Combining Third Party Components Securely in Automotive Systems

Hun Cheah, Siraj Shaikh, Jeremy Bryans, Hoang Nga Nguyen

    Research output: Chapter in Book/Report/Conference proceedingConference proceedingpeer-review

    9 Citations (Scopus)


    Vehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design.
    Original languageEnglish
    Title of host publicationInformation Security Theory and Practice
    EditorsSara Foresti, Javier Lopez
    PublisherSpringer Verlag
    Volume9895 LNCS
    ISBN (Print)978-3-319-45930-1
    Publication statusPublished - Sept 2016
    Event10th IFIP WG 11.2 International Conference, WISTP 2016 - Heraklion, Crete, Greece
    Duration: 26 Sept 201627 Sept 2016
    Conference number: 10


    Conference10th IFIP WG 11.2 International Conference, WISTP 2016

    Bibliographical note

    This book chapter/conference paper is not available on the repository. It was given at the 10th IFIP WG 11.2 International Conference, WISTP 2016, Heraklion, Crete, Greece, September 26–27, 2016


    • Automotive security Attack trees Secure design Security testing Bluetooth


    Dive into the research topics of 'Combining Third Party Components Securely in Automotive Systems'. Together they form a unique fingerprint.

    Cite this