Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #27

Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case

Karim Eldefrawy, Gavin Holland, and Gene Tsudik

2015 · Embedded Security in Cars USA (escar USA) Workshop

  • Applied
  • Perspective

What does the paper try to establish?

What models, architectures, schedules, and trusted components are needed to extend remote attestation from one embedded prover to a heterogeneous cyber-physical system such as a modern vehicle?

What is the proposed answer?

The extended abstract proposes an in-vehicle root of trust that coordinates attestation across high-, medium-, and low-end modules, distinguishes startup from runtime attestation, and presents composability, ordering, scheduling, response, and synthesis as open research problems rather than completed protocols or evaluated guarantees.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence Low

The complete extended abstract provides a well-scoped literature-grounded agenda, but no new protocol proof, implementation, or experiment is presented.

Motivation, source scope, and proposed talk outline Explicit open problems and intended research directions
Auditability High

The complete source is author-hosted and mirrored locally with page count and SHA-256; all three pages are directly inspectable.

Motivation, source scope, and proposed talk outline
Production provenance Medium

Named authorship, affiliations, date, and author-hosted source establish baseline provenance. Draft history and contributor roles are not recorded.

Motivation, source scope, and proposed talk outline
External scrutiny Medium

The source records an escar USA workshop presentation, but the review process and independent technical scrutiny were not audited.

Motivation, source scope, and proposed talk outline
Reception Low

An exact-title OpenAlex search returned no matching work, so 0 citations were located as of 2026-07-11. Absence of an indexed record is not evidence of zero citations elsewhere.

Dated OpenAlex exact-title citation search
Contribution significance Medium

The source clearly articulates a multi-device RA research agenda, but it is a perspective extended abstract rather than a completed technical result.

Explicit open problems and intended research directions

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Remote Attestation of Heterogeneous Cyber-Physical Systems

A position-oriented extended abstract that frames multi-device remote attestation for vehicles and identifies the architecture and formalization work still needed.

Motivation, source scope, and proposed talk outline
  1. contribution

    Proposed direction

    proposed research direction

    Use a high-end in-vehicle root of trust to manage keys and coordinate attestations of medium- and low-end ECUs, while developing composable definitions and schedules for static and dynamic roots of trust.

    Composability, ordering, scheduling, and automotive IRT proposal
  2. scope Automotive CPS scope explicitly scoped

    The motivating system contains more than 70 heterogeneous ECUs and wireless interfaces, with focus on remotely induced software compromise rather than scalable physical capture.

    Motivation, source scope, and proposed talk outline Composability, ordering, scheduling, and automotive IRT proposal
    1. threat model

      Remote malware focus

      qualitative

      The source treats remote software attacks as the principal concern and states that physical access generally requires special tamper-resistant hardware; no complete adversary game is defined.

      Motivation, source scope, and proposed talk outline
  3. method Heterogeneous attestation architecture proposed not implemented

    High-end modules may host the in-vehicle root of trust, medium-end modules may use TrustZone, HSMs, or SMART-like support, and low-end modules may be attested through accessible memory or firmware mechanisms.

    Software, hardware, and hybrid remote-attestation boundaries Composability, ordering, scheduling, and automotive IRT proposal
  4. artifact group

    Artifacts and resources

    full text available

    The complete three-page author-hosted extended abstract is mirrored locally with page count and SHA-256; no implementation or formal artifact is claimed by the source.

    Motivation, source scope, and proposed talk outline
  5. scrutiny

    External scrutiny

    workshop extended abstract

    The work was presented as an extended abstract/talk at escar USA 2015; review process, audience feedback, and follow-on validation were not audited.

    Motivation, source scope, and proposed talk outline

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Motivation, source scope, and proposed talk outline Abstract and Sections I-II, PDF page 1
  2. Software, hardware, and hybrid remote-attestation boundaries Section II.1, PDF pages 1-2
  3. Composability, ordering, scheduling, and automotive IRT proposal Section II.2, PDF pages 2-3
  4. Explicit open problems and intended research directions Section II.3, PDF page 3
  5. Dated OpenAlex exact-title citation search No matching work among returned results; 0 located citations, accessed 2026-07-11