CN111126832A - Automobile information safety test evaluation method - Google Patents

Automobile information safety test evaluation method Download PDF

Info

Publication number
CN111126832A
CN111126832A CN201911328298.8A CN201911328298A CN111126832A CN 111126832 A CN111126832 A CN 111126832A CN 201911328298 A CN201911328298 A CN 201911328298A CN 111126832 A CN111126832 A CN 111126832A
Authority
CN
China
Prior art keywords
score
test
attack surface
influence
test item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911328298.8A
Other languages
Chinese (zh)
Inventor
朱向雷
刘洋洋
张亚楠
赵浩
王彦琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Automotive Technology and Research Center Co Ltd
Original Assignee
China Automotive Technology and Research Center Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Automotive Technology and Research Center Co Ltd filed Critical China Automotive Technology and Research Center Co Ltd
Priority to CN201911328298.8A priority Critical patent/CN111126832A/en
Publication of CN111126832A publication Critical patent/CN111126832A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Strategic Management (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Educational Administration (AREA)
  • Operations Research (AREA)
  • Marketing (AREA)
  • Game Theory and Decision Science (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an automobile information safety test evaluation method, which comprises the following steps: the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth; testing each attack surface by a tester according to the test range and the test operation instruction; utilizing an SFOP model to perform influence analysis by referring to a test result; D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P; calculating the safety score of the information of the whole vehicle; and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard. The invention has the beneficial effects that: a fair and objective automobile product information safety test evaluation method is established to promote the development of an intelligent networking automobile information safety technology and pursue a higher safety concept.

Description

Automobile information safety test evaluation method
Technical Field
The invention belongs to the field of automobile safety, and particularly relates to an automobile information safety test evaluation method.
Background
In the field of automobile information safety testing, the existing testing methodology, testing content, testing standard, testing tools and the like generally focus on one or more aspects, and the research and development testing of intelligent automobiles cannot be efficiently and completely supported, so that equipment such as a vehicle-mounted entertainment system, an ECU (electronic control unit) and the like lacks an information safety testing link in the development process, and the information safety quality of products and sample automobiles cannot be guaranteed. Therefore, designing an information security testing platform and an evaluation and certification system which accord with the characteristics of the automobile becomes an urgent problem to be solved.
Disclosure of Invention
In view of the above, the present invention is directed to a method for evaluating vehicle information safety test, so as to solve the above-mentioned problems.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
an automobile information safety test evaluation method comprises the following steps:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
Furthermore, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
Further, the severity of the influence of the evaluation test results on the SFOP is 10 points, 7 points, 3 points and 1 point respectively from none, low, medium and high.
Further, the weighting coefficients of S, F, O, P in step D are 0.4, 0.3, 0.2, and 0.1, respectively.
Further, in the step E, the weighting factors of the test items are set to be the same.
Further, in the step F, the weighting coefficients of 7 large attack surfaces are set to be the same.
Further, in step F, the star rating criteria are specified as follows: and if the score is higher than 90 points, giving a five-star evaluation, giving a four-star evaluation, giving a 70-80 point, giving a 3-star evaluation, giving a score of less than 70 points, giving no star evaluation, and giving an evaluation result while indicating the test depth.
Further, in the step B, the attack surface includes in-vehicle CAN bus information security, radio information security, ECU information security, T-BOX information security, IVI information security, cloud platform information security, and mobile phone APP information security.
Further, in the step D, the test results are scored, and the information security scores of the seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
Figure BDA0002328943460000021
Figure BDA0002328943460000022
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
Figure BDA0002328943460000031
Figure BDA0002328943460000032
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
Figure BDA0002328943460000033
Figure BDA0002328943460000034
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
Figure BDA0002328943460000041
Figure BDA0002328943460000042
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
Figure BDA0002328943460000043
Figure BDA0002328943460000044
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs the score, S, of the ith test item of the IVI attack plane with respect to the security impactIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
Figure BDA0002328943460000045
Figure BDA0002328943460000046
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiThe method is characterized in that the ith test item of the attack surface of the cloud platform has operational influenceScore, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
Figure BDA0002328943460000051
Figure BDA0002328943460000052
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
Further, in the step E, a calculation formula of the safety score of the vehicle information is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
Compared with the prior art, the automobile information safety test evaluation method has the following advantages:
the automobile information safety test evaluation method establishes a fair and objective automobile product information safety test evaluation method so as to promote the development of an intelligent networking automobile information safety technology and pursue a higher safety concept; according to the method, the automobile information safety level is tested and evaluated, and the test and evaluation result can help a host factory to know the current situation and weak points of the information safety level of the target vehicle and find an improvement direction; providing relevant information of information safety aspects of the new vehicles on the market for consumers; provide reference for government regulation; the method promotes the importance of various social circles on information safety, and improves the information safety performance and the technical level of automobile products.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate an embodiment of the invention and, together with the description, serve to explain the invention and not to limit the invention. In the drawings:
fig. 1 is a flowchart of an automobile information security test evaluation method according to an embodiment of the present invention;
FIG. 2 is a flow chart of the information safety test of the CAN bus in the vehicle according to the embodiment of the invention;
FIG. 3 is a flow chart of a radio message security test according to an embodiment of the present invention;
FIG. 4 is a flow chart of an ECU information security test according to an embodiment of the present invention;
FIG. 5 is a flow chart of the T-BOX information security test according to the embodiment of the present invention;
fig. 6 is a flowchart illustrating an IVI information security test according to an embodiment of the present invention;
fig. 7 is a flow chart of a cloud platform information security test according to an embodiment of the present invention;
fig. 8 is a flowchart of a mobile phone APP information security test according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
As shown in fig. 1, a method for evaluating automobile information safety test includes the following steps:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
And C, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
The severity of the test results on the SFOP was 10 points, 7 points, 3 points and 1 point, respectively, from none, low, medium and high.
The weighting coefficients corresponding to S, F, 0 and P in the step D are 0.4, 0.3, 0.2 and 0.1 respectively.
In the step E, the weighting factors of the test items are set to be the same.
In the step F, the weight coefficients of 7 attack surfaces are set to be the same.
In step F, the star rating criteria are specified as follows: and if the score is higher than 90 points, giving a five-star evaluation, giving a four-star evaluation, giving a 70-80 point, giving a 3-star evaluation, giving a score of less than 70 points, giving no star evaluation, and giving an evaluation result while indicating the test depth.
In the step B, the attack surface comprises in-vehicle CAN bus information safety, radio information safety, ECU information safety, T-BOX information safety, IVI information safety, cloud platform information safety and mobile phone APP information safety.
A, the calculation formula of the test depth in the step A is as follows;
Figure BDA0002328943460000071
in the formula, NtTo test the number of items, PtTo test depth. In different test projects, it is necessary to guarantee the test depthAnd the degree is consistent, and the final data has contrast and referential property only when the test is carried out under the same test depth.
As shown in fig. 2 to 8, in step B, when the test item is an in-vehicle CAN bus information security test, for an in-vehicle bus, information security tests such as brute force cracking, fuzzy test, replay attack, denial of service, and the like are performed, and meanwhile, the influence on the vehicle body, comfort and power caused by the test is investigated in combination with observation and analysis;
when the vehicle-mounted radio information security test is carried out, the information security test is carried out from the aspects of Bluetooth, a key, Wi-Fi, TPMS, a cellular network, GPS and the like, and whether problems of Bluetooth low version holes, Bluetooth sniffing, key signal hijacking, Wi-Fi denial of service, TPMS signal deception and the like exist is investigated;
when the ECU information security test is carried out, tests such as ECU debugging interfaces, ECU firmware encryption and confusion, identity authentication, data tampering, data deception, service scanning and the like are carried out, and the ECU information security level is inspected;
the test project is to develop T-BOX hardware, T-BOX equipment firmware, T-BOX equipment network service and T-BOX source code audit work when developing T-BOX information security test, and investigate T-BOX information security level;
the test items are used for carrying out the work in the aspects of equipment physical interface, APP, IVI access control, IVI equipment firmware, IVI updating mechanism, IVI equipment network communication and IVI source code audit and inspecting the information security level of IVI when carrying out the IVI information security test;
when the test items are used for carrying out cloud platform information security tests, tests such as sensitive information collection, vulnerability scanning, high-level penetration, identity authentication, brute force cracking, logic vulnerability and the like are carried out, and the cloud platform information security level is investigated;
the test items are tests such as an installation package test, a sensitive information test, a soft keyboard hijacking, account safety, data communication safety, a service port and the like when the information safety test of the mobile phone APP is carried out, and the information safety level of the APP is investigated.
In the step D, scoring is carried out on each test result, and information security scores of seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
Figure BDA0002328943460000091
Figure BDA0002328943460000092
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
Figure BDA0002328943460000093
Figure BDA0002328943460000094
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
Figure BDA0002328943460000095
Figure BDA0002328943460000096
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
Figure BDA0002328943460000101
Figure BDA0002328943460000102
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
Figure BDA0002328943460000103
Figure BDA0002328943460000104
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs that the ith test item of the IVI attack surface is related to safetyScore of sexual influence, SIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
Figure BDA0002328943460000105
Figure BDA0002328943460000111
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiIs the score of the ith test item of the attack surface of the cloud platform on the operability influence, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
Figure BDA0002328943460000112
Figure BDA0002328943460000113
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
In the step E, a calculation formula of the whole vehicle information safety score is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. The automobile information safety test evaluation method is characterized by comprising the following steps of:
A. the tester determines the number of test items of the total attack surface according to the configuration list, calculates the test depth and evaluates the test items at the same test depth;
B. testing each attack surface by a tester according to the test range and the test operation instruction;
C. utilizing an SFOP model to perform influence analysis by referring to a test result;
D. scoring each test result and calculating each attack face test score according to the influence analysis result and the weight coefficient corresponding to S, F, O, P;
E. calculating the safety score of the information of the whole vehicle;
F. and according to the finished automobile score, giving out finished automobile information safety star-level evaluation level test depth evaluation by referring to a star-level evaluation standard.
2. The automobile information safety test evaluation method according to claim 1, characterized in that: and C, the SFOP model in the step C refers to Safety, Financial, Operation and Privacy, and the severity of the influence of the evaluation test result on the SFOP is divided into four types, namely none, low, medium and high.
3. The automobile information safety test evaluation method according to claim 2, characterized in that: the severity of the test results on the SFOP was 10 points, 7 points, 3 points and 1 point, respectively, from none, low, medium and high.
4. The automobile information safety test evaluation method according to claim 1, characterized in that: the weighting coefficients corresponding to S, F, O, P in step D are 0.4, 0.3, 0.2, and 0.1, respectively.
5. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step E, the weighting factors of the test items are set to be the same.
6. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step F, the weight coefficients of 7 attack surfaces are set to be the same.
7. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step F, the star rating standard is defined as that the score is higher than 90 points, five-star rating is given, the score is between 80 and 90 points, four-star rating is given, the score is between 70 and 80 points, 3-star rating is given, the score is below 70 points, no star rating is given, and the test depth is noted while the rating result is issued.
8. The automobile information safety test evaluation method according to claim 1, characterized in that: in the step B, the attack surface comprises in-vehicle CAN bus information safety, radio information safety, ECU information safety, T-BOX information safety, IVI information safety, cloud platform information safety and mobile phone APP information safety.
9. The method for evaluating the automobile information security test according to claim 8, wherein in the step D, each test result is scored, and information security scores of seven types of attack surfaces are calculated, wherein the calculation formula is as follows:
the formula for calculating the bus attack surface is as follows,
Figure FDA0002328943450000021
Figure FDA0002328943450000022
in the formula, SCiIs the ith test item score of the bus attack surface, SCSiIs the score of the ith test item of the bus attack plane on the security influence, SCFiIs the score of the ith test item on the bus attack surface on the property influence, SCOiIs the score of the ith test item of the bus attack surface on the operational influence, SCPiIs the score of the ith test item of the bus attack plane on the privacy influence, SCIs the score of the bus class test;
the vehicle-mounted radio attack surface calculation formula is as follows,
Figure FDA0002328943450000023
Figure FDA0002328943450000031
in the formula, SRiIs the score of the ith test item of the vehicle-mounted radio attack surface SRSiIs the score of the ith test item of the vehicle-mounted radio attack surface on the security influence SRFiIs the score of the ith test item of the vehicle-mounted radio attack surface on the property influence, SROiIs the score of the ith test item of the vehicle-mounted radio attack surface on the operability influence, SRPiIs the score of the ith test item of the vehicle-mounted radio attack surface on the privacy influence SRIs the score of the in-vehicle radio test;
the ECU attack surface calculation formula is as follows,
Figure FDA0002328943450000032
Figure FDA0002328943450000033
in the formula, SEiIs the score of the ith test item of the ECU attack surface SESiIs the score of the ith test item of the ECU attack surface on the security influence, SEFiIs the score of the ith test item of the ECU attack surface on the property influence, SEOiIs the score of the ith test item of the ECU attack surface on the operability influence, SEPiIs the score of the ith test item of the ECU attack surface on the privacy influence, SEIs the score of the ECU test;
the T-BOX attack surface calculation formula is as follows:
Figure FDA0002328943450000034
Figure FDA0002328943450000035
in the formula, STiIs the score of the ith test item of the T-BOX attack surface, STSiIs the score of the ith test item of the T-BOX attack surface on the security influence, STFiIs the score of the ith test item of the T-BOX attack surface on the property impact, STOiIs the score of the ith test item of the T-BOX attack surface on the operability influence, STPiIs the score of the ith test item of the T-BOX attack surface on the privacy influence, STIs the score of the T-BOX test;
the IVI attack surface calculation formula is as follows:
Figure FDA0002328943450000041
Figure FDA0002328943450000042
in the formula, SIiIs the score of the ith test item of the IVI attack surface, SISiIs the ith test item of the IVI attack surfaceScore of safety impact, SIFiIs the score, S, of the ith test item of the IVI attack plane with respect to the impact of the propertyIOiIs the score of the ith test item of the IVI attack surface on the operational influence, SIPiIs the score of the ith test item of the IVI attack surface on the privacy impact, SIIs the score of the IVI test;
the cloud platform attack surface calculation formula is as follows:
Figure FDA0002328943450000043
Figure FDA0002328943450000044
in the formula, SPiIs the ith test item score of the attack surface of the cloud platform, SPSiIs the score of the ith test item of the attack surface of the cloud platform on the security influence SPFiIs the score of the ith test item of the total cloud platform attack surface on the property influence, SPOiIs the score of the ith test item of the attack surface of the cloud platform on the operability influence, SPPiIs the score of the ith test item of the attack surface of the cloud platform on the privacy influence SPIs the score of the cloud platform test;
the mobile phone APP attack surface calculation formula is as follows:
Figure FDA0002328943450000045
Figure FDA0002328943450000046
in the formula, SAiIs the score of the ith test item of the attack surface of the mobile phone APP, SASiIs the score of the ith test item on the attack surface of the mobile phone APP on the security influence, SAFiIs the score of the ith test item on the attack surface of the mobile phone APP on the property influence, SAOiIs the score of the ith test item of the attack surface of the mobile phone APP on the operability influence, SAPiIs the score of the ith test item on the attack surface of the mobile phone APP on the privacy influence, SAIs the score of the mobile phone APP test.
10. The method for evaluating the safety test of the information of the automobile according to claim 9, wherein in the step E, the calculation formula of the safety score of the information of the whole automobile is as follows:
S=10×(SC+SR+SE+ST+SI+SP+SA),
and S is the whole vehicle information safety score.
CN201911328298.8A 2019-12-20 2019-12-20 Automobile information safety test evaluation method Pending CN111126832A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911328298.8A CN111126832A (en) 2019-12-20 2019-12-20 Automobile information safety test evaluation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911328298.8A CN111126832A (en) 2019-12-20 2019-12-20 Automobile information safety test evaluation method

Publications (1)

Publication Number Publication Date
CN111126832A true CN111126832A (en) 2020-05-08

Family

ID=70500828

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911328298.8A Pending CN111126832A (en) 2019-12-20 2019-12-20 Automobile information safety test evaluation method

Country Status (1)

Country Link
CN (1) CN111126832A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112217838A (en) * 2020-11-02 2021-01-12 福州大学 Network attack surface evaluation method based on cloud model theory
CN112543195A (en) * 2020-12-03 2021-03-23 北京梆梆安全科技有限公司 Information security assessment method and device for intelligent networked automobile and electronic equipment
CN112686499A (en) * 2020-12-14 2021-04-20 中国汽车技术研究中心有限公司 Vehicle information safety level evaluation method and device, electronic device and medium
CN113325825A (en) * 2021-06-07 2021-08-31 深圳市金城保密技术有限公司 Intelligent networking automobile data and information safety evaluation system
CN113839904A (en) * 2020-06-08 2021-12-24 北京梆梆安全科技有限公司 Security situation sensing method and system based on intelligent networked automobile
CN115021977A (en) * 2022-05-17 2022-09-06 蔚来汽车科技(安徽)有限公司 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105676843A (en) * 2016-04-13 2016-06-15 中国汽车技术研究中心 New energy automobile benchmarking analysis and evaluation system and method thereof
CN108255151A (en) * 2017-12-15 2018-07-06 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) A kind of evaluation system of automatic driving vehicle
CN108415398A (en) * 2017-02-10 2018-08-17 上海辇联网络科技有限公司 Automobile information safety automation tests system and test method
US20190141074A1 (en) * 2016-05-27 2019-05-09 Robert Bosch Gmbh Security test system, security test method, function evaluation device, and program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105676843A (en) * 2016-04-13 2016-06-15 中国汽车技术研究中心 New energy automobile benchmarking analysis and evaluation system and method thereof
US20190141074A1 (en) * 2016-05-27 2019-05-09 Robert Bosch Gmbh Security test system, security test method, function evaluation device, and program
CN108415398A (en) * 2017-02-10 2018-08-17 上海辇联网络科技有限公司 Automobile information safety automation tests system and test method
CN108255151A (en) * 2017-12-15 2018-07-06 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) A kind of evaluation system of automatic driving vehicle

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839904A (en) * 2020-06-08 2021-12-24 北京梆梆安全科技有限公司 Security situation sensing method and system based on intelligent networked automobile
CN113839904B (en) * 2020-06-08 2023-08-22 北京梆梆安全科技有限公司 Security situation awareness method and system based on intelligent network-connected automobile
CN112217838A (en) * 2020-11-02 2021-01-12 福州大学 Network attack surface evaluation method based on cloud model theory
CN112543195A (en) * 2020-12-03 2021-03-23 北京梆梆安全科技有限公司 Information security assessment method and device for intelligent networked automobile and electronic equipment
CN112543195B (en) * 2020-12-03 2023-02-03 北京梆梆安全科技有限公司 Information security assessment method and device for intelligent networked automobile and electronic equipment
CN112686499A (en) * 2020-12-14 2021-04-20 中国汽车技术研究中心有限公司 Vehicle information safety level evaluation method and device, electronic device and medium
CN113325825A (en) * 2021-06-07 2021-08-31 深圳市金城保密技术有限公司 Intelligent networking automobile data and information safety evaluation system
CN115021977A (en) * 2022-05-17 2022-09-06 蔚来汽车科技(安徽)有限公司 Vehicle-mounted machine system, vehicle comprising same, early warning method and storage medium

Similar Documents

Publication Publication Date Title
CN111126832A (en) Automobile information safety test evaluation method
Kelarestaghi et al. Intelligent transportation system security: impact-oriented risk assessment of in-vehicle networks
Xun et al. VehicleEIDS: A novel external intrusion detection system based on vehicle voltage signals
CN106828362B (en) Safety testing method and device for automobile information
CN109547401B (en) Network security vulnerability prioritization and remediation
Han et al. A new frequency domain method for random fatigue life estimation in a wide‐band stationary G aussian random process
KR102406756B1 (en) System for Authenticating Security Rule of Autonomous Ship
CN112751831B (en) Automobile vulnerability classification and processing method, device, equipment and readable storage medium
CN111182503A (en) Intelligent vehicle insurance evaluation method and system based on multi-data fusion analysis
Stelkens-Kobsch et al. Towards a more secure ATC voice communications system
CN112019512B (en) Automobile network safety test system
CN108259223B (en) Unmanned aerial vehicle network system security situation perception evaluation method for preventing GPS deception
CN111756842A (en) Method and device for detecting vulnerability of Internet of vehicles and computer equipment
CN110287703B (en) Method and device for detecting vehicle safety risk
Benyahya et al. A systematic review of threat analysis and risk assessment methodologies for connected and automated vehicles
Sanguino et al. Cybersecurity certification and auditing of automotive industry
CN116362543A (en) Comprehensive risk assessment method and device integrating information security and functional security
CN113268738B (en) Intelligent automobile information security vulnerability assessment method and system
CN113807723B (en) Risk identification method for knowledge graph
Hu et al. Security Assessment of Intelligent Connected Vehicles based on Cyber Range
Moeller et al. NVH CAE quality metrics
Li et al. Research on Risk Analysis and Compliance Solution of Intelligent and Connected Vehicle Data Security
Holmes Automated investigations: The role of the request filter in communications data analysis
CN114785377B (en) Transponder testing method, device, equipment and storage medium
CN114169732B (en) Train control vehicle-mounted equipment risk analysis method based on fuzzy theory and LOPA protective layer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200508