Abstract
Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
Author supplied keywords
Cite
CITATION STYLE
Cheah, M., Shaikh, S. A., Bryans, J., & Nguyen, H. N. (2016). Combining third party components securely in automotive systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9895 LNCS, pp. 262–269). Springer Verlag. https://doi.org/10.1007/978-3-319-45931-8_18
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
