Connected cars have a lot of potential to positively impact the way we travel. They can drastically reduce accidents on the roads by enabling real-time and location-sensitive communication between drivers or even pedestrians. Apart from safety they also hold infinite possibilities for creative technological applications. But this also exposes cars to internet supported functionality, they are also open to the same cybersecurity threats.
To meet this challenge, Maanak Gupta, doctoral candidate at The University of Texas at San Antonio, and Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS), have created an authorization framework for connected cars which provides a conceptual overview of various access control decision and enforcement points needed for dynamic and short-lived interaction in smart cars ecosystem.
Gupta and Sandhu framework proposes an access control oriented architecture for connected cars and authorization framework, which is a key to determine what and where vulnerabilities can be exploited. They further discuss several approaches to mitigate cyber threats in this ecosystem.
Using this framework, the team at ICS is trying to create and use security authorization policies in different access control decision points to prevent cyber attacks and unauthorized access to sensors and data in smart cars.