CN112329022A - Intelligent network automobile information security risk assessment method and system - Google Patents
Intelligent network automobile information security risk assessment method and system Download PDFInfo
- Publication number
- CN112329022A CN112329022A CN202011257365.4A CN202011257365A CN112329022A CN 112329022 A CN112329022 A CN 112329022A CN 202011257365 A CN202011257365 A CN 202011257365A CN 112329022 A CN112329022 A CN 112329022A
- Authority
- CN
- China
- Prior art keywords
- list
- threat
- asset
- assessment
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
After an evaluation object is selected, risk evaluation is sequentially carried out according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
Description
Technical Field
The invention relates to the field of vehicle information security design, in particular to an intelligent network automobile information security risk assessment method and system.
Background
With the continuous improvement of automobile intellectualization, networking and electromotion degree, the information security problem of intelligent network automobiles is more and more serious, and means such as information tampering, virus intrusion and the like are successfully applied to automobile attack by hackers. The information security crisis of the intelligent networking automobile can not only cause personal privacy and enterprise economic loss, but also can seriously affect functional security and cause serious consequences of automobile damage and personal death.
However, at present, information security risk assessment is not yet fully applied to automobile design, research and development, manufacturing and information security processes, and an existing automobile information security risk assessment mode (such as a HEAVENS model) is not full enough, and a manual entry assessment form exists. The data of objects needing information security risk assessment in a software-defined automobile, a data-defined automobile and an intelligent networked automobile are in the order of tens of thousands, one-to-many or many-to-many objects are assessed, and the automation of automobile information security risk assessment is imminent.
Disclosure of Invention
The invention provides an intelligent network automobile information safety risk automatic evaluation method and system, aiming at solving the technical problem that automobile information safety risk evaluation in the prior art cannot be automated.
The invention provides an intelligent network automobile information safety risk automatic assessment method on the one hand, which comprises the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
And (3) carrying out asset identification, threat analysis, vulnerability analysis and attack path analysis on the assets to be evaluated based on the selected risk evaluation standard by establishing a customizable automobile safety risk evaluation model standard library and establishing various databases required for supporting risk evaluation, and obtaining a risk evaluation result (comprising a risk level and an influence level). The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
Further, the method for performing asset identification assessment on the assessment object to obtain the asset list in S2 includes the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
The asset grade division indicates the comprehensive description of the importance of different grades, and an evaluator can determine the range of the important assets according to the asset assignment result, mainly perform the next risk evaluation around the important assets, and make sufficient preparation for the subsequent analysis evaluation.
Further, the method for performing threat scenario analysis based on the asset list in S2 to obtain the threat scenario list includes the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
Further, the identification of the threat scenario in S211 is identified from six dimensions of counterfeiting, tampering, repudiation, information disclosure, service denial, and right granting.
Further, the threat factors in S212 include software and hardware failures, physical environment influence, non-functioning or misoperation, management failure, malicious code, unauthorized or misuse, network attack, physical attack, disclosure, tampering, and repudiation.
The identification of the threat scene list is also used as an important basis for subsequent analysis and evaluation, so that vulnerability analysis is facilitated to be better associated with the threat, and the requirement of automation can be quickly and effectively met.
Further, the method for performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 includes the following steps:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
The vulnerability identification is the most important link in the risk assessment, can take assets as a core, identifies the vulnerability which is possibly threatened and utilized aiming at each asset needing to be protected, evaluates the severity of the vulnerability, corresponds to the assets and the threats, and can quickly and effectively meet the requirement of automation.
Another aspect of the present invention provides an intelligent network automobile information security risk automated assessment system, including:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
The establishment of the intelligent network automobile information safety risk automatic evaluation system is realized in a system form, and the automatic process is high and the efficiency is high.
Further, the basic database module comprises:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
Further, the basic database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scene library, the vulnerability basic library, the test case library, the mitigation measure library and the safety requirement library.
