Skip to Main content Skip to Navigation
Conference papers

Combining Third Party Components Securely in Automotive Systems

Abstract : Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
Document type :
Conference papers
Complete list of metadata

Cited literature [17 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 20, 2017 - 2:54:31 PM
Last modification on : Friday, January 14, 2022 - 2:12:05 PM
Long-term archiving on: : Wednesday, February 21, 2018 - 2:24:01 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Madeline Cheah, Siraj A. Shaikh, Jeremy Bryans, Hoang Nga Nguyen. Combining Third Party Components Securely in Automotive Systems. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. pp.262-269, ⟨10.1007/978-3-319-45931-8_18⟩. ⟨hal-01639623⟩



Record views


Files downloads