CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

A Model for Safe and Secure Execution of Downloaded Vehicle Applications

Phu H. Phung (Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers)) ; Dennis K. Nilsson
Proceedings of Road Transport Information and Control - RTIC 2010, IET (2010)
[Konferensbidrag, refereegranskat]

Existing secure protocols and code signing mechanisms for vehicle systems to download and install software over the air certify only the origin and the integrity of software; thus, they do not address errors that might not be detected in the development process and cannot ensure that the downloaded software do not contain malicious code. In this paper, we identify such possible threats by developing a threat model for the vehicle software architecture. We propose countermeasures against the threats by preventing or modifying inappropriate behaviour caused by, e.g., malicious or poorly designed applications. We propose a model to deploy the approach which is based on modifying the application at the wireless gateway in the vehicle before being installed. As a result, security policies are embedded into the application and intercepts security relevant execution events. Thus, the execution of downloaded vehicle applications is monitored to ensure the safety and security for the vehicle system and to detect potential cyber attacks.

Nyckelord: downloaded vehicle applications, malicious code, policy enforcement

Den här publikationen ingår i följande styrkeområden:

Läs mer om Chalmers styrkeområden  

Denna post skapades 2010-11-27. Senast ändrad 2010-12-15.
CPL Pubid: 129701


Läs direkt!

Länk till annan sajt (kan kräva inloggning)

Institutioner (Chalmers)

Institutionen för data- och informationsteknik, Programvaruteknik (Chalmers) (2008-2010)


Informations- och kommunikationsteknik

Chalmers infrastruktur

Relaterade publikationer

Denna publikation ingår i:

Lightweight Enforcement of Fine-Grained Security Policies for Untrusted Software