CN114595458A - Vulnerability processing method, vulnerability processing system and vehicle - Google Patents
Vulnerability processing method, vulnerability processing system and vehicle Download PDFInfo
- Publication number
- CN114595458A CN114595458A CN202011412604.9A CN202011412604A CN114595458A CN 114595458 A CN114595458 A CN 114595458A CN 202011412604 A CN202011412604 A CN 202011412604A CN 114595458 A CN114595458 A CN 114595458A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- vehicle
- attack
- threat
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 60
- 238000003672 processing method Methods 0.000 title claims abstract description 15
- 238000004891 communication Methods 0.000 claims abstract description 46
- 238000000034 method Methods 0.000 claims description 11
- 238000012544 monitoring process Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 7
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000003786 synthesis reaction Methods 0.000 description 1
- 238000003041 virtual screening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Small-Scale Networks (AREA)
Abstract
The application provides a vulnerability processing method, a vulnerability processing system and a vehicle, wherein the vulnerability processing method comprises the following steps: determining a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; determining an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between a vehicle access point and a vehicle communication node in the vehicle; and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability. The vulnerability processing method can well correlate the vulnerability with the vehicle, and can determine the corresponding processing rule aiming at the vulnerability, so that the vulnerability can be processed in a targeted manner, poor vulnerability processing effect is avoided, and the information safety of the vehicle is ensured.
Description
Technical Field
The application relates to the field of internet vehicle information security, in particular to a vulnerability processing method, a vulnerability processing system and a vehicle.
Background
With the development of vehicle networking and intellectualization, the information security of the networked vehicles gets more and more attention of people. In present vehicles, the code amount is often large, far exceeding that of PC and smart phone systems for a long time, and is continuously increasing, and according to statistics, the code amount of some high-end vehicles reaches one hundred million lines. The increase of the code amount brings about the increase of the software complexity and also brings about the software vulnerability risk to the vehicle. In the prior art, vulnerability detection for a vehicle system is generally completed in an offline manual scanning mode, and vulnerability information cannot be effectively associated with affected vehicles, so that vulnerabilities are difficult to be processed in a targeted mode, the vulnerability processing effect is poor, and the information safety of the vehicles is difficult to guarantee.
Disclosure of Invention
In order to solve the above problem, embodiments of the present application provide a vulnerability processing method, a vulnerability processing system, and a vehicle, so as to at least partially solve the above problem.
According to a first aspect of an embodiment of the present application, an embodiment of the present application provides a vulnerability processing method, which includes: determining a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; determining an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between the vehicle access point and the vehicle communication node in the vehicle; and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
According to a second aspect of an embodiment of the present application, an embodiment of the present application provides a vulnerability processing system, which includes: the vulnerability determining unit determines a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; the threat calculation unit determines an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between the vehicle access point and the vehicle communication node in the vehicle; and the security policy unit determines a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
According to a third aspect of the embodiments of the present application, there is provided a vehicle including the above vulnerability processing system.
In the vulnerability processing method in the embodiment of the application, the vulnerability indicated by the vulnerability information and the attack target point of the vulnerability can be determined according to the vulnerability information of the vehicle, and the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; determining an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between a vehicle access point and a vehicle communication node in the vehicle; and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability. Therefore, the vulnerability can be well associated with the vehicle, and the corresponding processing rule can be determined according to the vulnerability, so that the vulnerability can be processed in a targeted manner, poor vulnerability processing effect is avoided, and the information safety of the vehicle is ensured.
Drawings
The drawings are only for purposes of illustrating and explaining the present application and are not to be construed as limiting the scope of the present application.
Fig. 1 is a flowchart illustrating steps of a vulnerability handling method according to a first embodiment of the present application;
FIG. 2 is a block diagram illustrating one component of version fingerprint information according to an embodiment of the present application;
FIG. 3 illustrates an alternative version of a vehicle topology according to an embodiment of the present application;
fig. 4 shows an alternative style of the correspondence table of the vehicle architecture model according to the embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the embodiments of the present application, the technical solutions in the embodiments of the present application will be described clearly and completely below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application shall fall within the scope of the protection of the embodiments in the present application.
Example one
Referring to fig. 1, a flowchart illustrating steps of a vulnerability processing method according to a first embodiment of the present application is shown.
In the first embodiment of the present application, the following steps S102 to S106 are included.
Step S102: and determining the vulnerability indicated by the vulnerability information and the attack target point of the vulnerability according to the vulnerability information of the vehicle.
The attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node.
In network security of a vehicle, a vulnerability refers to a flaw associated with vehicle software, hardware, etc. and the entire vehicle, which may allow an attacker to access or destroy the entire vehicle system without authorization. Therefore, processing the vulnerability is an important means for ensuring the safety of the vehicle. The vulnerability processing method in the embodiment of the application firstly determines the vulnerability indicated by the vulnerability information and the attack target point of the vulnerability according to the vulnerability information.
The vehicle in the embodiment of the present application includes a plurality of hardware units, such as a communication interface, a central gateway unit, each Electronic Control Unit (ECU), and the like, and software information is run on some of the hardware units. In the embodiment of the application, the hardware information and the software information on the vehicle are collectively referred to as the safety asset information of the vehicle. In the embodiment of the application, each hardware unit on the vehicle stores the version fingerprint information, and the version fingerprint information is embedded into each hardware unit according to the same rule. In the embodiment of the present application, the version fingerprint information is a set of version synthesis codes, which includes content items and Software of vehicle security assets, hardware version information, belonging vehicle types, modules, and the like, such as a chip, an OS (Operating System), an OSs (Open Source Software), and the like. When a vehicle runs, the central gateway unit needs to be responsible for scanning safety assets in the whole vehicle, and when the central gateway unit scans, local scanning is mainly performed to perform local version fingerprint information check. For the hardware units except the central gateway unit, network scanning is mainly performed, and network version fingerprint information checking is performed, for example, the central gateway unit may acquire version fingerprint information of different hardware units in an ethernet manner.
In an optional implementation mode, the content of the version fingerprint information is 64bytes long, wherein the front 4 bits of the main version are increased along with the increment of the hardware and the OS version, and the rear 28 bits of the main version are increased along with the increment of the software component version upgrading; the initial value is 0.
Specifically, referring to fig. 2, a composition structure diagram of the version fingerprint information is shown, wherein a main version is 32 bits, a main control hardware occupies 4 bits, an OS occupies 4 bits, each software component occupies 4 bits, and the version fingerprint information content is 64bytes long, wherein the first 4 bits of the 32-bit content of the main version increase progressively with the hardware and OS versions, and the last 28 bits increase progressively with the software component upgrade.
In the embodiment of the present application, the central gateway unit may be an ECU having a function of executing a gateway, which may function as a route in vehicle communication. Of course, other components that can perform the gateway function are also possible, and the embodiments of the present application are not limited.
In an optional embodiment, the vulnerability processing method may synchronize safe asset information of a vehicle according to version fingerprint information of the vehicle, where the asset information includes hardware information of the vehicle and software information of the vehicle, and the version fingerprint information is used to indicate version information of hardware of the vehicle and version information of software of the vehicle; and acquiring the vulnerability information of the vehicle from a vulnerability library according to the safety asset information of the vehicle.
After the current safety asset information of the whole vehicle is scanned, the central gateway unit can send the version fingerprint information of the scanned safety asset information to the cloud module in a network connection mode, and the cloud module synchronizes the safety asset information of the vehicle to the asset library by using the version fingerprint information. In the embodiment of the application, the asset library is a database which stores safe asset information accessed and synchronized by vehicles of various vehicle types and also stores latest safe asset information, namely latest safe and stable versions, and after the central gateway unit synchronizes the current safe asset information of the whole vehicle into the asset library, the cloud end can compare the version information in the safe asset information of the current synchronized vehicle with the latest safe asset information to acquire the difference between the version information and the latest safe asset information.
And after synchronizing the safe asset information to the asset library, the cloud module acquires vulnerability information related to the current vehicle from the vulnerability library according to the safe asset information of the vehicle. In the embodiment of the present application, the vulnerability information refers to vulnerability information searched from a vulnerability database according to software information and hardware information of a vehicle, the vulnerability database is a database which stores vulnerability information associated with a plurality of vehicle types, wherein the vulnerability information mainly comes from each vulnerability information disclosure platform, for example: open source community, chip official network, code warehouse, etc.
In an optional embodiment, the vulnerability information in the vulnerability database is crawled from each vulnerability disclosure information platform through an intelligent crawler module in the cloud module, key character information is continuously retrieved from each vulnerability information disclosure platform which is configured and connected in advance according to the security asset information, downloading of the associated vulnerability information is automatically completed, and in an optional embodiment, downloading of the associated vulnerability information is automatically completed in a mode matching mode until all the associated vulnerability information is stored in the vulnerability database.
After the relevant vulnerability information is stored in the vulnerability database, the vulnerability information corresponding to the safety asset information of the vehicle is obtained from the vulnerability database according to the safety asset information of the vehicle, the relevant vulnerability can be determined from the vulnerability information, the specific position where the vulnerability can be located on the vehicle can be obtained, and the specific position is used as an attack target point, namely, if the vulnerability is to be utilized, at least one attack target point is required to be utilized. The attack target point in this embodiment may be one of a vehicle access point, vehicle access point hardware, and a vehicle communication node, where the vehicle access point refers to each communication port of a vehicle in the vehicle, and the communication ports include a wireless communication port and a wired communication port, and the wireless communication port includes: a cellular network port, a BLE (Bluetooth Low Energy) port, a Bluetooth port, a Radio Frequency Identification (RFID) port, a WiFi port, and the like. The wired communication port includes: USB port, CAN bus interface, ethernet interface, etc. The hardware of the vehicle access point is the hardware unit where the vehicle access point is located. In the present embodiment, the Vehicle communication node refers to each hardware module of the Vehicle, for example, each ECU (Electronic Control Unit) of the Vehicle, BCM (Body Control module), TBOX (Telematics Box), IVI (In-Vehicle Infotainment system), and the like. The vulnerability may arise directly in the associated software on these vehicle access points and vehicle communication nodes. Of course, the exploitation of these vulnerabilities also requires exploitation at the corresponding target of attack.
Step S104: and determining an attack path corresponding to the vulnerability and the threat degree of the attack path according to the vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph.
Wherein the vehicle topology graph is used to indicate a topological relationship between the vehicle access points and the vehicle communication nodes in the vehicle.
In the embodiment of the application, after the vulnerability is obtained, according to the vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, the attack path corresponding to the vulnerability and the threat degree of the attack path are determined.
The vehicle topological graph in the embodiment of the application can be used for indicating the topological relation between the vehicle access point and the vehicle communication node in the vehicle, and is a bus topological graph of the connection relation of each hardware module in the vehicle. Fig. 3 is an example of a vehicle topology in the embodiment of the present application, and the parts and the connection relationship between them are also only an example and are not limited to the present application.
As CAN be seen from fig. 3, in this example, there are cellular network ports, BLE ports on TBOX, WiFi ports, Bluetooth ports on IVI, RFID ports on BCM modules, CAN bus ports on CGW (Central Gateway unit), Ethernet (ETH) ports, Data Link Connector (DLC) ports, CAN bus ports, etc. In vehicles, DLC (On Board Diagnostics) can be connected to OBD (On Board Diagnostics). The attack path in the embodiment of the application refers to a necessary path which is needed when a vulnerability on a vehicle communication node is used.
In an optional embodiment, the determining, according to the vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, an attack path corresponding to the vulnerability includes: and determining an attack path taking a vehicle access point as a starting point and the attack target point as an end point according to the topological relation.
In the embodiment of the application, a vehicle model architecture model is established for a vehicle topological graph, vehicle access points and vehicle communication nodes, and selectable attack paths which can reach the corresponding vehicle communication nodes when a vulnerability is located on each vehicle communication node and accessed from each vehicle access point can be represented in the vehicle model architecture model.
In an optional embodiment, determining an attack path corresponding to the vulnerability includes: determining a plurality of attack links of the attack path and threat coefficients corresponding to the attack links; calculating the threat degree of the attack path according to the threat coefficients corresponding to the attack links; the plurality of attack links comprise at least one of an attack link on the vehicle access point, an attack link on hardware of the vehicle access point, an attack link on a bus and an attack link on the vehicle communication node.
The attack link in the embodiment of the application refers to an attack link when a corresponding attack target point utilizes a vulnerability and the attack path respectively passes through a vehicle communication node or a bus and other parts. Taking an attack target point as a vehicle communication node as an example, wherein the attack target point comprises an attack link to a vehicle access point, namely, a communication port of a vehicle is accessed firstly by utilizing a loophole in the vehicle; an attack link to the hardware of the vehicle access point, namely further attacking a hardware module installed on the vehicle access point; an attack link to the bus, namely, further attacking the transmission route; and (4) attacking links of the vehicle communication nodes, namely, finally reaching the positions of the vulnerabilities. It should be noted that, when the attack target point is a vehicle access point, there is an attack link; when the attack target point is the hardware of the vehicle access point, at least two attack links are provided; when the attack target point is a vehicle communication node, at least four attack links are provided.
