Security and privacy for in-vehicle networks

2012 IEEE 1st International Workshop on Vehicular Communications, Sensing, and Computing, VCSC 2012

Volumn , Issue , 2012, Pages 12-17

  Schweppe, Hendrik ^a   Roudier, Yves ^a  

^a EURECOM   (France)

Author keywords

Binary Instrumentation; Data Flow Tracking; Distributed Tainting; In Vehicle Network Security; On Board Systems; Privacy

Indexed keywords

BINARY INSTRUMENTATIONS; DATA FLOW; DISTRIBUTED TAINTING; IN-VEHICLE NETWORKS; ON-BOARD SYSTEMS;

DATA PRIVACY; DATA TRANSFER; MOBILE DEVICES; PERSONAL COMPUTERS;

NETWORK SECURITY;

EID: 84867290358     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/VCSC.2012.6281235     Document Type: Conference Paper

References (26)

1. R. Bruckmeier, "Ethernet for Automotive Applications," in Freescale Technology Forum, Orlando, 2010.
2. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, L. Jung, P. McDaniel et al., "TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones," in 9th OSDI, USENIX, 2010.
3. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway et al., "Experimental security analysis of a modern automobile," in 31st Security and Privacy, IEEE, 2010.
4. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage et al., "Comprehensive experimental analyses of automotive attack surfaces," in 20th USENIX conference on Security, 2011.
5. Linux Foundation, "Meego software platform chosen by the GENIVI alliance," online: http://tinyurl.com/mgoGNVI, July 2010.
6. R. Streif, S. Bolek et al., "MeeGo: In-vehicle api." [Online]. Available: http://wiki.meego.com/index.php?title=In-vehicle/Roadmap/ API&oldid=44637&printable=yes
7. I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu et al., "Security and privacy vulnerabilities of in-car wireless networks: a tire pressure monitoring system case study," in 19th USENIX Security, 2010.
8. C. Luk, R. Cohn, R. Muth, H. Patil, and A. Klauser, "Pin: building customized program analysis tools with dynamic instrumentation," ACM SIGPLAN, 2005.
9. J. Clause, W. Li, and A. Orso, "Dytan: a generic dynamic taint analysis framework," in ISSTA, 2007, pp. 196-206.
10. V. P. Kermelis, G. Portokalidis, K. Jee, and A. D. Keromytis, "libdft: Practical Dynamic Data Flow Tracking for Commodity Systems," in VEE'12, SIGPLAN/SIGOPS, 2012.
11. D. Zhu, J. Jung, D. Song, and T. Kohno, "TaintEraser: protecting sensitive data leaks using application-level taint tracking," ACM SIGOPS Operating Systems Review, 2011.
12. E. Levy (Aleph One), "Smashing the stack for fun and profit," The Phrack Magazine, vol. 49, no. 14, 1996.
13. scut, "Exploiting format string vulnerabilities," TESO Security Group, Tech. Rep., 2001.
14. H. Shacham, M. Page, B. Pfaff, and E. Goh, "On the effectiveness of address-space randomization," in 11th CCS, 2004.
15. H. Schweppe, Y. Roudier, B. Weyl, L. Apvrille, and D. Scheuermann, "Car2X communication: securing the last meter - A cost-effective approach for ensuring trust in Car2X applications using in-vehicle symmetric cryptography" in WIVEC 2011, September 2011.
16. B. Weyl, M. Wolf, F. Zweers, T. Gendrullis, M. S. Idrees, Y. Roudier et al. "Secure on-board architecture specification," EVITA Project, Tech. Rep. D3.2, 2010.
17. H. Schweppe, S. Idrees, Y. Roudier, B. Weyl, R. El Khayari, O. Henniger et al., "Secure on-board protocols specification," EVITA Project, Tech. Rep. D3.3, 2010.
18. "The EVITA project," http://evita-project.org/, August 2008.
19. A. Peslyak (Solar Designer), "Non-executable stack patch," Linux Kernel Patch, 1997.
20. K. Onarlioglu, L. Bilge, A. Lanzi, D. Balzarotti, and E. Kirda, "G-free: Defeating return-oriented programming through gadget-less binaries," in 26th ACSAC, 12 2010.
21. A. Zavou, G. Portokalidis, and A. Keromytis, "Taint-exchange: a generic system for cross-process and cross-host taint tracking," 6th ACS, 2011.
22. W. W.-Y. Cheng, "Information Flow for Secure Distributed Applications," PhD Thesis, MIT, 2009.
23. J. Croft and M. Caesar, "Towards Practical Avoidance of Information Leakage in Enterprise Networks," in 6th USENIX HotSec, 2011.
24. J. Newsome and D. X. Song, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software," in NDSS, 2005.
25. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda, "Panorama: capturing system-wide information flow for malware detection and analysis," in 14th CCS, 2007, pp. 116-127.
26. P. Papadimitratos, L. Buttyan, T. Holczer, E. Schoch, J. Freudiger, M. Raya et al. "Secure vehicular communication systems: design and architecture," IEEE Communications Magazine, vol. 46, no. 11, pp. 100-109, 2008.