Brussels / 30 & 31 January 2016


Writing secure HTML5 applications for automotive systems

Secure architecture for HTML5 applications, from development to production

Everyone understands why a car should be more secure than a phone. Embedded applications typically request special privileges such as playing sound, sending SMS or geolocating. Those running on vehicles, while having the same requirements, need to be more strictly constrained to prevent dramatic consequences on equipment, driver and passengers.

The most common motivation to ignore security is cost reduction and time-to-market. Developing secure HTML5 applications should be smooth and simple. This talk presents a model of architecture leveraging modern tools such as Gulp, Angular and Foundation6 to simplify the production of applications for the automotive industry, while respecting strong security constraints.

This talk focuses on the GNU/Linux AGL distribution and responds to the following concerns : - How to guarantee that malicious HTML5 applications cannot impair security ("Never trust HTML5 code") ? - How to enforce privilege isolation through SMACK ? - How to enforce code isolation via dynamic plugin loading/unloading ? - How to debug code on both the target and development station ? - How to support mixed HTML5/native applications without impairing security ?

We will also take a look at the AGL HTML5 stack, its development and integration pace in AGL distribution.


Manuel Bachmann