Combining Third Party Components Securely in Automotive Systems - Information Security Theory and Practice
Conference Papers Year : 2016

Combining Third Party Components Securely in Automotive Systems

Madeline Cheah
  • Function : Author
  • PersonId : 1023218
Siraj A. Shaikh
  • Function : Author
  • PersonId : 1023219
Jeremy Bryans
  • Function : Author
  • PersonId : 1023220
Hoang Nga Nguyen
  • Function : Author
  • PersonId : 1023221

Abstract

Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
Fichier principal
Vignette du fichier
421627_1_En_18_Chapter.pdf (228.63 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01639623 , version 1 (20-11-2017)

Licence

Identifiers

Cite

Madeline Cheah, Siraj A. Shaikh, Jeremy Bryans, Hoang Nga Nguyen. Combining Third Party Components Securely in Automotive Systems. 10th IFIP International Conference on Information Security Theory and Practice (WISTP), Sep 2016, Heraklion, Greece. pp.262-269, ⟨10.1007/978-3-319-45931-8_18⟩. ⟨hal-01639623⟩
92 View
173 Download

Altmetric

Share

More