Further, the asset classification library performs multi-layer parent-child classification according to the asset form: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
The various libraries which are continuously abundant can meet the requirement of continuously upgrading and updating the intelligent networked automobile, in the development process of the intelligent networked automobile, various line control units, sensors, computing units and auxiliary units, particularly software design updating iteration, are very frequent, the various libraries which are rich are continuously updated and expanded, and the quality of a risk assessment report can be effectively guaranteed.
After an evaluation object is selected, risk evaluation is carried out in sequence according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
In addition, the risk assessment system comprises a model library, so that a user can select standard models published by various standard publishing organizations such as ISO and the like, and can customize the standard models according to the requirements of the user, and the requirements of various vehicle enterprises and different trial departments can be better met. The risk assessment system also comprises an asset identification library, a threat scene library, a test case library, a vulnerability basic library and an attack path library, and various abundant libraries can meet the requirement of continuously upgrading and updating the intelligent networked automobile. In the development process of the intelligent networked automobile, various line control units, sensors, calculation units and auxiliary units, particularly various libraries rich in continuous updating and expansion due to frequent updating iteration of software design can effectively guarantee the quality of a risk assessment report.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the invention. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. The elements of the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding similar parts.
FIG. 1 is a schematic diagram of an automated intelligent network automobile information security risk assessment method according to an embodiment of the invention;
FIG. 2 is a flow chart of a method for automated intelligent network automobile information security risk assessment according to one embodiment of the present invention;
FIG. 3 is a timing diagram of an intelligent network automobile information security risk automated assessment system according to one embodiment of the present invention;
FIG. 4 is a functional block diagram of an intelligent network automobile information security risk automated assessment system according to one embodiment of the present invention;
fig. 5 is a system capability list and association relationship of the intelligent network automobile information security risk automatic assessment method according to an embodiment of the invention.
Detailed Description
In the following detailed description, reference is made to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. In this regard, directional terminology, such as "top," "bottom," "left," "right," "up," "down," etc., is used with reference to the orientation of the figures being described. Because components of embodiments can be positioned in a number of different orientations, the directional terminology is used for purposes of illustration and is in no way limiting. It is to be understood that other embodiments may be utilized and logical changes may be made without departing from the scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined by the appended claims.
As shown in fig. 1, an automatic evaluation method for information security risk of an intelligent network automobile includes the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
And (3) carrying out asset identification, threat analysis, vulnerability analysis and attack path analysis on the assets to be evaluated based on the selected risk evaluation standard by establishing a customizable automobile safety risk evaluation model standard library and establishing various databases required for supporting risk evaluation, and obtaining a risk evaluation result (comprising a risk level and an influence level). The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
Fig. 2 shows an automated evaluation method for information security risk of an intelligent network vehicle, which is described in detail below.
In a specific embodiment, in S1: and establishing a customizable automobile safety risk assessment standard library which comprises customizable and selectable risk assessment standard models. The standard models published by various standard issuing organizations such as ISO can be selected by the test persons, and the standard models can be customized according to the requirements of the test persons, so that the requirements of various vehicle enterprises and different trial departments can be better met;
in a specific embodiment, the method for performing asset identification assessment on the assessment object to obtain the asset list in S2 includes the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
In a specific embodiment, the asset classification library may perform multiple levels of parent-child classifications on assets on demand, including a primary classification and a secondary classification, for example, the recommended primary classification includes: data, software, hardware, services, personnel, other assets. In this embodiment, only one asset class is disclosed, which specifically includes 6 layers of data, software, hardware, services, personnel, and other assets, and each layer is classified as: the system comprises an in-vehicle electronic control system, a HU, a T-Box, a vehicle-mounted wireless interface, and mobile terminals App and TSP, but the system is not limited to the system. The asset list is assigned with values from confidentiality, integrity and availability, and is divided into four different levels according to different requirements of the asset on confidentiality, wherein the four different levels respectively correspond to different degrees of the asset on confidentiality or influence on a vehicle or a cloud platform when the confidentiality is lost, and the four different levels are specifically shown in table 1; according to different requirements of the assets on the integrity, the assets are divided into four different levels, which respectively correspond to different degrees to which the assets on the integrity are required to be achieved. See table 2; according to the different requirements of the assets on the availability, the assets are divided into four different levels, which respectively correspond to different degrees that the assets should achieve on the availability, see table 3.
