User: Password:
Subscribe / Log in / New account

Linux and automotive computing security

Linux and automotive computing security

Posted Oct 10, 2012 22:53 UTC (Wed) by cesarb (subscriber, #6266)
In reply to: Linux and automotive computing security by rgmoore
Parent article: Linux and automotive computing security

> You can't even fix the problem with one-way information flow between critical and non-critical components, because there are valid reasons for wanting to send information the other way.

You could combine one-way information flow with a default-deny firewall on the opposite direction, with very strict format checks. If implemented properly, only a few exact packets would be able to pass, with a result similar to a bundle of discrete wires. (It would be a set of rules somewhat like: allow only the exact packet 010203x4, with x being only 1, 2, or 3.)

Of course, that adds cost, power, and space usage, since the firewall would have to be a separate discrete component, and you would need one for each device straddling separate integrity domains. You also lose flexibility, since you would have to replace the firewall component if you need to add more functionality in the direction it filters.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds