CN112686499A - Vehicle information safety level evaluation method and device, electronic device and medium - Google Patents
Vehicle information safety level evaluation method and device, electronic device and medium Download PDFInfo
- Publication number
- CN112686499A CN112686499A CN202011463933.6A CN202011463933A CN112686499A CN 112686499 A CN112686499 A CN 112686499A CN 202011463933 A CN202011463933 A CN 202011463933A CN 112686499 A CN112686499 A CN 112686499A
- Authority
- CN
- China
- Prior art keywords
- evaluation
- score
- risk
- safety
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a vehicle information safety level evaluation method and device, electronic equipment and media. The method carries out vehicle information safety level evaluation according to a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation, and comprises the following steps: respectively obtaining the weights of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation by adopting an analytic hierarchy process; respectively calculating a type test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the weights; and obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score. The method is just, comprehensive and visual, and quantifiable and comparable in vehicle information safety level.
Description
Technical Field
The invention relates to the field of automobile information safety, in particular to a method and a device for evaluating vehicle information safety level, electronic equipment and a medium.
Background
With the continuous improvement of automobile intellectualization and networking degree, the automobile information safety problem is increasingly prominent, the frequent occurrence of domestic and foreign information safety events also arouses the wide attention of domestic and foreign automobile industries, and in the international aspect, standards, laws and regulations, such as ISO/SAE 21434, and the like in the field of automobile information safety are continuously released, and in the domestic aspect, the formulation and release of related standards are accelerated. With the continuous release of standards, the automotive information security is more and more popular, numerous host plants increasingly strengthen the information security capability construction of self products, and a series of problems are faced in the construction process, which mainly reflects that the information security level of the self products is not well known by the whole automobile enterprises, whether the self products meet the standard requirements cannot be judged, and which information security weak links need to be strengthened.
The field of domestic automobile information safety evaluation is still in a blank state at present, a fair and objective evaluation rule is lacked, and a host factory urgently seeks a third party authority to provide a relevant criterion at present so as to objectively evaluate the information safety level of a product per se and verify and quantify the information safety capability of the product per se, so that the automobile information safety evaluation work is imperative.
In view of the above, the present invention is particularly proposed.
Disclosure of Invention
The invention aims to provide a vehicle information safety level evaluation method and device, electronic equipment and a medium, and aims to solve the problems that in the prior art, the vehicle information safety evaluation subjectivity is strong, and the vehicle information safety level cannot be objectively evaluated and quantified.
In order to achieve the purpose, the invention adopts the following technical scheme:
in a first aspect, the invention provides a vehicle information safety level evaluation method, which is used for evaluating vehicle information safety level according to a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrading evaluation and protection item evaluation, and comprises the following steps:
respectively obtaining the weights of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation by adopting an analytic hierarchy process;
respectively calculating a type test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the weights;
and obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
As a further preferred technical solution, according to the weight, respectively calculating a pattern test score, an emergency response capability evaluation score, a risk assessment system evaluation score, a security upgrade evaluation score, and a protection item evaluation score, including:
and respectively determining a pattern test total score, an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score according to the weights, and then respectively calculating a pattern test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score.
As a further preferred technical solution, the pattern test score is obtained by the following method: obtaining a type test score according to the total score of the type test, the number of low-risk leaks detected by the type test, the number of medium-risk leaks detected by the type test and the number of high-risk leaks detected by the type test; according to the grading principle of the CVSS2.0 standard, the low-risk vulnerability refers to the vulnerability with the score higher than 0 and less than 4, the medium-risk vulnerability refers to the vulnerability with the score higher than 4 and less than 7, and the high-risk vulnerability refers to the vulnerability with the score higher than 7 and less than 10.
As a further preferred technical solution, the pattern test score is calculated by the following method:
SV=Vgeneral assembly-(Vl+2Vm+4Vh);
Wherein S isvIs a type test score; vGeneral assemblyIs the total fraction of the type test; vlThe number of low-risk leaks detected by a type test; vmThe number of the medium-risk loopholes detected by the type test; vhThe number of high-risk leaks detected by the type test.
