Combining Third Party Components Securely in Automotive Systems

Abstract : Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
Type de document :
Communication dans un congrès
Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.262-269, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_18〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01639623
Contributeur : Hal Ifip <>
Soumis le : lundi 20 novembre 2017 - 14:54:31
Dernière modification le : lundi 20 novembre 2017 - 14:56:03
Document(s) archivé(s) le : mercredi 21 février 2018 - 14:24:01

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Madeline Cheah, Siraj Shaikh, Jeremy Bryans, Hoang Nguyen. Combining Third Party Components Securely in Automotive Systems. Sara Foresti; Javier Lopez. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9895, pp.262-269, 2016, Information Security Theory and Practice. 〈10.1007/978-3-319-45931-8_18〉. 〈hal-01639623〉

Partager

Métriques

Consultations de la notice

50