Page tree
Skip to end of metadata
Go to start of metadata

The set of requirements available here describe security needs for an IVI product (system level). It's recommended to apply them on a "GENIVI software platform" based product.

Data categories are based on persistency definitions:

  • User: User specific data
  • Application: Application specific data (neither shared within a group nor public)

Shared: Shared data within a group or public

 

Reference

Requirement

Priority

Comments

Reference

Requirement

Priority

Comments

VH-SEC-001

Data classification 

Data stored in, received or sent by a GENIVI product shall be classified in categories: 

- Node : collection of data needed by a GENIVI node to support all functional requirements (not user related) and coding parameters (download by a diagnosis tool) are included in that category 

- User : data attached to an user (e.g settings, last address, last user context, ...)

- Application : specific data attached to an application (e.g configuration)

P2

 

VH-SEC-002

Connected units classification 

External electronic units connected to the system (wired or not) shall be classified in categories:

- Automotive ECU : units linked through an automotive network and integrated in the car 

- Devices : CE devices like phones, USB sticks ... 

- Servers : back office

P2

 

VH-SEC-003

Services definition 

A functionality offered through a GENIVI platform (embedded or from servers undifferently) to applications is named service (e.g Radio, media playback, ...).

P2

 

VH-SEC-004

Confidential data 

All data which are strictly attached to an user or a company and in relation with payment, commercial services or privacy or system assets. That kind of data includes authentication secrets.

P1

 

VH-SEC-024

Security strategy

Least privilege strategy shall be applied to the system. Access to services, data and connections shall be granted on a strict needed basis at design or installation.

P2

 

VH-SEC-005

Node data access control 

Node data stored shall be accessed/modified/deleted only by authorized software components users and units.

P1

 

VH-SEC-006

User data access control 

User data stored in the system shall be accessed/modified/deleted only by authorized users, applications and software components.

P2

 

-SEC-007

Confidential user data access control 

Confidential user data shall be accessed/modified only by the owner.

P1

 

VH-SEC-008

Application data access control 

Application data stored in the system shall be accessed/modified/deleted only by authorized applications or user.

P2

 

VH-SEC-009

Node data integrity

Node data shall be protected against intentional corruptions (e.g. configuration, clock).

P2

 

VH-SEC-010

User data integrity 

User data shall be protected against intentional corruptions.

P2

 

VH-SEC-011

Application data integrity

Application data shall be protected against intentional corruptions.

P2

 

VH-SEC-012

Protection of confidential data in the system 

Confidential data (e.g connection credentials) shall be stored in a secure way into the system. The miminum level of protection shall be software encryption without secured storage.

P1

 

VH-SEC-013

Temporary data deletion 

All data stored temporary shall be erased from the system when they are no more valid (user change, application stop or removed, ...).

P2

 

VH-SEC-014

Temporary external device data deletion 

All user and node device's data stored temporary in the system shall be erased at de-connection.

P2

 

VH-SEC-015

Device connection authorizations 

Connection of external device shall be monitored/authenticated and rights shall be granted accordingly to its authorizations. User could validate a device before a connection to increase rights.

P2

 

VH-SEC-016

Integrity and origin of data exchanged with an external device 

Integrity and origin of data exchanged with an external device should be verified to prevent from tampering and replay. When the verification failed, the data shall not be processed.

P2

 

VH-SEC-017

Confidentiality of data exchanged with an external device 

Confidential data exchanged with an external device should be protected from reading.

P2

 

VH-SEC-017

Server connection authorizations 

Connection to/from external servers shall be monitored/authenticated and rights shall be granted accordingly to its authorizations.

P2

 

VH-SEC-018

Integrity and source of data exchanges with servers 

The system shall implement and use protocols to protect external exchanges with servers from spoofing, tampering or replay.

P2

 

VH-SEC-019

Confidentiality of exchanges with servers  

The system shall implement and use protocols to protect external exchanges of confidential data with servers from reading by third parties.

P2

 

VH-SEC-020

Services discovery and access authorizations 

Only authorized users and applications shall be able to discover and access services.

P2

 

VH-SEC-021

Diagnosis services access policy 

Access to diagnosis functionalities shall be restricted to authorized users, applications and devices.

P2

 

VH-SEC-022

Exchanges filtering 

The system shall filter incoming and outgoing data traffic according to a policy.

P2

 

VH-SEC-023

Inputs and output confidentiality 

User shall be notified when an input or output  is used whitout any request from him (e.g microphone, ...)

P2

 

VH-SEC-024

Security strategy 

Least privilege strategy shall be applied to the system. By default, software components shall have no access to services offered by the platform (least privilege strategy). Access rights are given during the installation.

P2

 

VH-SEC-025

Update security 

Integrity and authenticity of an update shall be verified before installation.

P1

 

VH-SEC-026

Update confidentiality 

Content of an update should not be readable by third parties.

P2

 

VH-SEC-027

Component downgrade

The system shall not allow version downgrade after a successfully installation.

P2

 

VH-SEC-028

Authorization to launch application or services 

The system shall start applications and services.

P2

 

VH-SEC-029

Network access security 

Only authorized applications, users and components shall be able to send or receive data on networks (CAN, ethernet, ...)

P2

 

VH-SEC-030

Integrity and source of data exchanges on automotive network 

The system should implement and use protocols to protect external exchanges on automotive networks from spoofing, tampering or replay.

P2

 

VH-SEC-031

Confidentiality of exchanges on automotive network 

The system should implement and use protocols to protect external exchanges of confidential data on automotive networks from reading by third parties.

P2

 

VH-SEC-032

Third-parties add-ons integrity at runtime 

Components not included in a system upgrade shall be launched in a protected context (segregation) to ensure system integrity at crash and global performances. 

P2

 

VH-SEC-033

Data freshness 

Each components shall verify data freshness (no processing if data are not up to date and notifications required).

P2

 

VH-SEC-034

Debug ports 

Debug ports shall be removed or protected during each phase of the product lifecycle.

P2

 

VH-SEC-035

Communication deny of service 

Exchange between the system and an external part shall not be perturbed by malicious activities inside the system.

P2

 

VH-SEC-036

Resource performance deny of service 

Feature performance should not be impact by malicious activities inside the system.

P1

 

VH-SEC-037

Non repudation of services 

Services provided by the system should not be denounced (Non-repudiation)

P2

 

VH-SEC-038

Content copyrights 

The system shall respect applicable copyright laws and not allow illegal duplication.

P1

 
  • No labels