For a single vulnerability, a plurality of attack links on a single attack path correspond to a plurality of threat coefficients. Optionally, the threat coefficient of the attack link corresponding to the attack target is a Common Virtual Screening System (CVSS) score of the Vulnerability. In the embodiment of the present application, the vehicle model architecture model is a virtual model that is modeled in advance according to information such as an electronic architecture, a communication access point, and a bus topology of a vehicle model. All attack paths of any attack target point, all attack links of a single path and threat coefficients of all attack links can be corresponded on the corresponding table.
It should be understood that the correspondence table may be different according to different vehicle conditions, and should be determined according to the conditions, and the embodiment of the present application is not limited.
Specifically, in an optional implementation manner, the calculating the threat level of the attack path according to the threat coefficients corresponding to the attack links includes: and calculating the product of the threat coefficients of the attack links and a preset threat coefficient, and taking the product as the threat degree of the attack path.
As an example for easy understanding, referring to fig. 4, taking the first row of sequence number 1 as an example, and the vehicle communication node CGW in the last column as an attack target point, then: the threat level of this attack path is X c1 p1 b1 a 1.
Wherein c1 is a threat coefficient of an attack link to a vehicle access point, p1 is a threat coefficient of an attack link to vehicle access point hardware, b1 is a threat coefficient of an attack link to a bus, A1 is a threat coefficient of an attack link to a vehicle communication node, and X is a preset threat coefficient. Of course, when the vehicle access points are different, the value of c1 is different; when the hardware of the vehicle access points is different, the value of p1 is different; when the buses are different, the values of b1 are different; when the vehicle communication nodes are different, the value of A1 is different.
In an alternative embodiment, the threat coefficient of the attack link corresponding to the target attack point may be a CVSS score of the vulnerability. In this case, the attack target point is CGW in the above example, i.e., the vehicle communication node, and a1 is equal to the CVSS score.
In this example, if the target of the attack is TBOX, i.e. a vehicle access point hardware, there are two attack links, and the threat level of the attack path is X × c1 × p 1. Of course, the above is only an example for easy understanding and is not a limitation of the present application.
In the embodiment of the application, the preset threat coefficient is an initial value for calculating the threat degree of the attack path, the threat coefficients of a plurality of attack links are multiplied by the preset threat coefficient to obtain a product, the product is used as the threat degree of the attack path, and the threat degree can be used for measuring the difficulty of utilizing the vulnerability through the attack path. The preset threat coefficient may be set according to an actual situation or a vulnerability type, and in an optional embodiment, the preset threat coefficient may be set to 10.
Step S106: and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
In the embodiment of the application, the processing rule corresponding to the vulnerability can be determined according to the threat degree of the attack path corresponding to the vulnerability, so that the vulnerability can be processed in a targeted manner, and the problem of poor vulnerability processing effect is avoided.
In an optional embodiment, the determining an attack path corresponding to the vulnerability and a threat level of the attack path includes: determining a plurality of attack paths corresponding to the vulnerability and the threat degree corresponding to each attack path; determining, according to the threat level of the attack path corresponding to the vulnerability, a processing rule corresponding to the vulnerability includes: counting the threat degrees of the attack paths, and determining the threat degree of the vulnerability according to the counting result; and determining a processing rule of the vulnerability according to the threat degree of the vulnerability.
In the embodiment of the present application, when a vulnerability corresponds to multiple attack paths, the threat degrees of the multiple attack paths may be calculated respectively and counted as described above, in which the mode of counting the multiple vulnerabilities in the embodiment of the present application may be comparing the threat degrees of the multiple attack paths, or performing operations such as adding and multiplying the threat degrees of the multiple attack paths, and the embodiment of the present application is not limited. And obtaining a statistical result after statistics, determining the threat degree of the vulnerability according to the statistical result, and finally determining the processing rule of the vulnerability according to the threat degree of the vulnerability.
In an optional embodiment, the counting the threat degrees of the multiple attack paths and determining the threat degree of the vulnerability according to a statistical result includes: and counting the threat degrees of a plurality of attack paths to obtain the maximum value of the threat degrees of the attack paths, and taking the maximum value as the threat degree of the vulnerability.
In this embodiment, the threat degrees of the multiple attack paths are counted, the threat degrees of the multiple attack paths are compared, and the maximum value of the threat degrees is used as the threat degree of the vulnerability, so that the vulnerability is further processed.
