Two researchers in Texas have created an access control framework for connected cars to reduce the risk of cyber security breaches.
The website EurekAlert say University of Texas San Antonio doctoral candidate Maanak Gupta and computer science Professor Ravi Sandhu from the UTSA Institute for Cyber Security have examined the cybersecurity risks for new generations of smart vehicles which includes both autonomous and internet connected cars.
The pair have created an authorisation framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.
The report adds that the Gupta and Sandhu framework discussed an access control oriented architecture for connected cars and proposed authorisation framework, which is a key to determine what and where vulnerabilities can be exploited. They further discuss several approaches to mitigate cyber threats in this ecosystem.
It says that by using this framework, the team at ICS is trying to create and use security authorisation policies in different access control decision points to prevent cyber attacks and unauthorised access to sensors and data in smart cars.
“There are infinite opportunities in this new IoT domain but at the same time cyber threats will have serious implications in smart cars. Can you imagine if someone controls your car steering remotely, or shuts down the engine in the middle of the road?” Gupta is quoted as saying. “There should not be absolutely any open end to orchestrate attacks on these cars.”
EurekAlert adds that, according to Gupta, the authorisation framework can also be applied to driverless cars, noting that these vehicles may be even more vulnerable to cyber threats.
“If we’re going to open the world to cars driven by machines, we must be absolutely certain that they aren’t able to be compromised by a malicious attack,” he said. “That it what this framework is for.”