XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
Author:
Ashutosh Ashish12ORCID, Gerl Armin2ORCID, Wagner Simon2, Brunie Lionel1, Kosch Harald2ORCID
Affiliation:
1. INSA Lyon, CNRS, LIRIS UMR 5205, 69100 Lyon, France 2. Chair of Distributed Information Systems, Faculty of Computer Science and Mathematics, University of Passau, 94032 Passau, Germany
Abstract
The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, such as the cloud, road infrastructure, other vehicles, pedestrians, and smart grids, using either cellular or wireless networks. This vehicle data are distributed, private, and vulnerable, which can compromise the safety and security of vehicles and their passengers. It is therefore necessary to design an access control mechanism around the vehicle data’s unique attributes and distributed nature. Since connected vehicles operate in a highly dynamic environment, it is important to consider context information such as location, time, and frequency when designing a fine-grained access control mechanism. This leads to our research question: How can Attribute-Based Access Control (ABAC) fulfill connected vehicle requirements of Signal Access Control (SAC), Time-Based Access Control (TBAC), Location-Based Access Control (LBAC), and Frequency-Based Access Control (FBAC)? To address the issue, we propose a data flow model based on Attribute-Based Access Control (ABAC) called eXtensible Access Control Markup Language for Mobility (XACML4M). XACML4M adds additional components to the standard eXtensible Access Control Markup Language (XACML) to satisfy the identified requirements of SAC, TBAC, LBAC, and FBAC in connected vehicles. Specifically, these are: Vehicle Data Environment (VDE) integrated with Policy Enforcement Point (PEP), Time Extensions, GeoLocation Provider, Polling Frequency Provider, and Access Log Service. We implement a prototype based on these four requirements on a Raspberry Pi 4 and present a proof-of-concept for a real-world use case. We then perform a functional evaluation based on the authorization policies to validate the XACML4M data flow model. Finally, we conclude that our proposed XACML4M data flow model can fulfill all four of our identified requirements for connected vehicles.
Funder
Université franco-Allemande/Deutsch-Französische Hochschule
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference47 articles.
1. Privacy implications and liability issues of autonomous vehicles;Collingwood;Inf. Commun. Technol. Law,2017 2. Miller, C., and Valasek, C. (2015, January 1–4). Remote exploitation of an unaltered passenger vehicle. Proceedings of the Black Hat USA, Las Vegas, NV, USA. 3. Pesé, M.D., and Shin, K.G. (2019). Survey of Automotive Privacy Regulations and Privacy-Related Attacks, SAE Technical Paper; SAE International. 4. Krontiris, I., Grammenou, K., Terzidou, K., Zacharopoulou, M., Tsikintikou, M., Baladima, F., Sakellari, C., and Kaouras, K. (2020, January 2). Autonomous Vehicles: Data Protection and Ethical Considerations. Proceedings of the Computer Science in Cars Symposium, CSCS ’20, Feldkirchen, Germany. 5. Rumez, M., Duda, A., Gründer, P., Kriesten, R., and Sax, E. (2019, January 9–12). Integration of Attribute-based Access Control into Automotive Architectures. Proceedings of the 2019 IEEE Intelligent Vehicles Symposium (IV), Paris, France.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|