In addition, GENIVI has a security > > > expert group and that group coordinates with other groups > > > globally, like FASTR and ISAC, though the bindings to these other > > > initiatives might benefit from greater coordination. In general I > > > worry that there is a surfeit of standard bodies and a paucity of > > > real standards. I wonder what the W3C hopes to do to address > > > this? > > Well, I was referring at physical layer security, if you wish (or > more > correctly, of the software inside the "black boxes" that are phone's > radio interfaces, which include hypervisors, often outdated versions > however). I think that between ISO and W3C in the overall automotive > ICT > security standardization landscape, there's the ITU-T's SG-17, but I > might be biased as a part of the SG-17 study group (and this is only > my > personal opinion). W3C may send a liaison to that group though, that > could be a first step and then we could move on from there. Should > you > wish to do so, please write to my company e-mail stie at itk dot > swiss > and I will transmit it to the corresponding SG17 question rapporteur. > > Regards, > > > > Jeremiah > > > > > > > > On 03/21/18 21:56, Paul Boyes wrote: > > > > > > I changed to Android in Automotive. > > > > > > > > > > > > Paul J. Boyes | > > INRIX | Director of Telematics and Standards - OpenCar | 206- > > 276-9675 | paul.boyes@inrix.com | www.inrix.com > > > > > > > > > > > > On Mar 21, 2018, at 1:51 PM, Peter Winzell <peter.winzell@jayway.co > > m> wrote: > > > > > > > > > > HI, so we should change the agenda item from Android auto to > > Android Embedded/AOSP ? > > > > > > Br > > > > Peter Winzell > > > > > > 2018-03-21 13:49 GMT-07:00 Peter Winzell > > <peter.winzell@jayway.com>: > > > > Sure, sounds good. > > > > > > > > > > On Wed, 21 Mar 2018 at 13:21, Paul Boyes <Paul.Boyes@inrix.com> > > wrote: > > > > > > Peter, > > > > > > You can pin that one on me. I am seeing Android (not just Android > > Auto) pop up in automotive quite a bit and am interested in hearing > > thoughts and discussing it in relationship to the Automotive WG and > > experience in general. Make sense? > > > > > > > > > > > > Paul J. Boyes | > > INRIX | Director of Telematics and Standards - OpenCar | 206- > > 276-9675 | paul.boyes@inrix.com | www.inrix.com > > > > > > > > > > > > > > > > > > > > On Mar 21, 2018, at 11:53 AM, Peter Winzell <peter.winzell@jayway.c > > om> wrote: > > > > > > > > > > > > Hi Wonsuk! > > > > > > I was just wondering why we are having phone mirroring(android > > auto) on the agenda for the f2f ? What is the idea behind that > > (sorry for have missed the meeting) > > > > > > Br > > > > Peter WInzell > > > > > > > > > > 2018-03-06 21:34 GMT-08:00 이원석 <wonsuk.lee@etri.re.kr>: > > > > > > > > Hi. Guys. > > I made an early draft of agenda below for upcoming f2f in Munich. > > It’s only have input from Paul and me. So please review and let us > > know your view! > > https://www.w3.org/auto/wg/wiki/Auto-f2f-april-2018 > > > > Thanks! > > > > Cheers, > > Wonsuk. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > Stiepan A. Kovac > > M Sc ICT Security > > IT+Tech. Tel. Eng. > > > > T: +41 22 734 59 96 > > M: +41 76 382 59 96 > > skovac@sunrise.ch > > > > > > > > > > ________________________________ > > > > This e-mail and any attachment(s) are intended only for the > > recipient(s) named above and others who have been specifically > > authorized to receive them. They may contain confidential > > information. If you are not the intended recipient, please do not > > read this email or its attachment(s). Furthermore, you are hereby > > notified that any dissemination, distribution or copying of this e- > > mail and any attachment(s) is strictly prohibited. If you have > > received this e-mail in error, please immediately notify the sender > > by replying to this e-mail and then delete this e-mail and any > > attachment(s) or copies thereof from your system. Thank you. > > Regards, > Stiepan > ________________________________ This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you.
Received on Friday, 23 March 2018 13:00:33 UTC