diff options
Diffstat (limited to 'sec-blueprint/04-security-concepts.md')
-rw-r--r-- | sec-blueprint/04-security-concepts.md | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/sec-blueprint/04-security-concepts.md b/sec-blueprint/04-security-concepts.md deleted file mode 100644 index 5080b4c..0000000 --- a/sec-blueprint/04-security-concepts.md +++ /dev/null @@ -1,88 +0,0 @@ ---- - -title : Security Concepts -date : 2017-07-07 -categories: architecture, automotive -tags: architecture, automotive, linux -layout: techdoc - ---- - -**Table of Content** - -1. TOC -{:toc} - - -This document addresses the following security concepts that help make -connected vehicles less vulnerable to security threats. - -## Secure Boot - -Secure boot refers to preventing malicious software applications and -"unauthorized" operating systems from loading during the system start-up -process. The goal is to protect users from rootkits and other -low-level malware attacks. Modern bootloaders come with features that -can be used to enable secure boot in the system. - -## Software Integrity - -The goal of software integrity is to ensure that all software running on -a system has not been altered in any way, either accidentally or -maliciously. This is typically achieved by checking a file's hash or -signature against a protected, “good” value that exists in the system. -Maintaining software integrity ensures that your system behaves as -intended. In principle, it protects the system against any malicious -code trying to tamper your system. - -## Secure Update/Upgrade - -Software updates in connected vehicles are a very useful feature, which -can deliver significant benefits. If not implemented with security in -mind, software updates can incur serious vulnerabilities. Any software -update system must ensure that not only are the software updates to -devices done in a secure way, but also that the repositories and servers -hosting these updates are adequately protected. As the process of updating -software migrates from a `Dealership` update model towards an `Over-The-Air` -update model, securing these processes becomes a high priority. - -## Layered Security - -It has been well established amongst software security researchers, that -a layered approach to security ensures a stronger protection against attackers. -A multi-layered approach to security should be included when designing the -architecture of a connected car. The goal is to ensure that even if one layer -of security is compromised, the other layers will protect the platform, while at the -same time making it harder for attackers to breach the security of the -system. - -## Read-Only File Systems - -When following a layered security design, one simple yet effective way -to protect the platform is to make the file system read-only. It is -important to note that making the filesystem read-only is not a -foolproof security mechanism. It does, however, make life more complex -for an attacker. - -## Mandatory Access Control - -Mandatory Access Control (MAC) refers to a type of access control in a -Linux system that constrains the ability of a “subject” to access a -“resource”. The Linux kernel makes these decisions based on a -pre-existing policy. User are not allowed to override or modify this -policy, either accidentally or intentionally. MAC uses the underlying -kernel framework of Linux Security Modules (LSM). There are multiple -LSMs available including SELinux, Simplified Mandatory Access Control -Kernel (SMACK), AppArmor and others. AGL uses SMACK as the MAC. - -## Secured Applications - -Applications in the modern car are steadily improving the dashboard and -control of the car. Applications have also proven to be frequent point -of attack for hackers. In AGL, The term of Application (App) has a very -wide definition. Almost anything which is not in the core OS is considered -an Application. At the same time, when talking about the security of applications, -any mobile applications that have been designed to interact with the car -must also be considered. Secured applications are mission-critical for OEMs -who want to meet customer expectations for innovative software features, -while ensuring the safety and proper functioning of their vehicles. |