Table 1: description of asset confidentiality assignment
Table 2: asset integrity assignment specification
Table 3: asset availability valuation specification
The final comprehensive evaluation method of the assets can select an assignment grade of an attribute which is most important to the confidentiality, the integrity and the availability of the assets as a final assignment result of the assets according to the characteristics of the assets; and the final assignment result of the asset can be obtained by performing weighted calculation on the assignment according to different grades of confidentiality, integrity and availability of the asset. The assets are divided into four levels according to the final assignments, as shown in Table 4. Higher levels indicate more importance of the assets, and assignment bases and levels in asset identification can also be determined according to the actual conditions of the vehicle enterprises. The asset rankings in the table indicate a comprehensive description of the importance of the different levels. The evaluator can determine the range of the important assets according to the asset assignment result, and carry out the next risk assessment mainly around the important assets.
Table 4: asset importance assessment
In a specific embodiment, the method for performing threat scenario analysis based on the asset list to obtain the threat scenario list in S2 includes the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
The factors causing the threat can be divided into human factors and environmental factors, such as power failure, humidity, insect damage and other environmental factors; the malicious personnel have the deliberate destruction and the internal staff lack the responsibility and other human factors. The threat action form can be direct or indirect attack on the information system, and damages are caused on the aspects of confidentiality, integrity, usability and the like; and may also be a sporadic or deliberate event, and for a source of the threat, the threats may be classified according to their manifestation to form a library of threat scenarios. In S212, the threat factors include software and hardware failures, physical environment influences, no behavior or misoperation, management is not in place, malicious codes, unauthorized or abuse, network attacks, physical attacks, disclosure, tampering and repudiation, and the specific threat factor classification table refers to table 5.
Table 5: threat factor classification table
In a specific embodiment, the threat scenario identifies the STRIDE model, namely six dimensions of counterfeiting, tampering, repudiation, information disclosure, service denial and right lifting are identified, and the description of the specific model is shown in table 6.
Table 6: threat scenario identification STRIDE model
In a specific embodiment, the method for performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 includes the following steps:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
And after the threat scene is identified, performing asset vulnerability analysis to obtain a vulnerability analysis list, wherein vulnerability identification is the most important link in risk assessment. The vulnerability identification can take assets as a core, identify the vulnerability which is possibly threatened and utilized aiming at each asset needing to be protected, and evaluate the severity of the vulnerability; the system is identified from the levels of physics, network, system, application and the like, and then corresponds to assets and threats, so that the system can quickly and effectively meet the requirement of automation. The vulnerability identification is mainly explained from two aspects of technical vulnerability and management vulnerability, wherein the technical vulnerability mainly relates to a network structure, system software, database software, application middleware and an application system, the management vulnerability mainly relates to technical management and organization management, and the specific content of the identification is explained in a table 7.
Table 7: vulnerability recognition content
And assigning the severity of the identified vulnerability in a ranking mode according to the damage degree to the asset, the difficulty degree of technical implementation and the popularity degree of the vulnerability. The vulnerability severity can be graded, different grades respectively represent the vulnerability severity of the assets, and the higher the grade value is, the higher the vulnerability severity is, see table 8. And forming a vulnerability analysis list according to the assessment of the vulnerability severity degree.
Table 8: vulnerability assessment rating
Grade | Identification | Definition of |
5 | Is very high | If utilized by a threat, will cause complete damage to the asset. |
4 | Height of | If utilized by a threat, significant damage will be done to the asset. |
3 | In | If utilized by a threat, will cause general damage to the asset. |
2 | Is low in | If utilized by a threat, will cause less damage to the asset. |
1 | Is very low | If utilized by a threat, the damage that would be done to the asset is negligible. |
In a specific embodiment, after the steps are completed, performing attack path analysis to obtain a list of possible attack paths; performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest; and obtaining a final risk evaluation result based on the result of the impact severity risk evaluation and the result of the attack possibility evaluation, and implementing risk treatment and mitigation measures to reduce the threat and the brought effect of the evaluation object.
