loading
Documents

Research.Publish.Connect.

Paper

Authors: Benjamin Eriksson ; Jonas Groth and Andrei Sabelfeld

Affiliation: Department of Computer Science and Engineering, Chalmers University of Technology, Gothenburg and Sweden

ISBN: 978-989-758-374-2

Keyword(s): In-vehicle App Security, API Security, Program Analysis for Security, Infotainment, Information Flow Control, Android Automotive.

Abstract: Digitalization has revolutionized the automotive industry. Modern cars are equipped with powerful Internet-connected infotainment systems, comparable to tablets and smartphones. Recently, several car manufacturers have announced the upcoming possibility to install third-party apps onto these infotainment systems. The prospect of running third-party code on a device that is integrated into a safety critical in-vehicle system raises serious concerns for safety, security, and user privacy. This paper investigates these concerns of in-vehicle apps. We focus on apps for the Android Automotive operating system which several car manufacturers have opted to use. While the architecture inherits much from regular Android, we scrutinize the adequateness of its security mechanisms with respect to the in-vehicle setting, particularly affecting road safety and user privacy. We investigate the attack surface and vulnerabilities for third-party in-vehicle apps. We analyze and suggest enhancements to such traditional Android mechanisms as app permissions and API control. Further, we investigate operating system support and how static and dynamic analysis can aid automatic vetting of in-vehicle apps. We develop AutoTame, a tool for vehicle-specific code analysis. We report on a case study of the countermeasures with a Spotify app using emulators and physical test beds from Volvo Cars. (More)

PDF ImageFull Text

Download
Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.232.99.123

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Eriksson, B.; Groth, J. and Sabelfeld, A. (2019). On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform.In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS, ISBN 978-989-758-374-2, pages 64-75. DOI: 10.5220/0007678200640075

@conference{vehits19,
author={Benjamin Eriksson. and Jonas Groth. and Andrei Sabelfeld.},
title={On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform},
booktitle={Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,},
year={2019},
pages={64-75},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007678200640075},
isbn={978-989-758-374-2},
}

TY - CONF

JO - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,
TI - On the Road with Third-party Apps: Security Analysis of an In-vehicle App Platform
SN - 978-989-758-374-2
AU - Eriksson, B.
AU - Groth, J.
AU - Sabelfeld, A.
PY - 2019
SP - 64
EP - 75
DO - 10.5220/0007678200640075

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.