Abstract
This work introduces the concept of a dual-layer specification structure for standards that separates interoperability functions, such as backward compatibility, localization, and deployment, from those essential to reliability, security, and functionality. The latter group of features, which constitute the actual standard, make up the baseline layer for instructions, while all the elements required for interoperability are specified in a second layer, known as a Protocols, Operations, Usage, and Formats (POUF) document. We applied this technique in the development of a standard for Uptane [1], a security framework for over-the-air (OTA) software updates used in many automobiles. This standard is a good candidate for a dual-layer specification because it requires communication between entities, but does not require a specific format for this communication. By deferring wire protocols and other implementation details to POUFs, the creators of the Uptane Standard were able to focus on the basic procedures and operations needed to secure automotive updates. We demonstrate the effectiveness of this format by specifying a POUF for the Uptane Reference Implementation [2].
Original language | English (US) |
---|---|
Pages (from-to) | 113-129 |
Number of pages | 17 |
Journal | SAE International Journal of Transportation Cybersecurity and Privacy |
Volume | 2 |
Issue number | 2 |
DOIs | |
State | Published - Aug 24 2020 |
Keywords
- OTA
- OTA updates
- Standardization, Interoperability, Security
- Updates
ASJC Scopus subject areas
- Information Systems
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications
- Automotive Engineering
- Computer Science Applications