After an evaluation object is selected, risk evaluation is carried out in sequence according to the steps of asset identification, threat analysis, vulnerability analysis, attack path analysis and the like; after the preliminary risk assessment, producing a threat severity and influence severity analysis report, carrying out grade assessment on the threat severity of an assessment object, and assessing the influence caused by the threat severity; then, risk treatment and relieving measures are implemented, and the threat and the influence brought by the evaluation object are reduced; finally, a risk assessment report is produced. The method and the system cover the automobile information safety management, including the automobile information safety comprehensive management, the product development period information safety management and the product volume production information safety management, and realize the information safety risk assessment automation of software and hardware related to network communication (including an automobile intranet) of an intelligent networked automobile in the automobile design, research, development and manufacturing processes so as to improve the efficiency.
As shown in fig. 3, 4 and 5, an intelligent network automobile information security risk automatic evaluation system includes:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
The establishment of the intelligent network automobile information safety risk automatic evaluation system is realized in a system form, and the automatic process is high and the efficiency is high.
In a specific embodiment, the base database module includes:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
In a specific embodiment, the asset classification library performs multi-layer parent-child classification according to asset forms: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
In a specific embodiment, the base database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scenario library, the vulnerability base library, the test case library, the mitigation measure library and the security requirement library.
The risk assessment system comprises a model library, a user can select standard models published by various standard publishing organizations such as ISO and the like, and the standard models can be customized according to the requirements of the user, so that the requirements of various vehicle enterprises and different trial departments can be better met. The risk assessment system also comprises an asset identification library, a threat scene library, a test case library, a vulnerability basic library and an attack path library, and various abundant libraries can meet the requirement of continuously upgrading and updating the intelligent networked automobile. In the development process of the intelligent networked automobile, various line control units, sensors, calculation units and auxiliary units, particularly various libraries rich in continuous updating and expansion due to frequent updating iteration of software design can effectively guarantee the quality of a risk assessment report.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention herein disclosed is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the invention. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. An intelligent network automobile information security risk automatic assessment method is characterized by comprising the following steps:
s1: establishing an automobile safety risk assessment model standard library and establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification library, a threat scene library, a vulnerability foundation library, an attack path library, a relieving measure library, a test case library and a resource relation library;
s2: based on the selected risk assessment model standard, performing asset identification assessment on an assessment object to obtain an asset list, performing threat scene analysis based on the asset list to obtain a threat scene list, performing asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list, and performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
s3: performing impact severity risk assessment based on the asset manifest and the threat scenario manifest, and performing attack likelihood assessment based on the attack path manifest;
s4: obtaining a final risk assessment result based on the results of the impact severity risk assessment and the results of the attack likelihood assessment.
2. The method for automatically evaluating intelligent network automobile information security risk according to claim 1, wherein the method for performing asset identification evaluation on the evaluation object to obtain the asset list in S2 comprises the following steps:
s201: assigning and identifying the assets according to data, software, hardware, services, personnel and other assets;
s202: assigning values to the confidentiality, integrity and availability of the asset according to the requirements of the confidentiality, integrity and availability, wherein each value is divided into four levels, namely a high level, a middle level and a low level;
s203: asset importance assessments are made on assets based on assignments of confidentiality, integrity and availability to obtain an inventory of assets.
3. The method for automatically assessing the security risk of intelligent network automobile information as claimed in claim 1, wherein the method for performing the threat scenario analysis based on the asset list to obtain the threat scenario list in S2 comprises the following steps:
s211: determining threat scenarios that may occur for the identified assets;
s212: determining the attribute and data type of the threat factors of each threat scene;
s213: associating the assessment objects to support data entry of each threat factor;
s214: analyzing by combining threat scene library data based on the input data, outputting threat analysis data, and putting the data into a message queue;
s215: and automatically triggering threat analysis for modifying or deleting the recorded threat factor data, recalculating and storing in a storage, and putting into a message queue.
4. The method as claimed in claim 3, wherein the identification of the threat scenario in S211 is identified from six dimensions of counterfeit, tampering, repudiation, information disclosure, denial of service, and right-lifting.
5. The method as claimed in claim 3, wherein the threat factors in S212 include software and hardware failures, physical environment impact, non-behavior or misoperation, management failure, malicious codes, unauthorized or misuse, network attack, physical attack, disclosure, tampering, repudiation.
6. The method as claimed in claim 1, wherein the step of performing asset vulnerability analysis based on the threat scenario list to obtain a vulnerability analysis list in S2 comprises the steps of:
s221: identifying an object of the asset vulnerability analysis, wherein identifying the object comprises: network architecture, system software, database software, application middleware, application systems, technology management, and organizational management;
s222: respectively analyzing the identification objects based on the threat scene list;
s223: and assigning values to the asset vulnerability list in a grading way based on the analysis results of the threat scene list and the identification objects, wherein the assignments comprise five types of high, medium, low and low.
7. An intelligent network automobile information security risk automatic assessment system is characterized by comprising:
the custom wind evaluation standard module is used for establishing an automobile safety risk evaluation model standard library;
the basic database module is used for establishing a database required for supporting risk assessment, wherein the required database comprises an asset classification database, a threat scene database, a vulnerability basic database, an attack path database, a mitigating measure database, a test case database and a resource relation database;
the asset identification module is used for carrying out asset identification evaluation on the evaluation object based on the selected risk evaluation model standard so as to obtain an asset list;
the threat analysis module is used for carrying out threat scene analysis based on the asset list to obtain a threat scene list;
the vulnerability analysis module is used for carrying out asset vulnerability analysis based on the threat scene list to obtain a vulnerability analysis list;
an attack analysis module for performing attack path analysis based on the vulnerability analysis list to obtain a possible attack path list;
a risk assessment module for performing impact severity risk assessment based on the asset list and the threat scenario list, and performing attack possibility assessment based on the attack path list; and obtaining a final risk assessment result based on the result of the impact severity risk assessment and the result of the attack likelihood assessment.
8. The intelligent network automobile information security risk automated assessment system according to claim 7, wherein said basic database module comprises:
the asset classification library is used for carrying out asset identification evaluation on the evaluation object to obtain an asset list;
the threat scene library is used for carrying out threat scene analysis on the evaluation object based on the asset list to obtain a threat scene list;
the vulnerability base library is used for carrying out asset vulnerability analysis on the evaluation object based on the threat scene list to obtain a vulnerability analysis list;
the test case library is used for carrying out attack path analysis on the evaluation object based on the vulnerability analysis list to obtain a possible attack path list;
the safety requirement library is used for carrying out influence severity risk assessment on the assessment objects on the basis of the asset list and the threat scene list and carrying out attack possibility assessment on the basis of the attack path list;
and the risk assessment model and the mitigating action library are used for obtaining a final risk assessment result for the assessment object based on the result of the impact severity risk assessment and the result of the attack possibility assessment.
9. The intelligent network automobile information safety risk automated evaluation system of claim 8, wherein the base database module further comprises a plurality of mapping databases, and the mapping databases are used for data transmission among the asset classification library, the threat scene library, the vulnerability base library, the test case library, the mitigation measure library and the safety requirement library.
10. The intelligent network automobile information security risk automated assessment system according to claim 8, wherein said asset classification library performs multi-layer parent-child classification according to asset form: data, software, hardware, services, personnel and other assets 6 layers systems, classified for each layer as: the system comprises an in-vehicle electric control system, a HU, a T-Box, a vehicle-mounted wireless interface, a mobile terminal App and a TSP.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011257365.4A CN112329022A (en) | 2020-11-11 | 2020-11-11 | Intelligent network automobile information security risk assessment method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011257365.4A CN112329022A (en) | 2020-11-11 | 2020-11-11 | Intelligent network automobile information security risk assessment method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112329022A true CN112329022A (en) | 2021-02-05 |
Family
ID=74319001
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011257365.4A Pending CN112329022A (en) | 2020-11-11 | 2020-11-11 | Intelligent network automobile information security risk assessment method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112329022A (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112688971A (en) * | 2021-03-18 | 2021-04-20 | 国家信息中心 | Function-damaged network security threat identification device and information system |
CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
CN113268738A (en) * | 2021-05-08 | 2021-08-17 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
CN113392409A (en) * | 2021-08-17 | 2021-09-14 | 深圳市位元领航科技有限公司 | Risk automated assessment and prediction method and terminal |
CN113472800A (en) * | 2021-07-09 | 2021-10-01 | 上海汽车集团股份有限公司 | Automobile network security risk assessment method and device, storage medium and electronic equipment |
CN113688396A (en) * | 2021-08-13 | 2021-11-23 | 泰安北航科技园信息科技有限公司 | Automobile information safety risk assessment automation system |
CN114185286A (en) * | 2021-10-22 | 2022-03-15 | 中汽研(天津)汽车工程研究院有限公司 | Intelligent networking automobile information security threat identification method |
CN114499919A (en) * | 2021-11-09 | 2022-05-13 | 江苏徐工工程机械研究院有限公司 | Method and system for modeling engineering machinery communication safety network threat |
CN114826713A (en) * | 2022-04-12 | 2022-07-29 | 中国第一汽车股份有限公司 | Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium |
CN114978569A (en) * | 2022-03-09 | 2022-08-30 | 西南交通大学 | Threat analysis method for railway signal control system based on information physical fusion |
CN115102834A (en) * | 2022-04-27 | 2022-09-23 | 浙江大学 | Change risk assessment method, equipment and storage medium |
CN115190058A (en) * | 2022-06-20 | 2022-10-14 | 国家计算机网络与信息安全管理中心 | Vehicle network data security risk assessment system, method and device |
CN115310079A (en) * | 2022-10-13 | 2022-11-08 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
CN115941359A (en) * | 2023-02-06 | 2023-04-07 | 中汽研软件测评(天津)有限公司 | Test case generation method, system and equipment for automobile network security detection |
CN117749529A (en) * | 2024-02-19 | 2024-03-22 | 中汽智联技术有限公司 | Method for searching full attack path |
CN117834310A (en) * | 2024-03-06 | 2024-04-05 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
CN117874828A (en) * | 2024-03-12 | 2024-04-12 | 国家工业信息安全发展研究中心 | Intelligent networking automobile personal privacy data security analysis method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
CN110826906A (en) * | 2019-11-06 | 2020-02-21 | 北京航空航天大学 | Information safety risk assessment method for intelligent networked automobile full life cycle |
-
2020
- 2020-11-11 CN CN202011257365.4A patent/CN112329022A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
CN110826906A (en) * | 2019-11-06 | 2020-02-21 | 北京航空航天大学 | Information safety risk assessment method for intelligent networked automobile full life cycle |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112688971A (en) * | 2021-03-18 | 2021-04-20 | 国家信息中心 | Function-damaged network security threat identification device and information system |
CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
CN113065195B (en) * | 2021-04-02 | 2023-04-14 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
CN113268738B (en) * | 2021-05-08 | 2022-10-04 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
CN113268738A (en) * | 2021-05-08 | 2021-08-17 | 上海智能网联汽车技术中心有限公司 | Intelligent automobile information security vulnerability assessment method and system |
CN113472800A (en) * | 2021-07-09 | 2021-10-01 | 上海汽车集团股份有限公司 | Automobile network security risk assessment method and device, storage medium and electronic equipment |
CN113688396A (en) * | 2021-08-13 | 2021-11-23 | 泰安北航科技园信息科技有限公司 | Automobile information safety risk assessment automation system |
CN113392409B (en) * | 2021-08-17 | 2021-12-14 | 深圳市位元领航科技有限公司 | Risk automated assessment and prediction method and terminal |
CN113392409A (en) * | 2021-08-17 | 2021-09-14 | 深圳市位元领航科技有限公司 | Risk automated assessment and prediction method and terminal |
CN114185286A (en) * | 2021-10-22 | 2022-03-15 | 中汽研(天津)汽车工程研究院有限公司 | Intelligent networking automobile information security threat identification method |
CN114499919A (en) * | 2021-11-09 | 2022-05-13 | 江苏徐工工程机械研究院有限公司 | Method and system for modeling engineering machinery communication safety network threat |
CN114499919B (en) * | 2021-11-09 | 2023-09-05 | 江苏徐工工程机械研究院有限公司 | Method and system for modeling engineering machinery communication security network threat |
CN114978569A (en) * | 2022-03-09 | 2022-08-30 | 西南交通大学 | Threat analysis method for railway signal control system based on information physical fusion |
CN114826713A (en) * | 2022-04-12 | 2022-07-29 | 中国第一汽车股份有限公司 | Vehicle information safety requirement acquisition method and device, electronic equipment and storage medium |
CN115102834B (en) * | 2022-04-27 | 2024-04-16 | 浙江大学 | Change risk assessment method, device and storage medium |
CN115102834A (en) * | 2022-04-27 | 2022-09-23 | 浙江大学 | Change risk assessment method, equipment and storage medium |
CN115190058A (en) * | 2022-06-20 | 2022-10-14 | 国家计算机网络与信息安全管理中心 | Vehicle network data security risk assessment system, method and device |
CN115310079A (en) * | 2022-10-13 | 2022-11-08 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
CN115310079B (en) * | 2022-10-13 | 2023-01-10 | 中国汽车技术研究中心有限公司 | Display method based on intelligent network connection automobile attack matrix |
CN115941359A (en) * | 2023-02-06 | 2023-04-07 | 中汽研软件测评(天津)有限公司 | Test case generation method, system and equipment for automobile network security detection |
CN117749529A (en) * | 2024-02-19 | 2024-03-22 | 中汽智联技术有限公司 | Method for searching full attack path |
CN117834310A (en) * | 2024-03-06 | 2024-04-05 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
CN117834310B (en) * | 2024-03-06 | 2024-05-03 | 国家工业信息安全发展研究中心 | Intelligent networking automobile information security risk assessment method |
CN117874828A (en) * | 2024-03-12 | 2024-04-12 | 国家工业信息安全发展研究中心 | Intelligent networking automobile personal privacy data security analysis method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112329022A (en) | Intelligent network automobile information security risk assessment method and system | |
CN110929879A (en) | Business decision logic updating method based on decision engine and model platform | |
CN109919781A (en) | Case recognition methods, electronic device and computer readable storage medium are cheated by clique | |
US20050043961A1 (en) | System and method for identification, detection and investigation of maleficent acts | |
CN111460312A (en) | Method and device for identifying empty-shell enterprise and computer equipment | |
CN106156151A (en) | The Risk Identification Method of internetwork operation event and device | |
Nweke et al. | A review of asset-centric threat modelling approaches | |
CN108876188B (en) | Inter-connected service provider risk assessment method and device | |
CN112132233A (en) | Criminal personnel dangerous behavior prediction method and system based on effective influence factors | |
CN110930250A (en) | Enterprise credit risk prediction method and system, storage medium and electronic equipment | |
EP3286660A2 (en) | Command and control system for optimal risk management | |
CN113850665B (en) | Method and system for preventing and controlling fraud based on logistic finance knowledge graph | |
CN111489166A (en) | Risk prevention and control method, device, processing equipment and system | |
CN111639690A (en) | Fraud analysis method, system, medium, and apparatus based on relational graph learning | |
CN111931047A (en) | Artificial intelligence-based black product account detection method and related device | |
CN114091042A (en) | Risk early warning method | |
CN110930218A (en) | Method and device for identifying fraudulent customer and electronic equipment | |
CN110197426B (en) | Credit scoring model building method, device and readable storage medium | |
CN110533525A (en) | For assessing the method and device of entity risk | |
CN114782161A (en) | Method, device, storage medium and electronic device for identifying risky users | |
Izrailov et al. | Threats classification method for the transport infrastructure of a smart city | |
CN113487241A (en) | Method, device, equipment and storage medium for classifying enterprise environment-friendly credit grades | |
CN110188127A (en) | A kind of car networking network security emergency response system and method based on cbr | |
CN112926989B (en) | Bank loan risk assessment method and equipment based on multi-view integrated learning | |
CN114399319A (en) | False enterprise identification method, device, equipment and medium based on prediction model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |