Abstract
The configuration of security mechanisms in automotive on-board networks makes it necessary to define and deploy adapted security policies. This paper discusses how to design policy engines that implement an effective enforcement in such architectures despite the complexity of the protocol stacks of on-board electronic control units. It also evaluates how policies expressed in XACML can be adapted to the automotive environment efficiency requirements despite the limited computational power of those units and network bandwidth limitations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Arabica XML and HTML Processing Toolkit, http://www.jezuk.co.uk/cgi-bin/view/arabica
Asm-Xml Benchmark, http://tibleiz.net/asm-xml/benchmark.html
Pugixml Benchmark, http://pugixml.org/benchmark/
The XML C Parser and toolkit of Gnome libxml, http://www.xmlsoft.org
Bar-El, H.: Intra-Vehicle Information Security Framework (September 2009)
BMW. EMVY: The Embedded Vehicular IT Security Construction Kit, Basic Concept (June 2009)
C2C-CC. Car2Car Communication Consortium, http://www.car-to-car.org/
Chilingaryan, S.: The XMLBench Project: Comparison of Fast, Multi-platform XML Libraries, pp. 21–34. Springer, Heidelberg (2009)
Chutorash, R.J.: Firewall for vehicle communication bus. In: International Patent Classification 7, WO/2000/009363, PCT/US1999/017852. European Patent Office (February 2000)
EASSIS. Security and firewall concepts for gateways. Technical Report Deliverable D1.2-12, EASIS-Project (2006)
Freescale. Mpc565 reference manual. Technical report, Freescale Semiconductor (2005)
Gerlach, M.,Leinmüller, T., Goldacker, G., Festag, A., Harsch, C.: Security architecture for vehicular communication. In: WIT 2005 (2005)
Cheng Haw, S., Krishna Rao, G.S.V.R.: A comparative study and benchmarking on xml parsers. In: The 9th International Conference on Advanced Communication Technology, vol. 1, pp. 321–325 (February 2007)
Hoppe, T., Kiltz, S., Dittmann, J.: Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 145–158. Springer, Heidelberg (2009)
Kelling, E., Friedewald, M., Leimbach, T., Menzel, M., Säger, P., Seudié, H., Weyl, B.: Specification and evaluation of e-security relevant use cases. Technical Report Deliverable D2.1, EVITA Project (2009)
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (May 2010)
Moses, T.: eXtensible access control markup language TC v2.0 (XACML) (February 2005)
Navet, N.: Automotive communication systems: from dependability to security. In: 1st Seminar on Vehicular Communications and Applications (VCA 2011), Luxembourg (May 2011)
Papadimitratos, P.: Securing vehicular communications - assumptions, requirements, and principles. In: Workshop on Embedded Security in Cars, ESCAR (2006)
CVIS Project, Cooperative vehicle infrastructure systems, http://www.cvisproject.org/
EVITA Project. E-safety vehicle intrusion protected applications, http://www.evita-project.org
OVESEE Project. Open vehicular secure platform, https://www.oversee-project.com/
Raya, M., Papadimitratos, P., Hubaux, J.-P.: Securing vehicular communications. IEEE Wireless Communications Magazine 13, 8–15 (2006)
Raya, M., Jungels, D., Papadimitratos, P., Aad, I., Hubaux, J.-P.: Certificate revocation in vehicular networks. Technical report (2006)
Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., Seskar, I.: Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study. In: Proceedings of the 19th USENIX Security Symposium, Washington, DC (August 2010)
Schmidt, A., Waas, F., Kersten, M., Carey, M.J., Manolescu, I., Busse, R.: Xmark: A benchmark for xml data management. In: VLDB, pp. 974–985 (2002)
Schweppe, H., Weyl, B., Roudier, Y., Sabir Idrees, M., Gendrullis, T., Wolf, M.: Securing car2X applications with effective hardware software codesign for vehicular on-board networks. In: VDI Automotive Security 27. VW-Gemeinschaftstagung Automotive Security, VDI Bericht 2131, Berlin, Germany (October 2011)
Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: Car2x communication: securing the last meter - a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography. In: 4th IEEE International Symposium on Wireless Vehicular Communications, WIVEC 2011, San Francisco, CA, United States (September 2011)
International Telecommunication Union. Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), ITU-T Recommendation X.690. Technical report, ITU-T (2002)
International Telecommunication Union. Information Technology - ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1, ITU-T Recommendation X.694. Technical report, ITU-T (2004)
International Telecommunication Union. Information Technology - ASN.1 encoding rules: Abstract Syntax Notation one (ASN.1): Specification of basic notation, ITU-T Recommendation X.680. Technical report, ITU-T (2008)
Weyl, B., Wolf, M., Zweers, F., Gendrullis, T., Sabir Idrees, M., Roudier, Y., Schweppe, H., Platzdasch, H., Khayari, R.E., Henniger, O., Scheuermann, D., Fuchsa, A., Apvrille, L., Pedroza, G., Seudie, H., Shokrollahi, J., Keil, A.: Secure On-board Architecture Specification. Technical Report Deliverable D3.2, EVITA Project (2010)
Wolf, M., Weimerskirch, A., Paar, C., Bluetooth, M.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars, ESCAR 2004 (2004)
Wu, Y., Zhang, Q., Yu, Z., Li, J.: A hybrid parallel processing for xml parsing and schema validation. In: Proceedings of Balisage: The Markup Conference 2008, Montréal, Canada, August 12-15. Balisage Series on Markup Technologies, vol. 1 (2008)
Zrelli, S., Miyaji, A., Shinoda, Y., Ernst, T.: Security and access control for vehicular communications. In: Proceedings of the 2008 IEEE International Conference on Wireless & Mobile Computing, Networking & Communication, pp. 561–566. IEEE Computer Society, Washington, DC (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Idrees, M.S., Roudier, Y. (2012). Effective and Efficient Security Policy Engines for Automotive On-Board Networks. In: Vinel, A., Mehmood, R., Berbineau, M., Garcia, C.R., Huang, CM., Chilamkurti, N. (eds) Communication Technologies for Vehicles. Nets4Cars/Nets4Trains 2012. Lecture Notes in Computer Science, vol 7266. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29667-3_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-29667-3_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29666-6
Online ISBN: 978-3-642-29667-3
eBook Packages: Computer ScienceComputer Science (R0)