Specifically, if the number of the attack paths corresponding to the vulnerability is one, the threat degree of the attack path is used as the threat degree of the vulnerability, and the processing rule corresponding to the vulnerability is determined according to the threat degree of the vulnerability.
In the embodiment of the application, when the number of the attack paths of the vulnerability is one, the vulnerability can be attacked only from a certain fixed vehicle access point, so that the threat degree of the vulnerability can be determined only by taking the threat degree of the attack paths as the threat degree of the vulnerability, and the corresponding processing rule is determined.
As an example convenient to understand, referring to fig. 4, when an attack target point is IVI, 3 attack paths are corresponding to each attack target point, and are respectively located in the rows 3, 4, and 5 of the sequence number, each attack path has two attack links, the threat level of each attack path is calculated, the maximum value of the threat levels of the three attack paths is determined, and the maximum value is used as the threat level of the vulnerability. Conveniently, for example, there is a privilege escalation vulnerability in the attack target point IVI, the threat coefficient of the attack link to the Bluetooth port in row number 3 is 0.6, the threat coefficient of the attack link to the WiFi port in row number 4 is 0.7, and the threat coefficient of the attack link to the USB port in row number 5 is 0.3 according to the correspondence table, and if the threat coefficients are multiplied by the preset threat coefficients and the threat coefficients of the vehicle access point hardware IVI, respectively, the threat degree value of the first attack path is 6, the threat degree value of the second attack path is 7, and the threat degree value of the third attack path is 3, then the threat degrees of the two attack paths are used as the threat degree of the vulnerability. It should be understood that this example, which is convenient for understanding, is not to be taken as a limitation of the present embodiment.
In the whole process of calculating the threat degree of the vulnerability, automatic processing is carried out, and the processing is rapid.
In an optional embodiment, in the embodiment of the present application, the determining a processing rule of the vulnerability according to the threat of the vulnerability includes: judging whether the vulnerability can be utilized or not according to the threat degree of the vulnerability; if the judgment result is that the vulnerability can be utilized, processing the vulnerability; or if the judgment result is that the vulnerability can not be utilized, monitoring the vulnerability.
In the vulnerability processing method in the embodiment of the application, the vulnerability is processed, the threat degree of the vulnerability needs to be considered, whether the current vulnerability can be utilized or not can be judged by judging the value of the threat degree, when the vulnerability can be utilized, the vulnerability is processed, if the judged result is that the vulnerability can not be utilized, a vulnerability monitoring rule is generated and sent to a vehicle to carry out real-time monitoring on the vulnerability, so that the vulnerability can be timely informed to be early-warned and further processed when the vulnerability is found to be utilized, and the safety of the vehicle safety asset information is guaranteed.
In this embodiment, the manner of determining whether the vulnerability is available may be to compare the threat level of the vulnerability with a preset value, determine that the vulnerability is available when the threat level of the vulnerability is greater than or equal to the preset value, and determine that the vulnerability is unavailable when the threat level of the vulnerability is less than the preset value. As an example, the preset value is 6. Of course, the present embodiment does not limit the numerical values.
The threat level of the vulnerability may be judged to be exploitable or unusable according to the value interval, for example, if the threat level of the vulnerability is between 5 and 8, the vulnerability is judged to be exploitable, and between 1 and 5, and between 8 and 10, the vulnerability is judged to be unusable. Of course, this embodiment does not limit this numerical range.
In the embodiment of the application, different judgment conditions can be set according to different types of bugs and actual conditions respectively according to different types, and targeted processing is further performed.
Further, in this embodiment, if the determination result is that the vulnerability can be utilized, the processing of the vulnerability includes: if the judgment result is that the patch can be utilized, judging whether the patch of the vulnerability exists or not; if so, repairing the vulnerability by using the patch; or if the patch does not exist, monitoring the vulnerability.
When the vulnerability is determined to be available, the vulnerability needs to be processed, related patches need to be searched during processing, whether the patch of the vulnerability exists or not is judged, if the patch of the vulnerability exists, the patch is pushed to an OTA module, a repairing package is generated, and the vulnerability is repaired. The repair package is a large software package integrated with patches, and in a vehicle, a single patch cannot be directly updated, so that the patches need to be integrated into the repair package for repair. If no patch exists, the vulnerability is monitored, vulnerability monitoring rules can be generated and issued to the vehicle to monitor the vulnerability in real time, so that early warning and further processing can be informed in time when the vulnerability is found to be utilized, and the safety of the vehicle safety asset information is guaranteed.
