{"id":12214,"date":"2016-05-10T08:10:57","date_gmt":"2016-05-10T15:10:57","guid":{"rendered":"https:\/\/blogs.mentor.com\/verificationhorizons\/?p=12214"},"modified":"2026-03-27T08:37:21","modified_gmt":"2026-03-27T12:37:21","slug":"5-things-i-learned-at-the-2016-sae-world-congress","status":"publish","type":"post","link":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/2016\/05\/10\/5-things-i-learned-at-the-2016-sae-world-congress\/","title":{"rendered":"5 Things I Learned at the 2016 SAE World Congress"},"content":{"rendered":"

\"IMG_6642\"<\/a>A few weeks ago I had the honor of presenting a paper<\/a> related to my prior Verification Horizons blog posts on \u201cHow Formal Techniques Can Keep Hackers from Driving You into a Ditch<\/em>\u201d (Part 1<\/a>, Part 2<\/a>) at the annual Society of Automotive Engineers (SAE) World Congress in Detroit, MI. Being an IEEE member for many years, it was intriguing to enter this parallel universe of professionals equally interested in advancing the state of their art. This year in particular, the incredible momentum behind automotive automation gave this conference a palpable energy \u2013 below are but 5 aspects of this.<\/p>\n

1 – The auto industry is now taking vehicle security very seriously<\/strong> — Apparently the infamous \u201cJeep hack\u201d story and subsequent recall was a real watershed — automakers and their suppliers took this as a wake-up call to allocate substantial new R&D resources to this area. Indeed, informally scanning the audiences\u2019 badges and striking up conversations in the \u201cCyber Security\u201d and related \u201cSafety Critical\u201d conference tracks revealed that these sessions were well attended by representatives from all walks of the industry, and the expert panel discussions and papers themselves<\/a> were very substantive.<\/p>\n

2 – Learn to \u201cthink maliciously\u201d<\/strong> \u2013 from the panel on \u201cWith Connectivity, Comes Risks – Cybersecurity and Safety<\/em>\u201d<\/a> one of the panelists implored design & verification engineers to always consider how someone could misuse a diagnostic port or routine for evil and not good. Example: think about how something necessary like a command to disable the anti-lock brakes to bleed off the pressure before maintenance can be safely performed could be manipulated by a Trojan Horse to disable the brakes during a deliberately unsafe moment, or when the vehicle crosses a particular GPS geofence area. (In a related Verification Horizons post \u201cISO 26262 fault analysis \u2013 worst case is really the worst<\/em>\u201d<\/a>, my colleague Avidan Efody explores a variant of this issue.)<\/p>\n

3 – The CAN bus must go, but it\u2019s going to be a painful transition<\/strong> \u2013 The Controller Area Network (CAN)<\/a> is the bus protocol that connects the internal control systems of most cars. Indeed, even a cursory stroll across the SAE World Congress expo floor will expose you to a wide variety of CAN-related offerings. Before cars were connected to the internet CAN served vehicle requirements well; but by computer networking standards it\u2019s not that fast (40 Kbit\/s to 125 Kbits\/sec) and the payload size is very small (a grand total of 64 bits)<\/a>. This small payload size is CAN\u2019s Achilles Heel \u2013 there are simply not enough bits to embed digital signature or other security-related data in a payload this small, leaving the whole bus vulnerable. Hence, it\u2019s trivial to do things like a basic \u201creplay attack\u201d (e.g. recording a door unlock sequence, then \u201creplay\u201d the signals when you want to steal the car without a trace). My personal bet to replace CAN is the emerging Automotive Ethernet standard (that\u2019s already been embraced by BMW, Jaguar, and VW<\/a>) because all the cyber security work in the computer and mobile networking worlds can be brought to bear.<\/p>\n

4 – A new rev of ISO26262 is on the horizon<\/strong> — this is old news for anyone in the Functional Safety field, but semiconductor makers and EDA suppliers should be aware that the upcoming revision has specific provisions for \u201cSemiconductor Functional Safety\u201d<\/a>.<\/p>\n

5 – The auto industry as a whole is reinvigorated<\/strong> \u2013 as noted above, thanks to the whole movement toward more automated vehicles, there was energy crackling through the conference. Throughout the sessions I attended, and in the conversations on the expo floor, the engineers and managers from a myriad of disciplines were eagerly unpacking the challenges and brainstorming solutions. Case in point, on a panel on \u201cCollaborate. Create. Commercialize. The Next Gen Supplier Network<\/em>\u201d, the VP of Purchasing for Toyota North America, a 20+ year veteran of the car business, summarized it best, \u201cThere has never been a better time to be in automotive!<\/em>\u201d<\/p>\n

Until the fully autonomous car is in production, keep your eyes on the road and your hands up on the wheel,<\/p>\n

Joe Hupcey III<\/p>\n

 <\/p>\n

P.S. My colleagues are presenting at the Functional Safety and ISO26262 track at the upcoming IESF Automotive Conference on June 1 in Dearborn, MI \u2013 the complete agenda is posted here: https:\/\/www.mentor.com\/events\/iesf\/automotive-conference<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A few weeks ago I had the honor of presenting a paper related to my prior Verification Horizons blog posts…<\/p>\n","protected":false},"author":71594,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spanish_translation":"","french_translation":"","german_translation":"","italian_translation":"","polish_translation":"","japanese_translation":"","chinese_translation":"","footnotes":""},"categories":[1],"tags":[408,493,559,668,692,697],"industry":[],"product":[],"coauthors":[],"class_list":["post-12214","post","type-post","status-publish","format-standard","hentry","category-news","tag-cyber-security","tag-formal-verification","tag-iso-26262","tag-questa-secure-check","tag-sae","tag-safety-critical"],"_links":{"self":[{"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/posts\/12214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/users\/71594"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/comments?post=12214"}],"version-history":[{"count":1,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/posts\/12214\/revisions"}],"predecessor-version":[{"id":19820,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/posts\/12214\/revisions\/19820"}],"wp:attachment":[{"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/media?parent=12214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/categories?post=12214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/tags?post=12214"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/industry?post=12214"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/product?post=12214"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.sw.siemens.com\/verificationhorizons\/wp-json\/wp\/v2\/coauthors?post=12214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}