W3C home > Mailing lists > Public > public-automotive@w3.org > October 2015

Possible Security and Privacy Next Steps

From: Ted Guild <ted@w3.org>
Date: Mon, 26 Oct 2015 22:50:09 -0400
Message-ID: <1445914209.2028.103.camel@w3.org>
To: public-automotive <public-automotive@w3.org>
I propose in addition to repeated iteration through the three steps
(list use cases, review in detail identifying attacks vectors, derive
requirements) as Junichi recommended we need to consider additional next
steps.  Here are few that occur to me and for all we should survey other
groups at W3C who may have approached similar problems so that we can
leverage or learn from.

Access Control Mechanism

There will be inter-process security restrictions imposed by the
operating system.  There is also a need to be able to do similar in the
web runtime.  For both it is beneficial to have granular access control
on our data spec.  This may be a separate document.  We discussed
perhaps a tiered approach and it should allow for implementers to define
their preferred different privileged tiers and attributes at that
tier.  

Best Practices for Web Runtime in IVI

Since the web runtime will have external interactions we should review
the various use cases and attack vectors.  This is not directly related
to our specifications but the environment app written against these
specs will be operating in so most likely a Best Practices document.
Mitigating these concerns are more likely going to be from enforcement
systems in the operating system although some elements may be in the web
runtime itself.  A sample possible mitigation technique could be for the
OS to require all external web site/service interactions to go through a
proxy server that manages certificates of sanctioned sites and does data
sampling for integrity checks. 

Entity preferences profile

For individual users, owners and applications to be able to define
personal, payment, vehicle and other information.

-- 
Ted Guild <ted@w3.org>
W3C Systems Team
http://www.w3.org

Received on Tuesday, 27 October 2015 02:52:23 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 24 October 2017 18:52:44 UTC