CN111126832A - Automobile information safety test evaluation method - Google Patents
Automobile information safety test evaluation method Download PDFInfo
- Publication number
- CN111126832A CN111126832A CN201911328298.8A CN201911328298A CN111126832A CN 111126832 A CN111126832 A CN 111126832A CN 201911328298 A CN201911328298 A CN 201911328298A CN 111126832 A CN111126832 A CN 111126832A
- Authority
- CN
- China
- Prior art keywords
- score
- test
- attack surface
- influence
- test item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 46
- 238000011076 safety test Methods 0.000 title claims abstract description 22
- 238000012360 testing method Methods 0.000 claims abstract description 227
- 238000004458 analytical method Methods 0.000 claims abstract description 9
- 238000004364 calculation method Methods 0.000 claims description 25
- 238000000034 method Methods 0.000 claims description 9
- 238000011161 development Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 abstract description 2
- 230000006855 networking Effects 0.000 abstract description 2
- 230000009286 beneficial effect Effects 0.000 abstract 1
- 238000012550 audit Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000009781 safety test method Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Strategic Management (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Educational Administration (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Game Theory and Decision Science (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides an automobile information safety test evaluation method, which comprises the following steps: the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth; testing each attack surface by a tester according to the test range and the test operation instruction; utilizing an SFOP model to perform influence analysis by referring to a test result; D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P; calculating the safety score of the information of the whole vehicle; and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard. The invention has the beneficial effects that: a fair and objective automobile product information safety test evaluation method is established to promote the development of an intelligent networking automobile information safety technology and pursue a higher safety concept.
Description
Technical Field
The invention belongs to the field of automobile safety, and particularly relates to an automobile information safety test evaluation method.
Background
In the field of automobile information safety testing, the existing testing methodology, testing content, testing standard, testing tools and the like generally focus on one or more aspects, and the research and development testing of intelligent automobiles cannot be efficiently and completely supported, so that equipment such as a vehicle-mounted entertainment system, an ECU (electronic control unit) and the like lacks an information safety testing link in the development process, and the information safety quality of products and sample automobiles cannot be guaranteed. Therefore, designing an information security testing platform and an evaluation and certification system which accord with the characteristics of the automobile becomes an urgent problem to be solved.
Disclosure of Invention
In view of the above, the present invention is directed to a method for evaluating vehicle information safety test, so as to solve the above-mentioned problems.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
an automobile information safety test evaluation method comprises the following steps:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
Furthermore, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
Further, the severity of the influence of the evaluation test results on the SFOP is 10 points, 7 points, 3 points and 1 point respectively from none, low, medium and high.
Further, the weighting coefficients of S, F, O, P in step D are 0.4, 0.3, 0.2, and 0.1, respectively.
Further, in the step E, the weighting factors of the test items are set to be the same.
Further, in the step F, the weighting coefficients of 7 large attack surfaces are set to be the same.
Further, in step F, the star rating criteria are specified as follows: and if the score is higher than 90 points, giving a five-star evaluation, giving a four-star evaluation, giving a 70-80 point, giving a 3-star evaluation, giving a score of less than 70 points, giving no star evaluation, and giving an evaluation result while indicating the test depth.
Further, in the step B, the attack surface includes in-vehicle CAN bus information security, radio information security, ECU information security, T-BOX information security, IVI information security, cloud platform information security, and mobile phone APP information security.
Further, in the step D, the test results are scored, and the information security scores of the seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs the score, S, of the ith test item of the IVI attack plane with respect to the security impactIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiThe method is characterized in that the ith test item of the attack surface of the cloud platform has operational influenceScore, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
Further, in the step E, a calculation formula of the safety score of the vehicle information is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
Compared with the prior art, the automobile information safety test evaluation method has the following advantages:
the automobile information safety test evaluation method establishes a fair and objective automobile product information safety test evaluation method so as to promote the development of an intelligent networking automobile information safety technology and pursue a higher safety concept; according to the method, the automobile information safety level is tested and evaluated, and the test and evaluation result can help a host factory to know the current situation and weak points of the information safety level of the target vehicle and find an improvement direction; providing relevant information of information safety aspects of the new vehicles on the market for consumers; provide reference for government regulation; the method promotes the importance of various social circles on information safety, and improves the information safety performance and the technical level of automobile products.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an automobile information security test evaluation method according to an embodiment of the present invention;
FIG. 2 is a flow chart of the information safety test of the CAN bus in the vehicle according to the embodiment of the invention;
FIG. 3 is a flow chart of a radio message security test according to an embodiment of the present invention;
FIG. 4 is a flow chart of an ECU information security test according to an embodiment of the present invention;
FIG. 5 is a flow chart of the T-BOX information security test according to the embodiment of the present invention;
fig. 6 is a flowchart illustrating an IVI information security test according to an embodiment of the present invention;
fig. 7 is a flow chart of a cloud platform information security test according to an embodiment of the present invention;
fig. 8 is a flowchart of a mobile phone APP information security test according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a method for evaluating automobile information safety test includes the following steps:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
And C, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
The severity of the test results on the SFOP was 10 points, 7 points, 3 points and 1 point, respectively, from none, low, medium and high.
The weighting coefficients corresponding to S, F, 0 and P in the step D are 0.4, 0.3, 0.2 and 0.1 respectively.
In the step E, the weighting factors of the test items are set to be the same.
In the step F, the weight coefficients of 7 attack surfaces are set to be the same.
In step F, the star rating criteria are specified as follows: and if the score is higher than 90 points, giving a five-star evaluation, giving a four-star evaluation, giving a 70-80 point, giving a 3-star evaluation, giving a score of less than 70 points, giving no star evaluation, and giving an evaluation result while indicating the test depth.
In the step B, the attack surface comprises in-vehicle CAN bus information safety, radio information safety, ECU information safety, T-BOX information safety, IVI information safety, cloud platform information safety and mobile phone APP information safety.
A, the calculation formula of the test depth in the step A is as follows;
in the formula, NtTo test the number of items, PtTo test depth. In different test projects, it is necessary to guarantee the test depthAnd the degree is consistent, and the final data has contrast and referential property only when the test is carried out under the same test depth.
As shown in fig. 2 to 8, in step B, when the test item is an in-vehicle CAN bus information security test, for an in-vehicle bus, information security tests such as brute force cracking, fuzzy test, replay attack, denial of service, and the like are performed, and meanwhile, the influence on the vehicle body, comfort and power caused by the test is investigated in combination with observation and analysis;
when the vehicle-mounted radio information security test is carried out, the information security test is carried out from the aspects of Bluetooth, a key, Wi-Fi, TPMS, a cellular network, GPS and the like, and whether problems of Bluetooth low version holes, Bluetooth sniffing, key signal hijacking, Wi-Fi denial of service, TPMS signal deception and the like exist is investigated;
when the ECU information security test is carried out, tests such as ECU debugging interfaces, ECU firmware encryption and confusion, identity authentication, data tampering, data deception, service scanning and the like are carried out, and the ECU information security level is inspected;
the test project is to develop T-BOX hardware, T-BOX equipment firmware, T-BOX equipment network service and T-BOX source code audit work when developing T-BOX information security test, and investigate T-BOX information security level;
the test items are used for carrying out the work in the aspects of equipment physical interface, APP, IVI access control, IVI equipment firmware, IVI updating mechanism, IVI equipment network communication and IVI source code audit and inspecting the information security level of IVI when carrying out the IVI information security test;
when the test items are used for carrying out cloud platform information security tests, tests such as sensitive information collection, vulnerability scanning, high-level penetration, identity authentication, brute force cracking, logic vulnerability and the like are carried out, and the cloud platform information security level is investigated;
the test items are tests such as an installation package test, a sensitive information test, a soft keyboard hijacking, account safety, data communication safety, a service port and the like when the information safety test of the mobile phone APP is carried out, and the information safety level of the APP is investigated.
In the step D, scoring is carried out on each test result, and information security scores of seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs that the ith test item of the IVI attack surface is related to safetyScore of sexual influence, SIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiIs the score of the ith test item of the attack surface of the cloud platform on the operability influence, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
In the step E, a calculation formula of the whole vehicle information safety score is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. The automobile information safety test evaluation method is characterized by comprising the following steps of:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
2. The automobile information safety test evaluation method according to claim 1, characterized in that: and C, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
3. The automobile information safety test evaluation method according to claim 2, characterized in that: the severity of the test results on the SFOP was 10 points, 7 points, 3 points and 1 point, respectively, from none, low, medium and high.
4. The automobile information safety test evaluation method according to claim 1, characterized in that: the weighting coefficients corresponding to S, F, O, P in step D are 0.4, 0.3, 0.2, and 0.1, respectively.
5. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step E, the weighting factors of the test items are set to be the same.
6. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step F, the weight coefficients of 7 attack surfaces are set to be the same.
7. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step F, the star rating standard is defined as that the score is higher than 90 points, five-star rating is given, the score is between 80 and 90 points, four-star rating is given, the score is between 70 and 80 points, 3-star rating is given, the score is below 70 points, no star rating is given, and the test depth is noted while the rating result is issued.
8. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step B, the attack surface comprises in-vehicle CAN bus information safety, radio information safety, ECU information safety, T-BOX information safety, IVI information safety, cloud platform information safety and mobile phone APP information safety.
9. The method for evaluating the automobile information security test according to claim 8, wherein in the step D, each test result is scored, and information security scores of seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs the ith test item of the IVI attack surfaceScore of safety impact, SIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiIs the score of the ith test item of the attack surface of the cloud platform on the operability influence, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
10. The method for evaluating the safety test of the information of the automobile according to claim 9, wherein in the step E, the calculation formula of the safety score of the information of the whole automobile is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911328298.8A CN111126832A (en) | 2019-12-20 | 2019-12-20 | Automobile information safety test evaluation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911328298.8A CN111126832A (en) | 2019-12-20 | 2019-12-20 | Automobile information safety test evaluation method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111126832A true CN111126832A (en) | 2020-05-08 |
Family
ID=70500828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911328298.8A Pending CN111126832A (en) | 2019-12-20 | 2019-12-20 | Automobile information safety test evaluation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111126832A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112217838A (en) * | 2020-11-02 | 2021-01-12 | 福州大学 | Network attack surface evaluation method based on cloud model theory |
| CN112543195A (en) * | 2020-12-03 | 2021-03-23 | 北京梆梆安全科技有限公司 | Information security assessment method and device for intelligent networked automobile and electronic equipment |
| CN112686499A (en) * | 2020-12-14 | 2021-04-20 | 中国汽车技术研究中心有限公司 | Vehicle information safety level evaluation method and device, electronic device and medium |
| CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
| CN113839904A (en) * | 2020-06-08 | 2021-12-24 | 北京梆梆安全科技有限公司 | Security situation sensing method and system based on intelligent networked automobile |
| CN115021977A (en) * | 2022-05-17 | 2022-09-06 | 蔚来汽车科技(安徽)有限公司 | Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105676843A (en) * | 2016-04-13 | 2016-06-15 | 中国汽车技术研究中心 | New energy automobile benchmarking analysis and evaluation system and method thereof |
| CN108255151A (en) * | 2017-12-15 | 2018-07-06 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | A kind of evaluation system of automatic driving vehicle |
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
| US20190141074A1 (en) * | 2016-05-27 | 2019-05-09 | Robert Bosch Gmbh | Security test system, security test method, function evaluation device, and program |
-
2019
- 2019-12-20 CN CN201911328298.8A patent/CN111126832A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105676843A (en) * | 2016-04-13 | 2016-06-15 | 中国汽车技术研究中心 | New energy automobile benchmarking analysis and evaluation system and method thereof |
| US20190141074A1 (en) * | 2016-05-27 | 2019-05-09 | Robert Bosch Gmbh | Security test system, security test method, function evaluation device, and program |
| CN108415398A (en) * | 2017-02-10 | 2018-08-17 | 上海辇联网络科技有限公司 | Automobile information safety automation tests system and test method |
| CN108255151A (en) * | 2017-12-15 | 2018-07-06 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | A kind of evaluation system of automatic driving vehicle |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113839904A (en) * | 2020-06-08 | 2021-12-24 | 北京梆梆安全科技有限公司 | Security situation sensing method and system based on intelligent networked automobile |
| CN113839904B (en) * | 2020-06-08 | 2023-08-22 | 北京梆梆安全科技有限公司 | Security situation awareness method and system based on intelligent network-connected automobile |
| CN112217838A (en) * | 2020-11-02 | 2021-01-12 | 福州大学 | Network attack surface evaluation method based on cloud model theory |
| CN112543195A (en) * | 2020-12-03 | 2021-03-23 | 北京梆梆安全科技有限公司 | Information security assessment method and device for intelligent networked automobile and electronic equipment |
| CN112543195B (en) * | 2020-12-03 | 2023-02-03 | 北京梆梆安全科技有限公司 | Information security assessment method and device for intelligent networked automobile and electronic equipment |
| CN112686499A (en) * | 2020-12-14 | 2021-04-20 | 中国汽车技术研究中心有限公司 | Vehicle information safety level evaluation method and device, electronic device and medium |
| CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
| CN115021977A (en) * | 2022-05-17 | 2022-09-06 | 蔚来汽车科技(安徽)有限公司 | Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111126832A (en) | Automobile information safety test evaluation method | |
| Kelarestaghi et al. | Intelligent transportation system security: impact-oriented risk assessment of in-vehicle networks | |
| Xun et al. | VehicleEIDS: A novel external intrusion detection system based on vehicle voltage signals | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| CN108415398B (en) | Automatic test system and test method for automobile information safety | |
| CN109547401B (en) | Network security vulnerability prioritization and remediation | |
| CN106295349A (en) | Risk Identification Method, identification device and the anti-Ore-controlling Role that account is stolen | |
| Han et al. | A new frequency domain method for random fatigue life estimation in a wide‐band stationary G aussian random process | |
| KR102406756B1 (en) | System for Authenticating Security Rule of Autonomous Ship | |
| CN112751831B (en) | Automobile vulnerability classification and processing method, device, equipment and readable storage medium | |
| CN111182503A (en) | Intelligent vehicle insurance evaluation method and system based on multi-data fusion analysis | |
| Stelkens-Kobsch et al. | Towards a more secure ATC voice communications system | |
| CN108259223B (en) | Unmanned aerial vehicle network system security situation perception evaluation method for preventing GPS deception | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| CN110287703B (en) | Method and device for detecting vehicle safety risk | |
| Benyahya et al. | A systematic review of threat analysis and risk assessment methodologies for connected and automated vehicles | |
| CN112019512B (en) | Automobile network safety test system | |
| CN116362543A (en) | Comprehensive risk assessment method and device integrating information security and functional security | |
| CN113268738B (en) | Intelligent automobile information security vulnerability assessment method and system | |
| CN113807723B (en) | Risk identification method for knowledge graph | |
| Faschang et al. | An open software-based framework for automotive cybersecurity testing | |
| Yameng et al. | Ahp-grap based security evaluation method for mils system within cc framework | |
| Moeller et al. | NVH CAE quality metrics | |
| Kim et al. | Cybersecurity and Capacity Requirement for Data Storage of Autonomous Driving System | |
| CN108198119A (en) | Airport quick security check method, readable storage medium storing program for executing and quick security check platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200508 |