摘要
在面向服务的多域电子电气架构下,大量的异构服务被部署在车内,用于自主驾驶、安全、舒适和远程诊断等目的。随着与外界交互的增多,车载网络存在递增的安全风险。本文提出了一种安全访问控制机制,以防止车内域控制器受到未经认证和授权的访问请求。首先,文中基于智能网联汽车的安全需求分析,提出了一个基于属性的访问控制的访问控制架构,该架构不仅支持细粒度和灵活的授权还支持基于逐流过滤与监测的在线权限检测。其次,用一个五元组给出形式化的访问控制模型,该模型用数学方法描述了主体、客体、策略和请求,并提出了一个基于哈希的策略评估引擎。最后,安全访问序列通过会话建立和安全通信保证了访问控制过程中的机密性、完整性和可用性。
Under the service-oriented multi-domain electrical and electronic architecture,a large number of heterogeneous services are deployed in the vehicle for purposes such as autonomous driving,safety,comfort,and remote diagnosis.With the increasing interaction with the outside world,there are incremental security risks in the in-vehicle network.In this paper,a secure access control mechanism is proposed to prevent unauthenticated and unauthorized access requests to the in-vehicle domain controllers.Firstly,an access control architecture for attributebased access control is proposed based on the analysis of security requirements of intelligent connected vehicle,which supports not only fine-grained and flexible authorization but also online permission detection based on perstream filtering and policing.Secondly,a formal access control model is given in terms of a five-tuple,which mathematically describes the subject,object,policy and request,and proposes a hash-based policy evaluation engine.Finally,the secure access sequence guarantees confidentiality,integrity and availability of the access control process through session establishment and secure communication.
作者
杨震宇
罗峰
王子通
任毅
张晓先
Yang Zhenyu;Luo Feng;Wang Zitong;Ren Yi;Zhang Xiaoxian(School of Automotive Studies,Tongji University,Shanghai 201804;ISOFT Infrastructure Software Co.,Ltd.,Shanghai 200125)
出处
《汽车工程》
EI
CSCD
北大核心
2023年第9期1626-1636,共11页
Automotive Engineering
基金
上海市浦东新区科技发展基金产学研专项(未来车)(PKX2022-W01)
国家大学生创新创业训练计划项目(H1005CN22232184)资助。
