Effective and Efficient Security Policy Engines for Automotive On-Board Networks

  • Muhammad Sabir Idrees
  • Yves Roudier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7266)


The configuration of security mechanisms in automotive on-board networks makes it necessary to define and deploy adapted security policies. This paper discusses how to design policy engines that implement an effective enforcement in such architectures despite the complexity of the protocol stacks of on-board electronic control units. It also evaluates how policies expressed in XACML can be adapted to the automotive environment efficiency requirements despite the limited computational power of those units and network bandwidth limitations.


Security Policy XACML ASN.1 On-Board Policy Engine 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Arabica XML and HTML Processing Toolkit,
  2. 2.
  3. 3.
    Pugixml Benchmark,
  4. 4.
    The XML C Parser and toolkit of Gnome libxml,
  5. 5.
    Bar-El, H.: Intra-Vehicle Information Security Framework (September 2009)Google Scholar
  6. 6.
    BMW. EMVY: The Embedded Vehicular IT Security Construction Kit, Basic Concept (June 2009)Google Scholar
  7. 7.
    C2C-CC. Car2Car Communication Consortium,
  8. 8.
    Chilingaryan, S.: The XMLBench Project: Comparison of Fast, Multi-platform XML Libraries, pp. 21–34. Springer, Heidelberg (2009)Google Scholar
  9. 9.
    Chutorash, R.J.: Firewall for vehicle communication bus. In: International Patent Classification 7, WO/2000/009363, PCT/US1999/017852. European Patent Office (February 2000)Google Scholar
  10. 10.
    EASSIS. Security and firewall concepts for gateways. Technical Report Deliverable D1.2-12, EASIS-Project (2006)Google Scholar
  11. 11.
    Freescale. Mpc565 reference manual. Technical report, Freescale Semiconductor (2005)Google Scholar
  12. 12.
    Gerlach, M.,Leinmüller, T., Goldacker, G., Festag, A., Harsch, C.: Security architecture for vehicular communication. In: WIT 2005 (2005)Google Scholar
  13. 13.
    Cheng Haw, S., Krishna Rao, G.S.V.R.: A comparative study and benchmarking on xml parsers. In: The 9th International Conference on Advanced Communication Technology, vol. 1, pp. 321–325 (February 2007)Google Scholar
  14. 14.
    Hoppe, T., Kiltz, S., Dittmann, J.: Automotive IT-Security as a Challenge: Basic Attacks from the Black Box Perspective on the Example of Privacy Threats. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 145–158. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Kelling, E., Friedewald, M., Leimbach, T., Menzel, M., Säger, P., Seudié, H., Weyl, B.: Specification and evaluation of e-security relevant use cases. Technical Report Deliverable D2.1, EVITA Project (2009)Google Scholar
  16. 16.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (May 2010)Google Scholar
  17. 17.
    Moses, T.: eXtensible access control markup language TC v2.0 (XACML) (February 2005)Google Scholar
  18. 18.
    Navet, N.: Automotive communication systems: from dependability to security. In: 1st Seminar on Vehicular Communications and Applications (VCA 2011), Luxembourg (May 2011)Google Scholar
  19. 19.
    Papadimitratos, P.: Securing vehicular communications - assumptions, requirements, and principles. In: Workshop on Embedded Security in Cars, ESCAR (2006)Google Scholar
  20. 20.
    CVIS Project, Cooperative vehicle infrastructure systems,
  21. 21.
    EVITA Project. E-safety vehicle intrusion protected applications,
  22. 22.
    OVESEE Project. Open vehicular secure platform,
  23. 23.
    Raya, M., Papadimitratos, P., Hubaux, J.-P.: Securing vehicular communications. IEEE Wireless Communications Magazine 13, 8–15 (2006)CrossRefGoogle Scholar
  24. 24.
    Raya, M., Jungels, D., Papadimitratos, P., Aad, I., Hubaux, J.-P.: Certificate revocation in vehicular networks. Technical report (2006)Google Scholar
  25. 25.
    Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., Seskar, I.: Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study. In: Proceedings of the 19th USENIX Security Symposium, Washington, DC (August 2010)Google Scholar
  26. 26.
    Schmidt, A., Waas, F., Kersten, M., Carey, M.J., Manolescu, I., Busse, R.: Xmark: A benchmark for xml data management. In: VLDB, pp. 974–985 (2002)Google Scholar
  27. 27.
    Schweppe, H., Weyl, B., Roudier, Y., Sabir Idrees, M., Gendrullis, T., Wolf, M.: Securing car2X applications with effective hardware software codesign for vehicular on-board networks. In: VDI Automotive Security 27. VW-Gemeinschaftstagung Automotive Security, VDI Bericht 2131, Berlin, Germany (October 2011)Google Scholar
  28. 28.
    Schweppe, H., Roudier, Y., Weyl, B., Apvrille, L., Scheuermann, D.: Car2x communication: securing the last meter - a cost-effective approach for ensuring trust in car2x applications using in-vehicle symmetric cryptography. In: 4th IEEE International Symposium on Wireless Vehicular Communications, WIVEC 2011, San Francisco, CA, United States (September 2011)Google Scholar
  29. 29.
    International Telecommunication Union. Information Technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER), ITU-T Recommendation X.690. Technical report, ITU-T (2002)Google Scholar
  30. 30.
    International Telecommunication Union. Information Technology - ASN.1 encoding rules: Mapping W3C XML schema definitions into ASN.1, ITU-T Recommendation X.694. Technical report, ITU-T (2004)Google Scholar
  31. 31.
    International Telecommunication Union. Information Technology - ASN.1 encoding rules: Abstract Syntax Notation one (ASN.1): Specification of basic notation, ITU-T Recommendation X.680. Technical report, ITU-T (2008)Google Scholar
  32. 32.
    Weyl, B., Wolf, M., Zweers, F., Gendrullis, T., Sabir Idrees, M., Roudier, Y., Schweppe, H., Platzdasch, H., Khayari, R.E., Henniger, O., Scheuermann, D., Fuchsa, A., Apvrille, L., Pedroza, G., Seudie, H., Shokrollahi, J., Keil, A.: Secure On-board Architecture Specification. Technical Report Deliverable D3.2, EVITA Project (2010)Google Scholar
  33. 33.
    Wolf, M., Weimerskirch, A., Paar, C., Bluetooth, M.: Security in automotive bus systems. In: Proceedings of the Workshop on Embedded Security in Cars, ESCAR 2004 (2004)Google Scholar
  34. 34.
    Wu, Y., Zhang, Q., Yu, Z., Li, J.: A hybrid parallel processing for xml parsing and schema validation. In: Proceedings of Balisage: The Markup Conference 2008, Montréal, Canada, August 12-15. Balisage Series on Markup Technologies, vol. 1 (2008)Google Scholar
  35. 35.
    Zrelli, S., Miyaji, A., Shinoda, Y., Ernst, T.: Security and access control for vehicular communications. In: Proceedings of the 2008 IEEE International Conference on Wireless & Mobile Computing, Networking & Communication, pp. 561–566. IEEE Computer Society, Washington, DC (2008)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Muhammad Sabir Idrees
    • 1
  • Yves Roudier
    • 1
  1. 1.EURECOMFrance

Personalised recommendations