SecPol: Enabling Security Policy Control in Vehicle Networks using Intrusion Detection and Hardware Trust

As vehicle networks become more complex to enable more advanced features like autonomous driving, their cyberattack surface increases. Containing such cyberattacks always requires more sophisticated and adaptive security approaches. The secure implementation of usage control systems for use in vehicle networks is particularly important, as increasing communication with external entities offers attackers new opportunities to penetrate such networks. Modern off-the-shelf access management systems have difficulty dynamically adapting to new situations or responding to potential attacks. To improve the security and adaptability of policy-driven usage control systems, we propose the integration of additional in-vehicle security measurement and verification mechanisms based on intrusion detection and hardware trust anchors. This allows to incorporate boot and runtime security incidents into appropriate policy decisions. We discuss the possible uses and effects of this approach using common intrusion scenarios as examples, and evaluate the approach with two exemplary implementations based on an open-source and a proprietary usage control system. Finally, we propose an architecture to integrate the recommended security measures into security incident processing controlled by a security operations center. The use cases given are from the automotive sector, but variations of the protocols and communication mechanisms are also used in airplanes and trains, and the approach can therefore be extended to multimodal applications and other resource-constraint IOT networks.