Domain separation and filtering
Besides filtering unwanted traffic and detecting malicious network packets, enforcing domain isolation over the internal vehicle network is a critical security control to prevent the corruption of a single network segment from propagating to deeper layers of the vehicle network architecture. It is not uncommon to find vehicle network architectures with multiple gateways that route messages between different vehicle control domains. The challenge with multiple gateways is that it is easy to create unintended communication paths, which result in traffic flowing into network segments that must have a high degree of integrity and availability. To eliminate weak architecture design, central gateways and domain controllers provide a clean way of domain separation, which further eases the application of network filtering. Network segmentation can be used to separate connectivity domains such as telematics and infotainment from actuation domains such as the...