Integration of Attribute-based Access Control into Automotive Architectures

The transformation in the automotive industry continues and topics such as intelligent software applications and over-the-air connectivity push future vehicle innovations, which will lead to a further increase in the number of connected vehicles in the upcoming years. Many wireless connections between vehicles to the infrastructure or mobile devices arise. In order to protect this communication against security attacks, various protection mechanisms have to be integrated into the vehicle to ensure information security. One of these measures is the implementation of a distributed access control to protect different communication channels against unauthorized access attempts. This requires a well-defined assignment of access permissions for each communication node combined with certain environmental conditions such as location, time or vehicle state. However, current automotive systems do not have extensive access controls. Only for the execution of safety-critical diagnostic services an extended authorization level is available. In this publication, we present an attribute-based access control, which is specifically designed for an automotive E/E architecture with several domain controllers. Furthermore, we evaluate our approach with a proof-of-concept for an exemplary diagnostic service request.