Open Source Summit Korea 2026

The automotive transition to Software-Defined Vehicles (SDVs) relies on mixed-criticality architectures, consolidating open-source infotainment (Automotive Grade Linux) alongside safety-critical Real-Time Operating Systems (RTOS). This virtualization boundary—often KVM/Xen—is assumed to be a secure airgap. However, guest-to-host communication requires hardware abstraction, primarily via the VirtIO standard.

This 40-minute session conducts a hardcore technical teardown of the virtqueue shared-memory mechanism, exposing how legacy C-based VirtIO backends (vhost-net) introduce critical vulnerabilities into the automotive supply chain.

We will dissect a hypervisor escape utilizing custom fuzzing. By crafting malformed descriptor chains to bypass frontend validation, a compromised guest can force the host's backend into out-of-bounds memory corruption, effectively bridging the airgap into the control plane.

Finally, we will architect the open-source defense: migrating to memory-safe rust-vmm virtualization components to mathematically eliminate buffer overflows, and deploying zero-overhead eBPF probes for kernel-level I/O anomaly detection.

Popular open source operating systems like the Linux Kernel and Zephyr RTOS accept up to 9 commits per hour. Safety standards, like 61508, 26262, and others were developed without this rate of change in mind. Safety standards also expect the requirements to be explicit, which is not part of OS development processes. By using AI tools, we're able to accelerate the analysis of OS code to derive the requirements and traceability to tests. By storing this info in tools that can import and export System Package Data eXchange (SPDX) 3.0+, we're able to capture the requirements in a way that can be leveraged for wider system analysis necessary for safety. Associating integrity methods with the requirements and code snippets, also enables monitoring. Combining requirements traceability with precise build SBOM metadata, gives us a framework to keep a component compliant to a safety profile after a security fix.

This talk will provide a view on the latest experiments occurring with the Linux Kernel in the ELISA project, as well as in the Zephyr Safety Working group, and SPDX Functional Safety working group to extend SPDX to meet the needs of establishing these frameworks.