diff options
| author | Vikas Marwaha <vikasmarwaha@google.com> | 2017-09-01 22:53:11 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-09-01 22:53:11 +0000 |
| commit | 6aa06885f0cb3d931a0fe552304f372ac3f3baf4 (patch) | |
| tree | 6b5d70cc8d08400c5eceec2fa028b1e8ed2f550a | |
| parent | 5a85283743a6f4677032c9099149d5619b4698fa (diff) | |
| parent | 9b20c91d337933a1e6aa465ee639bc298c1f32ea (diff) | |
| download | platform_compatibility_cdd-6aa06885f0cb3d931a0fe552304f372ac3f3baf4.tar.gz platform_compatibility_cdd-6aa06885f0cb3d931a0fe552304f372ac3f3baf4.tar.bz2 platform_compatibility_cdd-6aa06885f0cb3d931a0fe552304f372ac3f3baf4.zip | |
Merge "Docs: Restructure section 9.14." into oc-dev am: bc1609d903
am: 9b20c91d33
Change-Id: I9cc6bcef4a5e1ea4c3fdfc11dc6d801df6dc53f0
| -rw-r--r-- | 9_security-model/9_14_automotive-system-isolation.md | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/9_security-model/9_14_automotive-system-isolation.md b/9_security-model/9_14_automotive-system-isolation.md index ec790745..a1d5276a 100644 --- a/9_security-model/9_14_automotive-system-isolation.md +++ b/9_security-model/9_14_automotive-system-isolation.md @@ -1,15 +1,16 @@ ## 9.14\. Automotive Vehicle System Isolation Android Automotive devices are expected to exchange data with critical vehicle -subsystems, e.g., by using the [vehicle HAL](http://source.android.com/devices/automotive.html) -to send and receive messages over vehicle networks such as CAN bus. Android -Automotive device implementations MUST implement security features below the -Android framework layers to prevent malicious or unintentional interaction -between the Android framework or third-party apps and vehicle subsystems. These -security features are as follows: +subsystems by using the [vehicle HAL](http://source.android.com/devices/automotive.html) +to send and receive messages over vehicle networks such as CAN bus. -* Gatekeeping messages from Android framework vehicle subsystems, e.g., - whitelisting permitted message types and message sources. -* Watchdog against denial of service attacks from the Android framework or - third-party apps. This guards against malicious software flooding the vehicle - network with traffic, which may lead to malfunctioning vehicle subsystems. +The data exchange can be secured by implementing security features below the +Android framework layers to prevent malicious or unintentional interaction with +these subsystems. Automotive device implementations: + +* [A-0-1] MUST gatekeep messages from Android framework vehicle subsystems, +e.g., whitelisting permitted message types and message sources. +* [A-0-2] MUST watchdog against denial of service attacks from the Android +framework or third-party apps. This guards against malicious software flooding +the vehicle network with traffic, which may lead to malfunctioning vehicle +subsystems.
\ No newline at end of file |