As a further preferred technical solution, the pattern test includes a test on the entire vehicle network architecture, ECU, T-box, IVI, radio, App and cloud platform;
determining 10-12 test points of a whole vehicle network architecture according to a bus and a gateway;
determining 4-6 test points of the ECU according to the EPS diagnosis test, the ESC diagnosis test and the SRS diagnosis test;
determining 35-38 test points of a T-Box and 35-41 test points of an IVI (interactive virtual interface) according to hardware security, key management, data security, an operating system, software upgrading, firmware security, log audit, communication security, browser security and USB security;
determining 12-16 test points of the radio according to Bluetooth, WIFI, a keyless entry system and a GPS;
determining 20-24 test items of the App according to the client program safety, the sensitive information safety, the communication safety, the service safety and the component safety;
and determining 15-21 test items of the cloud platform according to WEB application safety, database safety, middleware safety and server safety.
As a further preferred technical scheme, the emergency response capability evaluation score, the risk evaluation system evaluation score, the security upgrade evaluation score and the protection item evaluation score are obtained in the following manner:
acquiring an emergency response report, a risk evaluation report, a safety upgrade report and a protection item report, and setting evaluation items and evaluation item scores of all reports according to an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score;
and obtaining an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the evaluation item scores.
As a further preferred technical solution, the obtaining of the vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk assessment system evaluation score, the safety upgrade evaluation score, and the protection item evaluation score includes:
and adding the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score to obtain a vehicle information safety level evaluation result.
In a second aspect, the present invention provides a vehicle information safety level evaluation device including:
the weight obtaining module is used for obtaining weights of the type test, the emergency response capability evaluation, the risk evaluation system evaluation, the safety upgrade evaluation and the protection item evaluation by adopting an analytic hierarchy process;
the safety upgrading evaluation system comprises a model test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrading evaluation score and a protection item evaluation score calculation module, wherein the model test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrading evaluation score and the protection item evaluation score are respectively calculated according to the weights;
and the vehicle information safety level evaluation result calculation module is used for obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
In a third aspect, the present invention provides an electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method described above.
In a fourth aspect, the present invention provides a medium having stored thereon computer instructions for causing the computer to perform the method described above.
Compared with the prior art, the invention has the beneficial effects that:
according to the vehicle information safety level evaluation method provided by the invention, comprehensive investigation in all aspects is carried out through five dimensions of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrading evaluation and protection item evaluation, and the investigation result is a specific score, so that quantification and comparison of the vehicle information safety level are realized. And in the implementation process, key problems such as how to determine the fractional weight of the five dimensions, what manner to take to investigate, what aspects to investigate each other and the like are solved. Compared with the previous evaluation mode, the method has the following beneficial effects:
and is more just. In each stage of the implementation process of the method, the deviation of the evaluation result caused by subjective factors is avoided as much as possible, for example, an analytic hierarchy process is adopted to determine the weight, and the method is more fair compared with the previous completely subjective evaluation mode.
And is more comprehensive. The information safety level of the vehicle can be comprehensively reflected by investigating five dimensions, the evaluation is carried out only by adopting a test mode in the prior art, and the problems that the test points are not comprehensive, the test mode is not scientific and the like exist. The method presented herein performed seven total test items in a pattern test, comprising 35 secondary test items and 158 tertiary test items. Meanwhile, the investigation on four aspects of emergency response capability, risk assessment system, safety upgrading and protection items closely related to the information safety of the whole vehicle is added.
And is more intuitive. The output results of the conventional subjective automobile information safety evaluation mode are descriptive words such as 'better', 'common', 'very poor' and the like, so that a reader can hardly know the real information safety level of a vehicle visually.
In the past, the information security level of an automobile is evaluated, information security testing is often performed, the rough level of the automobile is subjectively evaluated according to the detected loophole, the subjectivity is strong, and quantitative indexes are lacked; and the problem that the factors to be investigated are not comprehensive exists, and the information safety level of a vehicle is difficult to reflect faithfully only through a vulnerability test result.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a vehicle information safety level evaluation method provided in embodiment 1 of the present invention;
fig. 2 is a hierarchical result diagram of an analytic hierarchy process employed in the vehicle information safety level evaluation method provided in embodiment 1 of the present invention;
fig. 3 is a schematic structural view of a vehicle information safety level evaluation device provided in embodiment 2 of the invention;
fig. 4 is a schematic structural diagram of an electronic device provided in embodiment 3 of the present invention.
Icon: 301-weight obtaining module for type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation; 302-type test score, emergency response capability evaluation score, risk evaluation system evaluation score, safety upgrade evaluation score and protection item evaluation score calculation module; 303-vehicle information safety level evaluation result calculation module; 401-a processor; 402-a memory; 403-an input device; 404-output means.
Detailed Description
The following description of the exemplary embodiments of the present application, taken in conjunction with the accompanying drawings, includes various details of the embodiments of the application for the understanding of the same, which are to be considered exemplary only. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Example 1
Fig. 1 is a flowchart of a vehicle information safety level evaluation method provided in this embodiment, and this embodiment is suitable for performing information safety level evaluation on a vehicle. The method may be performed by a vehicle information security level evaluation device, which may be constituted by software and/or hardware, and is generally integrated in an electronic apparatus.
As shown in fig. 1, the present embodiment provides a vehicle information safety level evaluation method for performing vehicle information safety level evaluation according to a pattern test, emergency response capability evaluation, risk assessment system evaluation, safety upgrade evaluation, and protection item evaluation, the method including the steps of:
and S110, respectively obtaining weights of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation by adopting an analytic hierarchy process.
The embodiment determines the weights of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation based on an analytic hierarchy process. The final result of the vehicle information safety evaluation provided by the method is the sum of five-dimensional scores of a type test, an emergency response capability evaluation, a risk evaluation, a safety upgrade evaluation and a protection item evaluation, and the importance degrees of the five parts are not consistent, so that the proportion of the five dimensions in the total score is determined, and the reasonable reflection of the vehicle information safety level becomes one of the important problems. The weight of each part is determined based on an analytic hierarchy process, and the principle and the process of weight determination are as follows:
(1) firstly, layering the information security of the whole vehicle according to an analytic hierarchy process, wherein the layering result is shown in figure 2.
(2) Then, a decision matrix table is determined according to the hierarchical structure.
And (3) judging the setting of the matrix table: the core of the analytic hierarchy process is to compare all elements with each other two by two, thus using relative scale to reduce the difficulty of comparing different factors with each other, such as aijThe importance ratings and their assignments are shown in table 1 below for the comparison of the importance levels of element i and element j:
TABLE 1
| Factor i to factor j | Quantized value |
| Equivalent | 1 |
| Slightly less | 3 |
| Is stronger | 5 |
| Is strong and strong | 7 |
| Extreme pole | 9 |
| Intermediate values of two adjacent judgments | 2,4,6,8 |
The matrix formed by the results of the two-by-two comparison is called the judgment matrix, and the judgment matrix has the following propertiesQuality:
in order to avoid the phenomenon that the subjective factors are too strong due to the fact that the matrix table is filled in by a single person, the mode of filling in the questionnaire is preferably adopted, and the public opinions are considered as much as possible. In order to ensure the scientificity, universality and effectiveness of investigation, aspects such as gender, age, professional knowledge, career and the like are comprehensively considered. Optionally, there are 50 total questionnaires issued, with 30 business professionals, 15 random draws, and 5 car dealers.
Here, element a is paired by questionnaireijThe treatment method is as follows:
in the above formula, n is the number of questionnaires, where n is 50, aijmA is the m-th questionnaireijThe value is calculated to obtain a judgment matrix AkComprises the following steps:
| Ak | a1 | a2 | a3 | a4 | a5 |
| a1 | 1 | 6 | 5 | 8 | 8 |
| a2 | 1/6 | 1 | 1/2 | 3 | 3 |
| a3 | 1/5 | 2 | 1 | 3 | 3 |
| a4 | 1/8 | 1/3 | 1/3 | 1 | 1 |
| a5 | 1/8 | 1/3 | 1/3 | 1 | 1 |
a1-a pattern test; a is2-emergency response capability evaluation; a is3-risk assessment system evaluation; a is4-security upgrade evaluation; a is5-evaluation of protection terms.
In order to verify whether the weight generation process is reasonable or not, consistency check is required, and the service life of the matrix can be judged to be logically reasonable only through the check, wherein the consistency check comprises the following steps:
calculating a consistency index C.I.
Wherein λ ismaxIs the maximum characteristic root of the judgment matrix.
Checking the average consistency index table (table 2) to determine the average random consistency index R.I.
TABLE 2 average consistency index Table
| Order of matrix | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| R.I. | 0 | 0 | 0.52 | 0.89 | 1.12 | 1,26 | 1.36 | 1.41 | 1.46 | 1.49 |
And (4) looking up a table to obtain that the average random consistency index R.I. corresponding to the 5-order judgment matrix is 1.12.
Thirdly, calculating consistency ratio C.R and judging
The calculated C.R. is 0.03, when C.R. is less than 0.1, the judgment matrix is considered to be effective, so that the judgment matrix AkIs effective. If c.r. is greater than or equal to 0.1, the decision matrix is deemed invalid and the data is re-questionnaired.
After calculation, the characteristic vector of the matrix is as follows: (0.9965, 0.1949, 0.2034, 0.0862, 0.0862), the weight of each part is obtained after normalization:
| type test | Emergency response | Risk assessment | Secure upgrade | Protective item |
| 0.65 | 0.12 | 0.13 | 0.05 | 0.05 |
Therefore, the obtained scores of each part are respectively 65 scores of the type test, 12 scores of the emergency response, 13 scores of the risk assessment, 5 scores of the safety upgrade and 5 scores of the protection item.
And S120, respectively calculating a type test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the weights.
According to the weight, respectively calculating a type test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score, wherein the method comprises the following steps:
and respectively determining a pattern test total score, an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score according to the weights, and then respectively calculating a pattern test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score.
The pattern test score is calculated in the following way:
SV=Vgeneral assembly-(Vl+2Vm+4Vh);
Wherein S isvIs a type test score; vGeneral assemblyIs the total fraction of the type test; vlThe number of low-risk leaks detected by a type test; vmThe number of the medium-risk loopholes detected by the type test; vhThe number of high-risk leaks detected by the type test.
According to the grading principle of the CVSS2.0 standard, the low-risk vulnerability refers to the vulnerability with the score higher than 0 and less than 4, the medium-risk vulnerability refers to the vulnerability with the score higher than 4 and less than 7, and the high-risk vulnerability refers to the vulnerability with the score higher than 7 and less than 10. The CVSS2.0 standard refers to the universal vulnerability assessment system version 2.0.
In this embodiment, as the weight determination result, this embodiment VGeneral assemblyIs 65.
The type test comprises the tests of a whole Vehicle network architecture, an Electronic Control Unit (ECU), a T-box (telematics BOX), an In-Vehicle information and entertainment system (IVI), radio, Application (Application) and a cloud platform;
determining 10-12 test points of a whole vehicle network architecture according to a bus and a gateway;
determining 4-6 test points of the ECU according to an EPS (Electric Power Steering) diagnostic test, an ESC (Electronic Stability Controller, Electronic Stability control system of a vehicle body) diagnostic test and an SRS (Electronic control of safety air bag) diagnostic test;
determining 35-38 test points of a T-Box and 35-41 test points of an IVI (interactive virtual interface) according to hardware security, key management, data security, an operating system, software upgrading, firmware security, log audit, communication security, browser security and USB security;
determining 12-16 test points of the radio according to Bluetooth, WIFI, a keyless entry System and a GPS (Global Positioning System);
determining 20-24 test items of the App according to the client program safety, the sensitive information safety, the communication safety, the service safety and the component safety;
and determining 15-21 test items of the cloud platform according to WEB (World Wide Web, global Wide area network) application security, database security, middleware security and server security.
Preferably, the emergency response capability evaluation score, the risk evaluation system evaluation score, the security upgrade evaluation score and the protection item evaluation score are obtained by the following method:
acquiring an emergency response report, a risk evaluation report, a safety upgrade report and a protection item report, and setting evaluation items and evaluation item scores of all reports according to an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score;
and obtaining an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the evaluation item scores.
Optionally, the emergency response capability evaluation score is obtained by:
optionally, the risk assessment system evaluation score is obtained by the following method:
optionally, the security upgrade evaluation score is obtained by adding 0.5 to each evaluation item if the evaluation item meets the requirement:
optionally, the evaluation score of the protection item is obtained by adding 0.25 to each evaluation item if the evaluation item meets the requirement:
and S130, obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
And adding the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score to obtain a vehicle information safety level evaluation result.
Score=SV+SE+SR+SU+SP;
Wherein: scoreEvaluating a score for a vehicle information safety level; sV-a pattern test score; sE-an emergency response capability assessment score; sR-a risk assessment evaluation score; sU-a security upgrade evaluation score; sP-guard evaluation score.
Example 2
As shown in fig. 3, the present embodiment provides a vehicle information safety level evaluation device including:
a weight obtaining module 301 for the pattern test, the emergency response capability evaluation, the risk evaluation system evaluation, the safety upgrade evaluation and the protection item evaluation, configured to obtain weights for the pattern test, the emergency response capability evaluation, the risk evaluation system evaluation, the safety upgrade evaluation and the protection item evaluation by using an analytic hierarchy process;
a model test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score calculating module 302, configured to calculate the model test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score, respectively, according to the weights;
and the vehicle information safety level evaluation result calculation module 303 is used for obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
By adopting the modules, the vehicle information safety level evaluation device can realize the same advantages as the vehicle information safety level evaluation method.
Example 3
As shown in fig. 4, the present embodiment provides an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method described above. The at least one processor in the electronic device is capable of performing the above method and thus has at least the same advantages as the above method.
Optionally, the electronic device further includes an interface for connecting the components, including a high-speed interface and a low-speed interface. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display Graphical information for a GUI (Graphical User Interface) on an external input/output device, such as a display device coupled to the Interface. In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). In fig. 4, one processor 401 is taken as an example.
The memory 402 may be used as a computer-readable storage medium for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the vehicle information security level evaluation method in the embodiment of the present invention (for example, the weight obtaining module 301 for the pattern test, the emergency response capability evaluation, the risk assessment system evaluation, the security upgrade evaluation, and the protection item evaluation, the pattern test score, the emergency response capability evaluation score, the risk assessment system evaluation score, the security upgrade evaluation score, and the protection item evaluation score calculating module 302, and the vehicle information security level evaluation result calculating module 303 in the vehicle information security level evaluation device). The processor 401 executes various functional applications of the device and data processing by running software programs, instructions, and modules stored in the memory 402, that is, implements the vehicle information safety level evaluation method described above.
The memory 402 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 402 may further include memory located remotely from the processor 401, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device may further include: an input device 403 and an output device 404. The processor 401, the memory 402, the input device 403 and the output device 404 may be connected by a bus or other means, and fig. 4 illustrates an example of a connection by a bus.
The input device 403 may receive input numeric or character information, and the output device 404 may include a display device, an auxiliary lighting device (e.g., an LED), a tactile feedback device (e.g., a vibration motor), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Example 4
The present embodiment provides a medium having stored thereon computer instructions for causing the computer to perform the method described above. The computer instructions on the medium for causing a computer to perform the method described above thus have at least the same advantages as the method described above.
The medium of the present invention may take the form of any combination of one or more computer-readable media. The medium may be a computer readable signal medium or a computer readable storage medium. The medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the medium include: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF (Radio Frequency), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A vehicle information safety level evaluation method is characterized in that vehicle information safety level evaluation is carried out according to a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation, and the method comprises the following steps:
respectively obtaining the weights of a type test, emergency response capability evaluation, risk evaluation system evaluation, safety upgrade evaluation and protection item evaluation by adopting an analytic hierarchy process;
respectively calculating a type test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the weights;
and obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
2. The vehicle information safety level evaluation method according to claim 1, wherein calculating a pattern test score, an emergency response capability evaluation score, a risk assessment system evaluation score, a safety upgrade evaluation score, and a protection item evaluation score, respectively, according to the weights, comprises:
and respectively determining a pattern test total score, an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score according to the weights, and then respectively calculating a pattern test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score.
3. The vehicle information safety level evaluation method according to claim 2, characterized in that the pattern test score is obtained in the following manner: obtaining a type test score according to the total score of the type test, the number of low-risk leaks detected by the type test, the number of medium-risk leaks detected by the type test and the number of high-risk leaks detected by the type test; according to the grading principle of the CVSS2.0 standard, the low-risk vulnerability refers to the vulnerability with the score higher than 0 and less than 4, the medium-risk vulnerability refers to the vulnerability with the score higher than 4 and less than 7, and the high-risk vulnerability refers to the vulnerability with the score higher than 7 and less than 10.
4. The vehicle information safety level evaluation method according to claim 3, characterized in that the pattern test score is calculated in the following manner:
SV=Vgeneral assembly-(Vl+2Vm+4Vh);
Wherein S isvIs a type test score; vGeneral assemblyIs the total fraction of the type test; vlThe number of low-risk leaks detected by a type test; vmThe number of the medium-risk loopholes detected by the type test; vhThe number of high-risk leaks detected by the type test.
5. The vehicle information safety level evaluation method according to claim 4, wherein the pattern test includes a test for a vehicle network architecture, an ECU, a T-box, an IVI, a radio, an App, and a cloud platform;
determining 10-12 test points of a whole vehicle network architecture according to a bus and a gateway;
determining 4-6 test points of the ECU according to the EPS diagnosis test, the ESC diagnosis test and the SRS diagnosis test;
determining 35-38 test points of a T-Box and 35-41 test points of an IVI (interactive virtual interface) according to hardware security, key management, data security, an operating system, software upgrading, firmware security, log audit, communication security, browser security and USB security;
determining 12-16 test points of the radio according to Bluetooth, WIFI, a keyless entry system and a GPS;
determining 20-24 test items of the App according to the client program safety, the sensitive information safety, the communication safety, the service safety and the component safety;
and determining 15-21 test items of the cloud platform according to WEB application safety, database safety, middleware safety and server safety.
6. The vehicle information safety level evaluation method according to claim 1, wherein the emergency response capability evaluation score, the risk assessment system evaluation score, the safety upgrade evaluation score, and the protection item evaluation score are obtained in the following manner:
acquiring an emergency response report, a risk evaluation report, a safety upgrade report and a protection item report, and setting evaluation items and evaluation item scores of all reports according to an emergency response capability evaluation total score, a risk evaluation system evaluation total score, a safety upgrade evaluation total score and a protection item evaluation total score;
and obtaining an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score according to the evaluation item scores.
7. The vehicle information safety level evaluation method according to any one of claims 1 to 6, wherein obtaining a vehicle information safety level evaluation result according to a pattern test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrade evaluation score and a protection item evaluation score comprises:
and adding the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score to obtain a vehicle information safety level evaluation result.
8. A vehicle information safety level evaluation device characterized by comprising:
the weight obtaining module is used for obtaining weights of the type test, the emergency response capability evaluation, the risk evaluation system evaluation, the safety upgrade evaluation and the protection item evaluation by adopting an analytic hierarchy process;
the safety upgrading evaluation system comprises a model test score, an emergency response capability evaluation score, a risk evaluation system evaluation score, a safety upgrading evaluation score and a protection item evaluation score calculation module, wherein the model test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrading evaluation score and the protection item evaluation score are respectively calculated according to the weights;
and the vehicle information safety level evaluation result calculation module is used for obtaining a vehicle information safety level evaluation result according to the type test score, the emergency response capability evaluation score, the risk evaluation system evaluation score, the safety upgrade evaluation score and the protection item evaluation score.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A medium having stored thereon computer instructions for causing a computer to perform the method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011463933.6A CN112686499A (en) | 2020-12-14 | 2020-12-14 | Vehicle information safety level evaluation method and device, electronic device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011463933.6A CN112686499A (en) | 2020-12-14 | 2020-12-14 | Vehicle information safety level evaluation method and device, electronic device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112686499A true CN112686499A (en) | 2021-04-20 |
Family
ID=75449317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011463933.6A Pending CN112686499A (en) | 2020-12-14 | 2020-12-14 | Vehicle information safety level evaluation method and device, electronic device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112686499A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
| CN113537794A (en) * | 2021-07-22 | 2021-10-22 | 北京中科闻歌科技股份有限公司 | Target object analysis method and device, electronic equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110705852A (en) * | 2019-09-19 | 2020-01-17 | 安徽百诚慧通科技有限公司 | Vehicle risk assessment method based on analytic hierarchy process |
| CN110826848A (en) * | 2019-09-19 | 2020-02-21 | 安徽百诚慧通科技有限公司 | Driver risk assessment method based on analytic hierarchy process |
| CN111126832A (en) * | 2019-12-20 | 2020-05-08 | 中国汽车技术研究中心有限公司 | Automobile information safety test evaluation method |
-
2020
- 2020-12-14 CN CN202011463933.6A patent/CN112686499A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110705852A (en) * | 2019-09-19 | 2020-01-17 | 安徽百诚慧通科技有限公司 | Vehicle risk assessment method based on analytic hierarchy process |
| CN110826848A (en) * | 2019-09-19 | 2020-02-21 | 安徽百诚慧通科技有限公司 | Driver risk assessment method based on analytic hierarchy process |
| CN111126832A (en) * | 2019-12-20 | 2020-05-08 | 中国汽车技术研究中心有限公司 | Automobile information safety test evaluation method |
Non-Patent Citations (1)
| Title |
|---|
| 李华君: "从实践中学习Nessus与OpenVAS漏洞扫描", 机械工业出版社 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113325825A (en) * | 2021-06-07 | 2021-08-31 | 深圳市金城保密技术有限公司 | Intelligent networking automobile data and information safety evaluation system |
| CN113537794A (en) * | 2021-07-22 | 2021-10-22 | 北京中科闻歌科技股份有限公司 | Target object analysis method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Martins et al. | Requirements engineering for safety-critical systems: A systematic literature review | |
| Letouzey et al. | Managing technical debt with the sqale method | |
| Manadhata et al. | An attack surface metric | |
| Manadhata et al. | A formal model for a system’s attack surface | |
| US8645455B2 (en) | Analyzing anticipated value and effort in using cloud computing to process a specified workload | |
| US20120102361A1 (en) | Heuristic policy analysis | |
| US20120066166A1 (en) | Predictive Analytics for Semi-Structured Case Oriented Processes | |
| Kulk et al. | Quantifying requirements volatility effects | |
| CN112686499A (en) | Vehicle information safety level evaluation method and device, electronic device and medium | |
| Umar et al. | Analyzing non-functional requirements (NFRs) for software development | |
| CN113837596B (en) | Fault determination method and device, electronic equipment and storage medium | |
| CN104022899A (en) | Three-dimensional assessment method for network management system and system | |
| CN112037007A (en) | Credit approval method for small and micro enterprises and electronic equipment | |
| Vogel et al. | Metrics in automotive software development: A systematic literature review | |
| CN114004700A (en) | Service data processing method and device, electronic equipment and storage medium | |
| Chen | The development and validation of a human factors analysis and classification system for the construction industry | |
| CN111563673A (en) | Computer technology digitization degree evaluation method and device | |
| CN112668842A (en) | Vehicle insurance claim settlement risk factor evaluation method and device, electronic equipment and medium | |
| CN113254944B (en) | Vulnerability processing method, system, electronic device, storage medium and program product | |
| Afgan | Resilience of company management system | |
| CN114968821A (en) | Test data generation method and device based on reinforcement learning | |
| KR102637553B1 (en) | Project Management Methods for Information Protection Certification | |
| CN114996668B (en) | Processing method, device, equipment and medium of open source assembly | |
| US9229685B2 (en) | Automated corruption analysis of service designs | |
| CN116957320A (en) | Toughness strategy scheduling method, device and medium for power grid material supply chain system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |