Scientific knowledge map · Paper #27
Remote Attestation of Heterogeneous Cyber-Physical Systems: The Automotive Use Case
2015 · Embedded Security in Cars USA (escar USA) Workshop
- Applied
- Perspective
Research question
What does the paper try to establish?
What models, architectures, schedules, and trusted components are needed to extend remote attestation from one embedded prover to a heterogeneous cyber-physical system such as a modern vehicle?
Central answer
What is the proposed answer?
The extended abstract proposes an in-vehicle root of trust that coordinates attestation across high-, medium-, and low-end modules, distinguishes startup from runtime attestation, and presents composability, ordering, scheduling, response, and synthesis as open research problems rather than completed protocols or evaluated guarantees.
Evidence profile
Six dimensions, kept separate
The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.
LowMediumHighN/A = not assessed
A smaller value means less documented support for that dimension, not that the paper is false or unimportant.
- Epistemic evidence Low
-
The complete extended abstract provides a well-scoped literature-grounded agenda, but no new protocol proof, implementation, or experiment is presented.
Motivation, source scope, and proposed talk outline Explicit open problems and intended research directions - Auditability High
-
The complete source is author-hosted and mirrored locally with page count and SHA-256; all three pages are directly inspectable.
Motivation, source scope, and proposed talk outline - Production provenance Medium
-
Named authorship, affiliations, date, and author-hosted source establish baseline provenance. Draft history and contributor roles are not recorded.
Motivation, source scope, and proposed talk outline - External scrutiny Medium
-
The source records an escar USA workshop presentation, but the review process and independent technical scrutiny were not audited.
Motivation, source scope, and proposed talk outline - Reception Low
-
An exact-title OpenAlex search returned no matching work, so 0 citations were located as of 2026-07-11. Absence of an indexed record is not evidence of zero citations elsewhere.
Dated OpenAlex exact-title citation search - Contribution significance Medium
-
The source clearly articulates a multi-device RA research agenda, but it is a perspective extended abstract rather than a completed technical result.
Explicit open problems and intended research directions
Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.
Top-down and bottom-up view
Hierarchical knowledge map
Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.
Remote Attestation of Heterogeneous Cyber-Physical Systems
A position-oriented extended abstract that frames multi-device remote attestation for vehicles and identifies the architecture and formalization work still needed.
Motivation, source scope, and proposed talk outline-
question Research question
research questionHow should attestations from heterogeneous CPS components be combined without allowing malware migration, unsafe interruption, or weakest-component failure?
Motivation, source scope, and proposed talk outline Composability, ordering, scheduling, and automotive IRT proposal -
contribution Proposed direction
proposed research directionUse a high-end in-vehicle root of trust to manage keys and coordinate attestations of medium- and low-end ECUs, while developing composable definitions and schedules for static and dynamic roots of trust.
Composability, ordering, scheduling, and automotive IRT proposal -
scope Automotive CPS scope explicitly scoped
The motivating system contains more than 70 heterogeneous ECUs and wireless interfaces, with focus on remotely induced software compromise rather than scalable physical capture.
Motivation, source scope, and proposed talk outline Composability, ordering, scheduling, and automotive IRT proposal-
threat model Remote malware focus
qualitativeThe source treats remote software attacks as the principal concern and states that physical access generally requires special tamper-resistant hardware; no complete adversary game is defined.
Motivation, source scope, and proposed talk outline
-
-
method Heterogeneous attestation architecture proposed not implemented
High-end modules may host the in-vehicle root of trust, medium-end modules may use TrustZone, HSMs, or SMART-like support, and low-end modules may be attested through accessible memory or firmware mechanisms.
Software, hardware, and hybrid remote-attestation boundaries Composability, ordering, scheduling, and automotive IRT proposal-
component Startup attestation
proposedThe IRT could attest all modules while the vehicle starts, accepting a potentially multi-second delay to establish a static root of trust.
Composability, ordering, scheduling, and automotive IRT proposal -
component Runtime attestation
open problemA dynamic root would require randomized component checks that do not interfere with safety or operation, together with a response policy after failure; the source leaves both as challenges.
Composability, ordering, scheduling, and automotive IRT proposal
-
-
claim group Claims versus proposals
agenda not resultThe source claims that heterogeneous CPS attestation is important and outlines plausible architecture choices, but it does not claim a completed secure composition theorem or measured system.
Motivation, source scope, and proposed talk outline Explicit open problems and intended research directions -
evidence group Evidence and rationale
literature grounded argumentSupport consists of a compact synthesis of prior software-only, hardware, hybrid, formal-model, and automotive-security work plus concrete timing and ECU-capability examples.
Software, hardware, and hybrid remote-attestation boundaries Composability, ordering, scheduling, and automotive IRT proposal -
limitation group Open problems
explicit open problemsComposable security definitions, order and timing, malware movement, minimal interruption, device heterogeneity, failure response, automated verification, and protocol synthesis are all explicitly left unresolved.
Composability, ordering, scheduling, and automotive IRT proposal Explicit open problems and intended research directions -
artifact group Artifacts and resources
full text availableThe complete three-page author-hosted extended abstract is mirrored locally with page count and SHA-256; no implementation or formal artifact is claimed by the source.
Motivation, source scope, and proposed talk outline -
scrutiny External scrutiny
workshop extended abstractThe work was presented as an extended abstract/talk at escar USA 2015; review process, audience feedback, and follow-on validation were not audited.
Motivation, source scope, and proposed talk outline -
lineage Research lineage
documentedThe agenda extends single-prover remote attestation, including SMART and minimalist RA, toward collective and heterogeneous device settings.
Software, hardware, and hybrid remote-attestation boundaries Explicit open problems and intended research directions
Audit trail
Source index
Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.
- Motivation, source scope, and proposed talk outline Abstract and Sections I-II, PDF page 1
- Software, hardware, and hybrid remote-attestation boundaries Section II.1, PDF pages 1-2
- Composability, ordering, scheduling, and automotive IRT proposal Section II.2, PDF pages 2-3
- Explicit open problems and intended research directions Section II.3, PDF page 3
- Dated OpenAlex exact-title citation search No matching work among returned results; 0 located citations, accessed 2026-07-11