| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 劉哲豪 | zh_TW |
| DC.creator | Che-Hao Liu | en_US |
| dc.date.accessioned | 2020-1-14T07:39:07Z | |
| dc.date.available | 2020-1-14T07:39:07Z | |
| dc.date.issued | 2020 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=104522118 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 隨著科技的日新月異,車用電腦也發展得越來越完全。而近幾年自駕車、車用資訊娛樂系統也變得越來越成熟,許多產品也實際的被應用在真實世界裡。也因此車用資訊娛樂系統的安全性便受到了重視。而Automotive Grade Linux (AGL)是Linux Foundation的開源專案項目之一,此一開源專案主要目的在於提供一個可供各大車廠使用的車用資訊娛樂系統。由於AGL可以直接存取車上的ECU,因此若是遭到惡意攻擊者的攻擊,則攻擊者便可能得到整台車的控制權,進而影響駕駛人的生命安全。
本篇論文將透過Linux security module — SMACK 搭配Access Control List (ACL),對AGL上的程式進行權限控管,進而實做出應用程式白名單機制,此機制能夠在不更動原有AGL的系統架構及不影響AGL原有系統程式的執行狀況下,有效地加強AGL的安全防護。
為了證明此機制的可行性,我們實際應用在AGL的系統上,並透過遠端攻擊的方式測試是否能夠攻擊成功。實驗結果顯示這樣的機制確實能夠有效的防止惡意攻擊者的遠端攻擊。
| zh_TW |
| dc.description.abstract | In recent years, self-driving and in-vehicle systems have become more and more mature, and many products have actually been applied in the real world. Therefore, the security of the in-vehicle system has received attention. Automotive Grade Linux (AGL) is one of the Linux Foundation′s open source project. The main purpose of this open source project is to provide a car infotainment system that can be used by major car manufacturers. Since AGL can directly access the Electronic Control Unit (ECU), if it is attacked by a malicious attacker, the attacker may gain control of the entire car, thereby affecting the life of the driver.
This paper will use Linux security module – SMACK and Access Control List (ACL) to control the access permission of program on AGL, and then implement the application whitelist mechanism. This mechanism could enhance the security on AGL, and it would not change the original AGL system architecture.
In order to prove the feasibility of this mechanism, we apply it to the real AGL system and test whether it can be successfully attacked by remote attacker. Experimental results show that such a mechanism can effectively prevent remote attacks by malicious attackers.
| en_US |
| DC.subject | 白名單 | zh_TW |
| DC.subject | 資訊安全 | zh_TW |
| DC.subject | whitelisting | en_US |
| DC.subject | security | en_US |
| DC.title | SMACK-based application whitelisting on AGL | zh_TW |
| dc.language.iso | zh-TW | zh-TW |
| DC.title | SMACK-based application whitelisting on AGL | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |