research-article

Practical information-flow aware middleware for in-car communication

Authors:

Alexandre Bouard,

Claudia EckertAuthors Info & Claims

CyCAR '13: Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles

Pages 3 - 8

https://doi.org/10.1145/2517968.2517969

Published: 04 November 2013 Publication History

Abstract

Today's vehicles are increasingly connected to Internet, devices and integrate more and more electronic components. More than just ensuring their passengers' safety, which remains nevertheless one of their main objectives, cars have to deal with private information and encounters the same security issues as traditional computers. Until recently, automotive technologies allowed very little space for security, but the transition towards full Ethernet-based on-board network will change this situation. In this paper, we present solutions for decentralized information flow control in order to enhance the security and privacy level of the car data management. We describe the implementation of these mechanisms in an automotive middleware and propose its evaluation.

References

[1]

Lutz Z.: Renault debuts R-Link, engadget and Renault press release at LeWeb'11 (2011)

[2]

Koscher, K. et al: Experimental Security Analysis of a Modern Automobile. In Proc. of the 31st IEEE S&P, pp. 447--462, IEEE (2010)

Digital Library

[3]

Glass, M., Herrscher, D., Meier, H., Piastowski, M., Shoo, P.: SEIS - Security in Embedded IP-based Systems. In ATZelektronik worldwide, 2010-01 (2010)

[4]

Myers, A. C., Liskov, B.: Protecting Privacy Using the Decentralized Label Model. In ACM Transactions on Software Engineering and Methodology, vol. 9, pp. 410--442, ACM (2000)

Digital Library

[5]

Etch home: http://incubator.apache.org/etch/

[6]

Schonenberg, P.: Introduction of Ethernet. In 6th Vector Congress (2012)

[7]

Bouard, A., Glas, B., Jentzsch, A., Kiening, A., Kittel, T., Weyl, B.: Driving Automotive Middleware Towards a Secure IP-based Future. In 10th escar (2012)

[8]

Bouard, A., Schanda, J., Herrscher, D., Eckert, C.: Automotive Proxy-based Security Architecture for CE Device Integration. In 5th MobileWare 2012, pp. 62--76, Springer (2012)

[9]

Fujitsu Semiconductor Europe: Fujitsu Announces Powerful MCU with Secure Hardware Extension (SHE) for Automotive Instrument Clusters. In Fujitsu Press Release at www.fujitsu.com (2012)

[10]

Department of Defense: Trusted Computer System Evaluation Criteria In Orange Book (1983)

[11]

Efstathopoulos, P. et al: Labels and Event Processes in the Asbestos Operating System. In Proc. of the 20th ACM SOSP, pp. 17--30, ACM (2005)

Digital Library

[12]

Zeldovich, N. et al: Making Information Flow Explicit in Histar. In Proc. of the 7th USENIX OSDI, pp. 19{19, USENIX Association (2006)

Digital Library

[13]

Zeldovich, N., Boyd-Wickizer, S., Mazieres, D.: Securing Distributed Systems with Information Flow Control. In Proc. of the 5th USENIX NSDI, pp. 293--308, USENIX Association (2008)

Digital Library

[14]

Migliavacca, M., Papagiannis, I., Eyers, D. M., Shand, B., Bacon, J., Pietzuch, P.: Defcon: High-Performance Event Processing with Information Security. In Proc. of the USENIX ATC'10, pp. 1--1, USENIX (2010)

Digital Library

[15]

Ramachandran, A., Mundada, Y., Tariq, M. B., Feamster, N.: Securing Enterprise Networks Using Traffic Tainting. In Special Interest Group on Data Communication (2008)

[16]

Xen® hypervisor homepage, http://www.xen.org/

[17]

Weckemann, K. et al: Lessons from a Minimal Middleware for IP-based In-car Communication. In Proc. of the IEEE IV'12, pp 686--691, IEEE (2012)

[18]

BMW web site. Navigation system Professional, www.bmw.com/com/en/insights/technology/technology_guide/articles/navigation_system.html

Cited By

De Vincenzi MCostantino GMatteucci IFenzl FPlappert CRieke RZelle D(2024)A Systematic Review on Security Attacks and Countermeasures in Automotive EthernetACM Computing Surveys10.1145/363705956:6(1-38)Online publication date: 22-Jan-2024
https://dl.acm.org/doi/10.1145/3637059
Pasquier TSingh JEyers DBacon J(2017)Camflow: Managed Data-Sharing for Cloud ServicesIEEE Transactions on Cloud Computing10.1109/TCC.2015.24892115:3(472-484)Online publication date: 1-Jul-2017
https://doi.org/10.1109/TCC.2015.2489211
Pasquier TBacon JSingh JEyers DWang XBauer LKerschbaum F(2016)Data-Centric Access Control for Cloud ComputingProceedings of the 21st ACM on Symposium on Access Control Models and Technologies10.1145/2914642.2914662(81-88)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1145/2914642.2914662
Show More Cited By

Index Terms

Practical information-flow aware middleware for in-car communication
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
  2. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

On Event-Based Middleware for Location-Aware Mobile Applications

As mobile applications become more widespread, programming paradigms and middleware architectures designed to support their development are becoming increasingly important. The event-based programming paradigm is a strong candidate for the development ...
A retrospective on the design of the GOPI middleware platform

This paper offers a high-level retrospective overview of the GOPI middleware platform which is the outcome of a three-year project aimed at the development of generic, configurable and extensible middleware. GOPI has a clearly defined modular structure, ...
Designing for Frustration and Disputes in the Family Car

Families spend an increasing amount of time in the car carrying out a number of activities including driving to work, caring for children and co-ordinating drop-offs and pick ups. While families travelling in cars may face stress from difficult road ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CyCAR '13: Proceedings of the 2013 ACM workshop on Security, privacy & dependability for cyber vehicles

November 2013

72 pages

ISBN:9781450324878

DOI:10.1145/2517968

General Chairs:
Ahmad-Reza Sadeghi
Intel CRISC & TU Darmstadt, Germany
,
Cliff Wang
Army Research Office, USA
,
Hervé Seudié
Robert Bosch GmbH, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4, 2013

Berlin, Germany

Acceptance Rates

CyCAR '13 Paper Acceptance Rate 6 of 11 submissions, 55%;

Overall Acceptance Rate 6 of 11 submissions, 55%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
237
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Vincenzi MCostantino GMatteucci IFenzl FPlappert CRieke RZelle D(2024)A Systematic Review on Security Attacks and Countermeasures in Automotive EthernetACM Computing Surveys10.1145/363705956:6(1-38)Online publication date: 22-Jan-2024
https://dl.acm.org/doi/10.1145/3637059
Pasquier TSingh JEyers DBacon J(2017)Camflow: Managed Data-Sharing for Cloud ServicesIEEE Transactions on Cloud Computing10.1109/TCC.2015.24892115:3(472-484)Online publication date: 1-Jul-2017
https://doi.org/10.1109/TCC.2015.2489211
Pasquier TBacon JSingh JEyers DWang XBauer LKerschbaum F(2016)Data-Centric Access Control for Cloud ComputingProceedings of the 21st ACM on Symposium on Access Control Models and Technologies10.1145/2914642.2914662(81-88)Online publication date: 6-Jun-2016
https://dl.acm.org/doi/10.1145/2914642.2914662
Pasquier TSingh JBacon J(2015)Clouds of Things Need Information Flow Control with Hardware Roots of TrustProceedings of the 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom.2015.41(467-470)Online publication date: 30-Nov-2015
https://dl.acm.org/doi/10.1109/CloudCom.2015.41

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten