CN112329022A - Intelligent network automobile information security risk assessment method and system - Google Patents

Intelligent network automobile information security risk assessment method and system Download PDF

Info

Publication number
CN112329022A
CN112329022A CN202011257365.4A CN202011257365A CN112329022A CN 112329022 A CN112329022 A CN 112329022A CN 202011257365 A CN202011257365 A CN 202011257365A CN 112329022 A CN112329022 A CN 112329022A
Authority
CN
China
Prior art keywords
list
threat
asset
assessment
library
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011257365.4A
Other languages
Chinese (zh)
Inventor
王剑
王诗鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Yangtze River Delta Internet Of Vehicles Security Technology Co ltd
Original Assignee
Zhejiang Yangtze River Delta Internet Of Vehicles Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Yangtze River Delta Internet Of Vehicles Security Technology Co ltd filed Critical Zhejiang Yangtze River Delta Internet Of Vehicles Security Technology Co ltd
Priority to CN202011257365.4A priority Critical patent/CN112329022A/en
Publication of CN112329022A publication Critical patent/CN112329022A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

After an evaluation object is selected, risk evaluation is sequentially carried out according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.

Description

Intelligent network automobile information security risk assessment method and system
Technical Field
The invention relates to the field of vehicle information security design, in particular to an intelligent network automobile information security risk assessment method and system.
Background
With the continuous improvement of automobile intellectualization, networking and electromotion degree, the information security problem of intelligent network automobiles is more and more serious, and means such as information tampering, virus intrusion and the like are successfully applied to automobile attack by hackers. The information security crisis of the intelligent networking automobile can not only cause personal privacy and enterprise economic loss, but also can seriously affect functional security and cause serious consequences of automobile damage and personal death.
However, at present, information security risk assessment is not yet fully applied to automobile design, research and development, manufacturing and information security processes, and an existing automobile information security risk assessment mode (such as a HEAVENS model) is not full enough, and a manual entry assessment form exists. The data of objects needing information security risk assessment in a software-defined automobile, a data-defined automobile and an intelligent networked automobile are in the order of tens of thousands, one-to-many or many-to-many objects are assessed, and the automation of automobile information security risk assessment is imminent.
Disclosure of Invention
The invention provides an intelligent network automobile information safety risk automatic evaluation method and system, aiming at solving the technical problem that automobile information safety risk evaluation in the prior art cannot be automated.
The invention provides an intelligent network automobile information safety risk automatic assessment method on the one hand, which comprises the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
And (3) carrying out asset identification, threat analysis, vulnerability analysis and attack path analysis on the assets to be evaluated based on the selected risk evaluation standard by establishing a customizable automobile safety risk evaluation model standard library and establishing various databases required for supporting risk evaluation, and obtaining a risk evaluation result (comprising a risk level and an influence level). The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
Further, the method for performing asset identification assessment on the assessment object to obtain the asset list in S2 includes the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
The asset grade division indicates the comprehensive description of the importance of different grades, and an evaluator can determine the range of the important assets according to the asset assignment result, mainly perform the next risk evaluation around the important assets, and make sufficient preparation for the subsequent analysis evaluation.
Further, the method for performing threat scenario analysis based on the asset list in S2 to obtain the threat scenario list includes the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
Further, the identification of the threat scenario in S211 is identified from six dimensions of counterfeiting, tampering, repudiation, information disclosure, service denial, and right granting.
Further, the threat factors in S212 include software and hardware failures, physical environment influence, non-functioning or misoperation, management failure, malicious code, unauthorized or misuse, network attack, physical attack, disclosure, tampering, and repudiation.
The identification of the threat scene list is also used as an important basis for subsequent analysis and evaluation, so that vulnerability analysis is facilitated to be better associated with the threat, and the requirement of automation can be quickly and effectively met.
Further, the method for performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 includes the following steps:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
The vulnerability identification is the most important link in the risk assessment, can take assets as a core, identifies the vulnerability which is possibly threatened and utilized aiming at each asset needing to be protected, evaluates the severity of the vulnerability, corresponds to the assets and the threats, and can quickly and effectively meet the requirement of automation.
Another aspect of the present invention provides an intelligent network automobile information security risk automated assessment system, including:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
The establishment of the intelligent network automobile information safety risk automatic evaluation system is realized in a system form, and the automatic process is high and the efficiency is high.
Further, the basic database module comprises:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
Further, the basic database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scene library, the vulnerability basic library, the test case library, the mitigation measure library and the safety requirement library.
Further, the asset classification library performs multi-layer parent-child classification according to the asset form: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
The various libraries which are continuously abundant can meet the requirement of continuously upgrading and updating the intelligent networked automobile, in the development process of the intelligent networked automobile, various line control units, sensors, computing units and auxiliary units, particularly software design updating iteration, are very frequent, the various libraries which are rich are continuously updated and expanded, and the quality of a risk assessment report can be effectively guaranteed.
After an evaluation object is selected, risk evaluation is carried out in sequence according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
In addition, the risk assessment system comprises a model library, so that a user can select standard models published by various standard publishing organizations such as ISO and the like, and can customize the standard models according to the requirements of the user, and the requirements of various vehicle enterprises and different trial departments can be better met. The risk assessment system also comprises an asset identification library, a threat scene library, a test case library, a vulnerability basic library and an attack path library, and various abundant libraries can meet the requirement of continuously upgrading and updating the intelligent networked automobile. In the development process of the intelligent networked automobile, various line control units, sensors, calculation units and auxiliary units, particularly various libraries rich in continuous updating and expansion due to frequent updating iteration of software design can effectively guarantee the quality of a risk assessment report.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. The elements of the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding similar parts.
FIG. 1 is a schematic diagram of an automated intelligent network automobile information security risk assessment method according to an embodiment of the invention;
FIG. 2 is a flow chart of a method for automated intelligent network automobile information security risk assessment according to one embodiment of the present invention;
FIG. 3 is a timing diagram of an intelligent network automobile information security risk automated assessment system according to one embodiment of the present invention;
FIG. 4 is a functional block diagram of an intelligent network automobile information security risk automated assessment system according to one embodiment of the present invention;
fig. 5 is a system capability list and association relationship of the intelligent network automobile information security risk automatic assessment method according to an embodiment of the invention.
Detailed Description
In the following detailed description, reference is made to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. In this regard, directional terminology, such as "top," "bottom," "left," "right," "up," "down," etc., is used with reference to the orientation of the figures being described. Because components of embodiments can be positioned in a number of different orientations, the directional terminology is used for purposes of illustration and is in no way limiting. It is to be understood that other embodiments may be utilized and logical changes may be made without departing from the scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined by the appended claims.
As shown in fig. 1, an automatic evaluation method for information security risk of an intelligent network automobile includes the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
And (3) carrying out asset identification, threat analysis, vulnerability analysis and attack path analysis on the assets to be evaluated based on the selected risk evaluation standard by establishing a customizable automobile safety risk evaluation model standard library and establishing various databases required for supporting risk evaluation, and obtaining a risk evaluation result (comprising a risk level and an influence level). The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
Fig. 2 shows an automated evaluation method for information security risk of an intelligent network vehicle, which is described in detail below.
In a specific embodiment, in S1: and establishing a customizable automobile safety risk assessment standard library which comprises customizable and selectable risk assessment standard models. The standard models published by various standard issuing organizations such as ISO can be selected by the test persons, and the standard models can be customized according to the requirements of the test persons, so that the requirements of various vehicle enterprises and different trial departments can be better met;
in a specific embodiment, the method for performing asset identification assessment on the assessment object to obtain the asset list in S2 includes the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
In a specific embodiment, the asset classification library may perform multiple levels of parent-child classifications on assets on demand, including a primary classification and a secondary classification, for example, the recommended primary classification includes: data, software, hardware, services, personnel, other assets. In this embodiment, only one asset class is disclosed, which specifically includes 6 layers of data, software, hardware, services, personnel, and other assets, and each layer is classified as: the system comprises an in-vehicle electronic control system, a HU, a T-Box, a vehicle-mounted wireless interface, and mobile terminals App and TSP, but the system is not limited to the system. The asset list is assigned with values from confidentiality, integrity and availability, and is divided into four different levels according to different requirements of the asset on confidentiality, wherein the four different levels respectively correspond to different degrees of the asset on confidentiality or influence on a vehicle or a cloud platform when the confidentiality is lost, and the four different levels are specifically shown in table 1; according to different requirements of the assets on the integrity, the assets are divided into four different levels, which respectively correspond to different degrees to which the assets on the integrity are required to be achieved. See table 2; according to the different requirements of the assets on the availability, the assets are divided into four different levels, which respectively correspond to different degrees that the assets should achieve on the availability, see table 3.
Table 1: description of asset confidentiality assignment
Figure BDA0002773525360000071
Table 2: asset integrity assignment specification
Figure BDA0002773525360000081
Table 3: asset availability valuation specification
Figure BDA0002773525360000082
Figure BDA0002773525360000091
The final comprehensive evaluation method of the assets can select an assignment grade of an attribute which is most important to the confidentiality, the integrity and the availability of the assets as a final assignment result of the assets according to the characteristics of the assets; and the final assignment result of the asset can be obtained by performing weighted calculation on the assignment according to different grades of confidentiality, integrity and availability of the asset. The assets are divided into four levels according to the final assignments, as shown in Table 4. Higher levels indicate more importance of the assets, and assignment bases and levels in asset identification can also be determined according to the actual conditions of the vehicle enterprises. The asset rankings in the table indicate a comprehensive description of the importance of the different levels. The evaluator can determine the range of the important assets according to the asset assignment result, and carry out the next risk assessment mainly around the important assets.
Table 4: asset importance assessment
Figure BDA0002773525360000092
In a specific embodiment, the method for performing threat scenario analysis based on the asset list to obtain the threat scenario list in S2 includes the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
The factors causing the threat can be divided into human factors and environmental factors, such as power failure, humidity, insect damage and other environmental factors; the malicious personnel have the deliberate destruction and the internal staff lack the responsibility and other human factors. The threat action form can be direct or indirect attack on the information system, and damages are caused on the aspects of confidentiality, integrity, usability and the like; and may also be a sporadic or deliberate event, and for a source of the threat, the threats may be classified according to their manifestation to form a library of threat scenarios. In S212, the threat factors include software and hardware failures, physical environment influences, no behavior or misoperation, management is not in place, malicious codes, unauthorized or abuse, network attacks, physical attacks, disclosure, tampering and repudiation, and the specific threat factor classification table refers to table 5.
Table 5: threat factor classification table
Figure BDA0002773525360000101
Figure BDA0002773525360000111
In a specific embodiment, the threat scenario identifies the STRIDE model, namely six dimensions of counterfeiting, tampering, repudiation, information disclosure, service denial and right lifting are identified, and the description of the specific model is shown in table 6.
Table 6: threat scenario identification STRIDE model
Figure BDA0002773525360000121
In a specific embodiment, the method for performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 includes the following steps:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
And after the threat scene is identified, performing asset vulnerability analysis to obtain a vulnerability analysis list, wherein vulnerability identification is the most important link in risk assessment. The vulnerability identification can take assets as a core, identify the vulnerability which is possibly threatened and utilized aiming at each asset needing to be protected, and evaluate the severity of the vulnerability; the system is identified from the levels of physics, network, system, application and the like, and then corresponds to assets and threats, so that the system can quickly and effectively meet the requirement of automation. The vulnerability identification is mainly explained from two aspects of technical vulnerability and management vulnerability, wherein the technical vulnerability mainly relates to a network structure, system software, database software, application middleware and an application system, the management vulnerability mainly relates to technical management and organization management, and the specific content of the identification is explained in a table 7.
Table 7: vulnerability recognition content
Figure BDA0002773525360000131
And assigning the severity of the identified vulnerability in a ranking mode according to the damage degree to the asset, the difficulty degree of technical implementation and the popularity degree of the vulnerability. The vulnerability severity can be graded, different grades respectively represent the vulnerability severity of the assets, and the higher the grade value is, the higher the vulnerability severity is, see table 8. And forming a vulnerability analysis list according to the assessment of the vulnerability severity degree.
Table 8: vulnerability assessment rating
Grade Identification Definition of
5 Is very high If utilized by a threat, will cause complete damage to the asset.
4 Height of If utilized by a threat, significant damage will be done to the asset.
3 In If utilized by a threat, will cause general damage to the asset.
2 Is low in If utilized by a threat, will cause less damage to the asset.
1 Is very low If utilized by a threat, the damage that would be done to the asset is negligible.
In a specific embodiment, after the steps are completed, performing attack path analysis to obtain a list of possible attack paths; performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest; and obtaining a final risk evaluation result based on the result of the impact severity risk evaluation and the result of the attack possibility evaluation, and implementing risk treatment and mitigation measures to reduce the threat and the brought effect of the evaluation object.
After an evaluation object is selected, risk evaluation is carried out in sequence according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
As shown in fig. 3, 4 and 5, an intelligent network automobile information security risk automatic evaluation system includes:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
The establishment of the intelligent network automobile information safety risk automatic evaluation system is realized in a system form, and the automatic process is high and the efficiency is high.
In a specific embodiment, the base database module includes:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
In a specific embodiment, the asset classification library performs multi-layer parent-child classification according to asset forms: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
In a specific embodiment, the base database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scenario library, the vulnerability base library, the test case library, the mitigation measure library and the security requirement library.
The risk assessment system comprises a model library, a user can select standard models published by various standard publishing organizations such as ISO and the like, and the standard models can be customized according to the requirements of the user, so that the requirements of various vehicle enterprises and different trial departments can be better met. The risk assessment system also comprises an asset identification library, a threat scene library, a test case library, a vulnerability basic library and an attack path library, and various abundant libraries can meet the requirement of continuously upgrading and updating the intelligent networked automobile. In the development process of the intelligent networked automobile, various line control units, sensors, calculation units and auxiliary units, particularly various libraries rich in continuous updating and expansion due to frequent updating iteration of software design can effectively guarantee the quality of a risk assessment report.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (10)

1. An intelligent network automobile information security risk automatic assessment method is characterized by comprising the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
2. The method for automatically evaluating intelligent network automobile information security risk according to claim 1, wherein the method for performing asset identification evaluation on the evaluation object to obtain the asset list in S2 comprises the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
3. The method for automatically assessing the security risk of intelligent network automobile information as claimed in claim 1, wherein the method for performing the threat scenario analysis based on the asset list to obtain the threat scenario list in S2 comprises the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
4. The method as claimed in claim 3, wherein the identification of the threat scenario in S211 is identified from six dimensions of counterfeit, tampering, repudiation, information disclosure, denial of service, and right-lifting.
5. The method as claimed in claim 3, wherein the threat factors in S212 include software and hardware failures, physical environment impact, non-behavior or misoperation, management failure, malicious codes, unauthorized or misuse, network attack, physical attack, disclosure, tampering, repudiation.
6. The method as claimed in claim 1, wherein the step of performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 comprises the steps of:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
7. An intelligent network automobile information security risk automatic assessment system is characterized by comprising:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
8. The intelligent network automobile information security risk automated assessment system according to claim 7, wherein said basic database module comprises:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
9. The intelligent network automobile information safety risk automated evaluation system of claim 8, wherein the base database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scene library, the vulnerability base library, the test case library, the mitigation measure library and the safety requirement library.
10. The intelligent network automobile information security risk automated assessment system according to claim 8, wherein said asset classification library performs multi-layer parent-child classification according to asset form: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
CN202011257365.4A 2020-11-11 2020-11-11 Intelligent network automobile information security risk assessment method and system Pending CN112329022A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011257365.4A CN112329022A (en) 2020-11-11 2020-11-11 Intelligent network automobile information security risk assessment method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011257365.4A CN112329022A (en) 2020-11-11 2020-11-11 Intelligent network automobile information security risk assessment method and system

Publications (1)

Publication Number Publication Date
CN112329022A true CN112329022A (en) 2021-02-05

Family

ID=74319001

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011257365.4A Pending CN112329022A (en) 2020-11-11 2020-11-11 Intelligent network automobile information security risk assessment method and system

Country Status (1)

Country Link
CN (1) CN112329022A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688971A (en) * 2021-03-18 2021-04-20 国家信息中心 Function-damaged network security threat identification device and information system
CN113065195A (en) * 2021-04-02 2021-07-02 中国第一汽车股份有限公司 Vehicle information security threat assessment method, device, medium and electronic equipment
CN113268738A (en) * 2021-05-08 2021-08-17 上海智能网联汽车技术中心有限公司 Intelligent automobile information security vulnerability assessment method and system
CN113392409A (en) * 2021-08-17 2021-09-14 深圳市位元领航科技有限公司 Risk automated assessment and prediction method and terminal
CN113472800A (en) * 2021-07-09 2021-10-01 上海汽车集团股份有限公司 Automobile network security risk assessment method and device, storage medium and electronic equipment
CN113688396A (en) * 2021-08-13 2021-11-23 泰安北航科技园信息科技有限公司 Automobile information safety risk assessment automation system
CN114185286A (en) * 2021-10-22 2022-03-15 中汽研(天津)汽车工程研究院有限公司 Intelligent networking automobile information security threat identification method
CN114499919A (en) * 2021-11-09 2022-05-13 江苏徐工工程机械研究院有限公司 Method and system for modeling engineering machinery communication safety network threat
CN114826713A (en) * 2022-04-12 2022-07-29 中国第一汽车股份有限公司 Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium
CN114978569A (en) * 2022-03-09 2022-08-30 西南交通大学 Threat analysis method for railway signal control system based on information physical fusion
CN115102834A (en) * 2022-04-27 2022-09-23 浙江大学 Change risk assessment method, equipment and storage medium
CN115190058A (en) * 2022-06-20 2022-10-14 国家计算机网络与信息安全管理中心 Vehicle network data security risk assessment system, method and device
CN115310079A (en) * 2022-10-13 2022-11-08 中国汽车技术研究中心有限公司 Display method based on intelligent network connection automobile attack matrix
CN115941359A (en) * 2023-02-06 2023-04-07 中汽研软件测评(天津)有限公司 Test case generation method, system and equipment for automobile network security detection
CN117749529A (en) * 2024-02-19 2024-03-22 中汽智联技术有限公司 Method for searching full attack path
CN117834310A (en) * 2024-03-06 2024-04-05 国家工业信息安全发展研究中心 Intelligent networking automobile information security risk assessment method
CN117874828A (en) * 2024-03-12 2024-04-12 国家工业信息安全发展研究中心 Intelligent networking automobile personal privacy data security analysis method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109146240A (en) * 2018-07-03 2019-01-04 北京航空航天大学 A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle
CN110826906A (en) * 2019-11-06 2020-02-21 北京航空航天大学 Information safety risk assessment method for intelligent networked automobile full life cycle

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109146240A (en) * 2018-07-03 2019-01-04 北京航空航天大学 A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle
CN110826906A (en) * 2019-11-06 2020-02-21 北京航空航天大学 Information safety risk assessment method for intelligent networked automobile full life cycle

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112688971A (en) * 2021-03-18 2021-04-20 国家信息中心 Function-damaged network security threat identification device and information system
CN113065195A (en) * 2021-04-02 2021-07-02 中国第一汽车股份有限公司 Vehicle information security threat assessment method, device, medium and electronic equipment
CN113065195B (en) * 2021-04-02 2023-04-14 中国第一汽车股份有限公司 Vehicle information security threat assessment method, device, medium and electronic equipment
CN113268738B (en) * 2021-05-08 2022-10-04 上海智能网联汽车技术中心有限公司 Intelligent automobile information security vulnerability assessment method and system
CN113268738A (en) * 2021-05-08 2021-08-17 上海智能网联汽车技术中心有限公司 Intelligent automobile information security vulnerability assessment method and system
CN113472800A (en) * 2021-07-09 2021-10-01 上海汽车集团股份有限公司 Automobile network security risk assessment method and device, storage medium and electronic equipment
CN113688396A (en) * 2021-08-13 2021-11-23 泰安北航科技园信息科技有限公司 Automobile information safety risk assessment automation system
CN113392409B (en) * 2021-08-17 2021-12-14 深圳市位元领航科技有限公司 Risk automated assessment and prediction method and terminal
CN113392409A (en) * 2021-08-17 2021-09-14 深圳市位元领航科技有限公司 Risk automated assessment and prediction method and terminal
CN114185286A (en) * 2021-10-22 2022-03-15 中汽研(天津)汽车工程研究院有限公司 Intelligent networking automobile information security threat identification method
CN114499919A (en) * 2021-11-09 2022-05-13 江苏徐工工程机械研究院有限公司 Method and system for modeling engineering machinery communication safety network threat
CN114499919B (en) * 2021-11-09 2023-09-05 江苏徐工工程机械研究院有限公司 Method and system for modeling engineering machinery communication security network threat
CN114978569A (en) * 2022-03-09 2022-08-30 西南交通大学 Threat analysis method for railway signal control system based on information physical fusion
CN114826713A (en) * 2022-04-12 2022-07-29 中国第一汽车股份有限公司 Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium
CN115102834B (en) * 2022-04-27 2024-04-16 浙江大学 Change risk assessment method, device and storage medium
CN115102834A (en) * 2022-04-27 2022-09-23 浙江大学 Change risk assessment method, equipment and storage medium
CN115190058A (en) * 2022-06-20 2022-10-14 国家计算机网络与信息安全管理中心 Vehicle network data security risk assessment system, method and device
CN115310079A (en) * 2022-10-13 2022-11-08 中国汽车技术研究中心有限公司 Display method based on intelligent network connection automobile attack matrix
CN115310079B (en) * 2022-10-13 2023-01-10 中国汽车技术研究中心有限公司 Display method based on intelligent network connection automobile attack matrix
CN115941359A (en) * 2023-02-06 2023-04-07 中汽研软件测评(天津)有限公司 Test case generation method, system and equipment for automobile network security detection
CN117749529A (en) * 2024-02-19 2024-03-22 中汽智联技术有限公司 Method for searching full attack path
CN117834310A (en) * 2024-03-06 2024-04-05 国家工业信息安全发展研究中心 Intelligent networking automobile information security risk assessment method
CN117834310B (en) * 2024-03-06 2024-05-03 国家工业信息安全发展研究中心 Intelligent networking automobile information security risk assessment method
CN117874828A (en) * 2024-03-12 2024-04-12 国家工业信息安全发展研究中心 Intelligent networking automobile personal privacy data security analysis method

Similar Documents

Publication Publication Date Title
CN112329022A (en) Intelligent network automobile information security risk assessment method and system
CN110929879A (en) Business decision logic updating method based on decision engine and model platform
CN109919781A (en) Case recognition methods, electronic device and computer readable storage medium are cheated by clique
US20050043961A1 (en) System and method for identification, detection and investigation of maleficent acts
CN111460312A (en) Method and device for identifying empty-shell enterprise and computer equipment
CN106156151A (en) The Risk Identification Method of internetwork operation event and device
Nweke et al. A review of asset-centric threat modelling approaches
CN108876188B (en) Inter-connected service provider risk assessment method and device
CN112132233A (en) Criminal personnel dangerous behavior prediction method and system based on effective influence factors
CN110930250A (en) Enterprise credit risk prediction method and system, storage medium and electronic equipment
EP3286660A2 (en) Command and control system for optimal risk management
CN113850665B (en) Method and system for preventing and controlling fraud based on logistic finance knowledge graph
CN111489166A (en) Risk prevention and control method, device, processing equipment and system
CN111639690A (en) Fraud analysis method, system, medium, and apparatus based on relational graph learning
CN111931047A (en) Artificial intelligence-based black product account detection method and related device
CN114091042A (en) Risk early warning method
CN110930218A (en) Method and device for identifying fraudulent customer and electronic equipment
CN110197426B (en) Credit scoring model building method, device and readable storage medium
CN110533525A (en) For assessing the method and device of entity risk
CN114782161A (en) Method, device, storage medium and electronic device for identifying risky users
Izrailov et al. Threats classification method for the transport infrastructure of a smart city
CN113487241A (en) Method, device, equipment and storage medium for classifying enterprise environment-friendly credit grades
CN110188127A (en) A kind of car networking network security emergency response system and method based on cbr
CN112926989B (en) Bank loan risk assessment method and equipment based on multi-view integrated learning
CN114399319A (en) False enterprise identification method, device, equipment and medium based on prediction model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination