diff options
| author |   Sebastien Douheret <sebastien.douheret@iot.bzh> | 2018-07-10 12:22:23 +0200 |
|---|---|---|
| committer |   ronan [iot.bzh] <ronan.lemartret@iot.bzh> | 2018-07-12 13:33:16 +0200 |
| commit | 65e5842f843aa67395fce171c8ce602c085d0c11 (patch) | |
| tree | 9e58ab8293478064bc9df116aa55411f6e06dcca /sec-blueprint/04-security-concepts.md | |
| parent | e0df0544ae03e4b5021a4264c608d481659a4be2 (diff) | |
Removed old Security Blueprint chapter: SPEC-1502
As announced on the AGL mailing list and knowing that all sections
and info of old Security Blueprint have been included into 'new'
Security Blueprint, the 'old' Sec Blueprintpart can be removed from
documentation.
Signed-off-by: Sebastien Douheret <sebastien.douheret@iot.bzh>
Diffstat (limited to 'sec-blueprint/04-security-concepts.md')
| -rw-r--r-- | sec-blueprint/04-security-concepts.md | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/sec-blueprint/04-security-concepts.md b/sec-blueprint/04-security-concepts.md deleted file mode 100644 index 5080b4c..0000000 --- a/sec-blueprint/04-security-concepts.md +++ /dev/null @@ -1,88 +0,0 @@ ---- - -title : Security Concepts -date : 2017-07-07 -categories: architecture, automotive -tags: architecture, automotive, linux -layout: techdoc - ---- - -**Table of Content** - -1. TOC -{:toc} - - -This document addresses the following security concepts that help make -connected vehicles less vulnerable to security threats. - -## Secure Boot - -Secure boot refers to preventing malicious software applications and -"unauthorized" operating systems from loading during the system start-up -process. The goal is to protect users from rootkits and other -low-level malware attacks. Modern bootloaders come with features that -can be used to enable secure boot in the system. - -## Software Integrity - -The goal of software integrity is to ensure that all software running on -a system has not been altered in any way, either accidentally or -maliciously. This is typically achieved by checking a file's hash or -signature against a protected, “good” value that exists in the system. -Maintaining software integrity ensures that your system behaves as -intended. In principle, it protects the system against any malicious -code trying to tamper your system. - -## Secure Update/Upgrade - -Software updates in connected vehicles are a very useful feature, which -can deliver significant benefits. If not implemented with security in -mind, software updates can incur serious vulnerabilities. Any software -update system must ensure that not only are the software updates to -devices done in a secure way, but also that the repositories and servers -hosting these updates are adequately protected. As the process of updating -software migrates from a `Dealership` update model towards an `Over-The-Air` -update model, securing these processes becomes a high priority. - -## Layered Security - -It has been well established amongst software security researchers, that -a layered approach to security ensures a stronger protection against attackers. -A multi-layered approach to security should be included when designing the -architecture of a connected car. The goal is to ensure that even if one layer -of security is compromised, the other layers will protect the platform, while at the -same time making it harder for attackers to breach the security of the -system. - -## Read-Only File Systems - -When following a layered security design, one simple yet effective way -to protect the platform is to make the file system read-only. It is -important to note that making the filesystem read-only is not a -foolproof security mechanism. It does, however, make life more complex -for an attacker. - -## Mandatory Access Control - -Mandatory Access Control (MAC) refers to a type of access control in a -Linux system that constrains the ability of a “subject” to access a -“resource”. The Linux kernel makes these decisions based on a -pre-existing policy. User are not allowed to override or modify this -policy, either accidentally or intentionally. MAC uses the underlying -kernel framework of Linux Security Modules (LSM). There are multiple -LSMs available including SELinux, Simplified Mandatory Access Control -Kernel (SMACK), AppArmor and others. AGL uses SMACK as the MAC. - -## Secured Applications - -Applications in the modern car are steadily improving the dashboard and -control of the car. Applications have also proven to be frequent point -of attack for hackers. In AGL, The term of Application (App) has a very -wide definition. Almost anything which is not in the core OS is considered -an Application. At the same time, when talking about the security of applications, -any mobile applications that have been designed to interact with the car -must also be considered. Secured applications are mission-critical for OEMs -who want to meet customer expectations for innovative software features, -while ensuring the safety and proper functioning of their vehicles. |