{"schema_version":"0.1","map_id":"paper-27-map","publication_id":27,"publication_anchor":"paper-27","slug":"paper-27","canonical_path":"/knowledge/papers/paper-27/","machine_path":"/knowledge/papers/paper-27.json","root_node_id":"paper-27","stage":"mapped_draft","contribution_type_vocabulary_version":"0.1","contribution_types":[],"title":"Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case","year":2015,"status":"Published · extended abstract","venue":"Embedded Security in Cars USA (escar USA) Workshop","topic":"secure-systems-networks","labels":["Applied","Perspective"],"authors":["Karim Eldefrawy","Gavin Holland","Gene Tsudik"],"keywords":["remote attestation","automotive security","cyber-physical systems"],"research_question":"What models, architectures, schedules, and trusted components are needed to extend remote attestation from one embedded prover to a heterogeneous cyber-physical system such as a modern vehicle?","central_answer":"The extended abstract proposes an in-vehicle root of trust that coordinates attestation across high-, medium-, and low-end modules, distinguishes startup from runtime attestation, and presents composability, ordering, scheduling, response, and synthesis as open research problems rather than completed protocols or evaluated guarantees.","curation":{"drafted_at":"2026-07-11","drafted_by":[{"actor_type":"ai","name":"OpenAI Codex","role":"complete-source extraction, proposal/claim separation, evidence linking, and initial assessment"}],"method":"Source-grounded review of the complete three-page author-hosted extended abstract. PDF pages 1 and 2 were rendered and visually inspected. Because the source is explicitly a proposed-talk outline, the map distinguishes proposed architecture and research questions from established results.","source_scope":"full_source_audit","approval":{"status":"pending","note":"AI-authored source-linked map awaiting author verification. The source proposes a research agenda; it does not present a completed multi-device protocol, proof, implementation, or evaluation."}},"sources":[{"id":"source-paper-27-fulltext","type":"scholarly_article","title":"Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case (Extended Abstract)","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf","media_type":"application/pdf","sha256":"663d5605f52e2979b93fe47071482553e475ef9ac52820699bb579c3086d6801","page_count":3,"provenance_category":"author"},{"id":"source-paper-27-author-origin","type":"author_copy","title":"UC Irvine author copy","url":"https://ics.uci.edu/~gtsudik/paps/attestation-ESCAR15.pdf"},{"id":"source-paper-27-citation-query","type":"scholarly_index_query","title":"OpenAlex exact-title search for paper #27","url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5","accessed_at":"2026-07-11"}],"source_anchors":[{"id":"anchor-paper-27-problem","source_id":"source-paper-27-fulltext","label":"Motivation, source scope, and proposed talk outline","locator":"Abstract and Sections I-II, PDF page 1","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=1"},{"id":"anchor-paper-27-ra-landscape","source_id":"source-paper-27-fulltext","label":"Software, hardware, and hybrid remote-attestation boundaries","locator":"Section II.1, PDF pages 1-2","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=1"},{"id":"anchor-paper-27-heterogeneous","source_id":"source-paper-27-fulltext","label":"Composability, ordering, scheduling, and automotive IRT proposal","locator":"Section II.2, PDF pages 2-3","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=2"},{"id":"anchor-paper-27-future","source_id":"source-paper-27-fulltext","label":"Explicit open problems and intended research directions","locator":"Section II.3, PDF page 3","url":"/pubs/2015/remote-attestation-heterogeneous-cps-automotive.pdf#page=3"},{"id":"anchor-paper-27-citations","source_id":"source-paper-27-citation-query","label":"Dated OpenAlex exact-title citation search","locator":"No matching work among returned results; 0 located citations, accessed 2026-07-11","url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5"}],"nodes":[{"id":"paper-27","kind":"paper","parent_id":null,"order":1,"epistemic_status":"published_extended_abstract","title":"Remote Attestation of Heterogeneous Cyber-Physical Systems","summary":"A position-oriented extended abstract that frames multi-device remote attestation for vehicles and identifies the architecture and formalization work still needed.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-question","kind":"question","parent_id":"paper-27","order":1,"epistemic_status":"research_question","title":"Research question","summary":"How should attestations from heterogeneous CPS components be combined without allowing malware migration, unsafe interruption, or weakest-component failure?","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-heterogeneous"]},{"id":"paper-27-answer","kind":"contribution","parent_id":"paper-27","order":2,"epistemic_status":"proposed_research_direction","title":"Proposed direction","summary":"Use a high-end in-vehicle root of trust to manage keys and coordinate attestations of medium- and low-end ECUs, while developing composable definitions and schedules for static and dynamic roots of trust.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-scope","kind":"scope","parent_id":"paper-27","order":3,"epistemic_status":"explicitly_scoped","title":"Automotive CPS scope","summary":"The motivating system contains more than 70 heterogeneous ECUs and wireless interfaces, with focus on remotely induced software compromise rather than scalable physical capture.","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-heterogeneous"]},{"id":"paper-27-scope-adversary","kind":"threat_model","parent_id":"paper-27-scope","order":1,"epistemic_status":"qualitative","title":"Remote malware focus","summary":"The source treats remote software attacks as the principal concern and states that physical access generally requires special tamper-resistant hardware; no complete adversary game is defined.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-method","kind":"method","parent_id":"paper-27","order":4,"epistemic_status":"proposed_not_implemented","title":"Heterogeneous attestation architecture","summary":"High-end modules may host the in-vehicle root of trust, medium-end modules may use TrustZone, HSMs, or SMART-like support, and low-end modules may be attested through accessible memory or firmware mechanisms.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-heterogeneous"]},{"id":"paper-27-method-static","kind":"component","parent_id":"paper-27-method","order":1,"epistemic_status":"proposed","title":"Startup attestation","summary":"The IRT could attest all modules while the vehicle starts, accepting a potentially multi-second delay to establish a static root of trust.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-method-dynamic","kind":"component","parent_id":"paper-27-method","order":2,"epistemic_status":"open_problem","title":"Runtime attestation","summary":"A dynamic root would require randomized component checks that do not interfere with safety or operation, together with a response policy after failure; the source leaves both as challenges.","source_anchor_ids":["anchor-paper-27-heterogeneous"]},{"id":"paper-27-claims","kind":"claim_group","parent_id":"paper-27","order":5,"epistemic_status":"agenda_not_result","title":"Claims versus proposals","summary":"The source claims that heterogeneous CPS attestation is important and outlines plausible architecture choices, but it does not claim a completed secure composition theorem or measured system.","source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-future"]},{"id":"paper-27-evidence","kind":"evidence_group","parent_id":"paper-27","order":6,"epistemic_status":"literature_grounded_argument","title":"Evidence and rationale","summary":"Support consists of a compact synthesis of prior software-only, hardware, hybrid, formal-model, and automotive-security work plus concrete timing and ECU-capability examples.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-heterogeneous"]},{"id":"paper-27-boundaries","kind":"limitation_group","parent_id":"paper-27","order":7,"epistemic_status":"explicit_open_problems","title":"Open problems","summary":"Composable security definitions, order and timing, malware movement, minimal interruption, device heterogeneity, failure response, automated verification, and protocol synthesis are all explicitly left unresolved.","source_anchor_ids":["anchor-paper-27-heterogeneous","anchor-paper-27-future"]},{"id":"paper-27-artifacts","kind":"artifact_group","parent_id":"paper-27","order":8,"epistemic_status":"full_text_available","title":"Artifacts and resources","summary":"The complete three-page author-hosted extended abstract is mirrored locally with page count and SHA-256; no implementation or formal artifact is claimed by the source.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-scrutiny","kind":"scrutiny","parent_id":"paper-27","order":9,"epistemic_status":"workshop_extended_abstract","title":"External scrutiny","summary":"The work was presented as an extended abstract/talk at escar USA 2015; review process, audience feedback, and follow-on validation were not audited.","source_anchor_ids":["anchor-paper-27-problem"]},{"id":"paper-27-lineage","kind":"lineage","parent_id":"paper-27","order":10,"epistemic_status":"documented","title":"Research lineage","summary":"The agenda extends single-prover remote attestation, including SMART and minimalist RA, toward collective and heterogeneous device settings.","source_anchor_ids":["anchor-paper-27-ra-landscape","anchor-paper-27-future"]}],"relations":[{"id":"relation-paper-27-answer-addresses-question","type":"addresses","from_id":"paper-27-answer","to_id":"paper-27-question"},{"id":"relation-paper-27-method-describes-answer","type":"describes_approach_to","from_id":"paper-27-method","to_id":"paper-27-answer"},{"id":"relation-paper-27-evidence-motivates-method","type":"motivates","from_id":"paper-27-evidence","to_id":"paper-27-method"},{"id":"relation-paper-27-boundaries-qualify-answer","type":"qualifies","from_id":"paper-27-boundaries","to_id":"paper-27-answer"}],"assessment":{"id":"paper-27-assessment-2026-07-11","rubric_version":"0.2","assessed_at":"2026-07-11","status":"ai_draft_author_review_pending","note":"These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.","axes":[{"id":"epistemic_evidence","level":"low","rationale":"The complete extended abstract provides a well-scoped literature-grounded agenda, but no new protocol proof, implementation, or experiment is presented.","basis_source_anchor_ids":["anchor-paper-27-problem","anchor-paper-27-future"]},{"id":"auditability","level":"high","rationale":"The complete source is author-hosted and mirrored locally with page count and SHA-256; all three pages are directly inspectable.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"production_provenance","level":"medium","rationale":"Named authorship, affiliations, date, and author-hosted source establish baseline provenance. Draft history and contributor roles are not recorded.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"external_scrutiny","level":"medium","rationale":"The source records an escar USA workshop presentation, but the review process and independent technical scrutiny were not audited.","basis_source_anchor_ids":["anchor-paper-27-problem"]},{"id":"reception","level":"low","rationale":"An exact-title OpenAlex search returned no matching work, so 0 citations were located as of 2026-07-11. Absence of an indexed record is not evidence of zero citations elsewhere.","basis_source_anchor_ids":["anchor-paper-27-citations"]},{"id":"contribution_significance","level":"medium","rationale":"The source clearly articulates a multi-device RA research agenda, but it is a perspective extended abstract rather than a completed technical result.","basis_source_anchor_ids":["anchor-paper-27-future"]}]},"reception_snapshot":{"as_of":"2026-07-11","method":"OpenAlex exact-title search; no matching work located","source_url":"https://api.openalex.org/works?search=Remote%20Attestation%20of%20Heterogeneous%20Cyber-Physical%20Systems%20The%20Automotive%20Use%20Case&per-page=5","citation_count":0,"signals":[],"limitation":"No matching OpenAlex work was found, so the located-citation count is zero; indexing gaps and title variants may conceal citations."}}
