Application Controlled Secure Dynamic Firewall for Automotive Digital Cockpit 2021-01-0140
Automotive digital cockpit is growing multi-dimensionally through multiple numbers of applications for driver assistance and user activities. The exponential growth of diverse applications provides global connectivity to the vehicles, but it equally provides a passage for the global security threats to reach the automotive surface by increasing the attack surfaces on the vehicles. The controlled interaction of the vehicular applications with the external digital world protects vehicular confidentiality and integrity, where the violation of which affects the automotive safety and security. The controlled interaction of the applications is achieved through a firewall system either to pass or block traffic through the networking interface. The opening and closing of ports using static and dynamic firewall suffer from their own shortcomings, where those instances provide open ports for the attackers to launch the attacks by accessing the ports. Here a novel firewall mechanism is proposed to resolve the shortcomings of the traditional static and dynamic firewalls, where the application mapped IP table allows the interaction and communication through the network firewall manager. In the proposed approach, the network firewall manager provides bi-directional interface between ports and applications for requests and responses using the IP table. The application requests are routed to the specific applications through their uniquely assigned ID after validating the request in the firewall database which contains the application-specific firewall rules. The network firewall manager allows the applications to release or drop rules by the controlled communicationT with the intended applications using the assigned applications IDs by achieving multithreading. The approach handles the requests and responses through an application-specific control to eliminate the shortcomings of both static and dynamic firewalls by also maintaining a list of suspicious access.