XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles

The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, s...

Descripción completa

Detalles Bibliográficos
Autores principales: Ashutosh, Ashish, Gerl, Armin, Wagner, Simon, Brunie, Lionel, Kosch, Harald
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9959851/
https://www.ncbi.nlm.nih.gov/pubmed/36850360
http://dx.doi.org/10.3390/s23041763
_version_ 1784895380905787392
author Ashutosh, Ashish
Gerl, Armin
Wagner, Simon
Brunie, Lionel
Kosch, Harald
author_facet Ashutosh, Ashish
Gerl, Armin
Wagner, Simon
Brunie, Lionel
Kosch, Harald
author_sort Ashutosh, Ashish
collection PubMed
description The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, such as the cloud, road infrastructure, other vehicles, pedestrians, and smart grids, using either cellular or wireless networks. This vehicle data are distributed, private, and vulnerable, which can compromise the safety and security of vehicles and their passengers. It is therefore necessary to design an access control mechanism around the vehicle data’s unique attributes and distributed nature. Since connected vehicles operate in a highly dynamic environment, it is important to consider context information such as location, time, and frequency when designing a fine-grained access control mechanism. This leads to our research question: How can Attribute-Based Access Control (ABAC) fulfill connected vehicle requirements of Signal Access Control (SAC), Time-Based Access Control (TBAC), Location-Based Access Control (LBAC), and Frequency-Based Access Control (FBAC)? To address the issue, we propose a data flow model based on Attribute-Based Access Control (ABAC) called eXtensible Access Control Markup Language for Mobility (XACML4M). XACML4M adds additional components to the standard eXtensible Access Control Markup Language (XACML) to satisfy the identified requirements of SAC, TBAC, LBAC, and FBAC in connected vehicles. Specifically, these are: Vehicle Data Environment (VDE) integrated with Policy Enforcement Point (PEP), Time Extensions, GeoLocation Provider, Polling Frequency Provider, and Access Log Service. We implement a prototype based on these four requirements on a Raspberry Pi 4 and present a proof-of-concept for a real-world use case. We then perform a functional evaluation based on the authorization policies to validate the XACML4M data flow model. Finally, we conclude that our proposed XACML4M data flow model can fulfill all four of our identified requirements for connected vehicles.
format Online
Article
Text
id pubmed-9959851
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-99598512023-02-26 XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles Ashutosh, Ashish Gerl, Armin Wagner, Simon Brunie, Lionel Kosch, Harald Sensors (Basel) Article The automotive industry is experiencing a transformation with the rapid integration of software-based systems inside vehicles, which are complex systems with multiple sensors. The use of vehicle sensor data has enabled vehicles to communicate with other entities in the connected vehicle ecosystem, such as the cloud, road infrastructure, other vehicles, pedestrians, and smart grids, using either cellular or wireless networks. This vehicle data are distributed, private, and vulnerable, which can compromise the safety and security of vehicles and their passengers. It is therefore necessary to design an access control mechanism around the vehicle data’s unique attributes and distributed nature. Since connected vehicles operate in a highly dynamic environment, it is important to consider context information such as location, time, and frequency when designing a fine-grained access control mechanism. This leads to our research question: How can Attribute-Based Access Control (ABAC) fulfill connected vehicle requirements of Signal Access Control (SAC), Time-Based Access Control (TBAC), Location-Based Access Control (LBAC), and Frequency-Based Access Control (FBAC)? To address the issue, we propose a data flow model based on Attribute-Based Access Control (ABAC) called eXtensible Access Control Markup Language for Mobility (XACML4M). XACML4M adds additional components to the standard eXtensible Access Control Markup Language (XACML) to satisfy the identified requirements of SAC, TBAC, LBAC, and FBAC in connected vehicles. Specifically, these are: Vehicle Data Environment (VDE) integrated with Policy Enforcement Point (PEP), Time Extensions, GeoLocation Provider, Polling Frequency Provider, and Access Log Service. We implement a prototype based on these four requirements on a Raspberry Pi 4 and present a proof-of-concept for a real-world use case. We then perform a functional evaluation based on the authorization policies to validate the XACML4M data flow model. Finally, we conclude that our proposed XACML4M data flow model can fulfill all four of our identified requirements for connected vehicles. MDPI 2023-02-04 /pmc/articles/PMC9959851/ /pubmed/36850360 http://dx.doi.org/10.3390/s23041763 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Ashutosh, Ashish
Gerl, Armin
Wagner, Simon
Brunie, Lionel
Kosch, Harald
XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title_full XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title_fullStr XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title_full_unstemmed XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title_short XACML for Mobility (XACML4M)—An Access Control Framework for Connected Vehicles
title_sort xacml for mobility (xacml4m)—an access control framework for connected vehicles
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9959851/
https://www.ncbi.nlm.nih.gov/pubmed/36850360
http://dx.doi.org/10.3390/s23041763
work_keys_str_mv AT ashutoshashish xacmlformobilityxacml4manaccesscontrolframeworkforconnectedvehicles
AT gerlarmin xacmlformobilityxacml4manaccesscontrolframeworkforconnectedvehicles
AT wagnersimon xacmlformobilityxacml4manaccesscontrolframeworkforconnectedvehicles
AT brunielionel xacmlformobilityxacml4manaccesscontrolframeworkforconnectedvehicles
AT koschharald xacmlformobilityxacml4manaccesscontrolframeworkforconnectedvehicles

Ejemplares similares