State-of-the-Art Software Bill of Material (SBOM) solutions are provided by centralized often legacy software systems, reflecting the non-agile and waterfall-based method of software creation. Distrusted Software Bill of Material (D-SBOM) is a novel approach to manage these challenges. By use of blockchain technology, an ecosystem of suppliers can commit and exchange information of software used in connected components. The process of commitment is secured by blockchain protocols, and the information stored is trusted by the census mechanism. Information will be additionally secured by encryption methods for distributed computing to avoid the unauthorized access on security and IP relevant information.

Innovation Drivers

Serving connected vehicles with Over the Air (OTA) updates will affect the way how software will be developed from waterfall to agile methodologies. Fixing bugs and vulnerabilities for connected assets require to reduce the software lifecycle from development, testing, audit towards over the air distribution.

  • Using the Decentralized Ledger Technology (DLT), D-SBOM has introduced a novel approach to fill the missing link between providers of OTA software and car OEMs.
  • Due to the effective use of DLT, asvin is more resilient compared to any solutions based on the conventional centralized database architecture.
  • D-SBOM is the only considerable EU-based solution in the domain.

Research Impact Drivers

  • Large automotive OEMs in Europe are concerned about the competitiveness in the global markets. This topic is especially sound in the case of electrical vehicles (EVs), where Tesla has gained a huge advantage. Tesla cars have been fully OTA updated since Model 3, whereas VW still struggles to implement an OTA model. Closing this apparent gap is a matter of survival for the European industry.
  • Certification of business models, including updates for software systems, is part of the new regulations, meaning compliance failures eliminate the possibility of registering new vehicles. OEMs calculate the industry’s financial risk at about €1 bl, exclusive of the impact to brand reputation due to the continued lack of OTA availability.

Demand Drivers

  • Automotive industry is changing rapidly as cars become the software enabled interconnected IoT devices on wheels.
  • The today’s car contains 150 electronic control units (ECUs) with 100 mi lines of code (LoC) manually updated by authorized car services. By 2030, the LoC in a car will triple, and all the software will be updated OTA. This makes cars vulnerable to cyberattacks.