Further, in this embodiment, after the bug is repaired, the vehicle software information is updated in real time, the version fingerprint information is also updated, and the updated version fingerprint information is synchronized to the asset library by the central gateway unit, so as to ensure that the latest version fingerprint information of the current vehicle type can be stored in the asset library in real time.
Therefore, by the vulnerability processing method in the embodiment, the vulnerability indicated by the vulnerability information and the attack target point of the vulnerability can be determined according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; determining an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between a vehicle access point and a vehicle communication node in the vehicle; and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability. Therefore, the vulnerability can be well associated with the vehicle, and the corresponding processing rule can be determined according to the vulnerability, so that the vulnerability can be processed in a targeted manner, poor vulnerability processing effect is avoided, and the information safety of the vehicle is ensured.
Example two
The second embodiment provides a vulnerability processing system, which includes: the vulnerability determining unit determines a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node; the threat calculation unit determines an attack path corresponding to the vulnerability and the threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating the topological relation between the vehicle access point and the vehicle communication node in the vehicle; and the security policy unit determines a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
Furthermore, the vulnerability processing system also comprises a scanning module, wherein the scanning module is arranged in the middle network gateway unit and is used for scanning and acquiring the version fingerprint information and the safety asset information of each module of the vehicle.
Further, the vulnerability processing system also comprises a monitoring module which is used for monitoring the vulnerability which is unavailable or has no patch. And the security policy module sends the generated vulnerability monitoring rule to the monitoring module.
Further, the vulnerability processing system also comprises an asset library, wherein the asset library stores the safety asset information accessed and synchronized by vehicles of a plurality of vehicle types.
Further, the vulnerability processing system further comprises a vulnerability library, and the vulnerability determining unit can obtain vulnerability information associated with the safe asset information of the vehicle from the vulnerability library.
Therefore, the vulnerability can be well associated with the vehicle through the vulnerability processing system in the embodiment, and the corresponding processing rule can be determined according to the vulnerability, so that the vulnerability can be processed in a targeted manner, poor vulnerability processing effect is avoided, and the information safety of the vehicle is ensured.
EXAMPLE III
The third aspect of the application also provides a vehicle which comprises the vulnerability processing system provided by the second aspect. Due to the fact that the vehicle has the vulnerability processing system, the vulnerability can be well associated with the vehicle, the corresponding processing rule can be determined according to the vulnerability, the vulnerability can be processed in a targeted mode, poor vulnerability processing effect is avoided, and information safety of the vehicle is guaranteed.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the embodiments of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present application.
Claims (12)
1. A vulnerability processing method is characterized by comprising the following steps:
determining a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node;
determining an attack path corresponding to the vulnerability and a threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating a topological relation between the vehicle access point and the vehicle communication node in the vehicle;
and determining a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
2. The method of claim 1, wherein said determining a threat level of said attack path comprises:
determining a plurality of attack links of the attack path and threat coefficients corresponding to the attack links;
calculating the threat degree of the attack path according to the threat coefficients corresponding to the attack links; the attack links comprise at least one of an attack link on the vehicle access point, an attack link on hardware of the vehicle access point, an attack link on a bus and an attack link on the vehicle communication node.
3. The method according to claim 2, wherein the calculating the threat level of the attack path according to the threat coefficients corresponding to the plurality of attack segments includes:
and calculating the product of the threat coefficients of the attack links and a preset threat coefficient, and taking the product as the threat degree of the attack path.
4. The method of claim 1, wherein the determining an attack path corresponding to the vulnerability and a threat level of the attack path comprises:
determining a plurality of attack paths corresponding to the vulnerability and the threat degree corresponding to each attack path;
determining, according to the threat level of the attack path corresponding to the vulnerability, a processing rule corresponding to the vulnerability includes:
counting the threat degrees of the attack paths, and determining the threat degree of the vulnerability according to the counting result;
and determining a processing rule of the vulnerability according to the threat degree of the vulnerability.
5. The method of claim 4, wherein the counting the threat level of the attack paths and determining the threat level of the vulnerability according to the statistical result comprises:
and counting the threat degrees of a plurality of attack paths to obtain the maximum value of the threat degrees of the attack paths, and taking the maximum value as the threat degree of the vulnerability.
6. The method according to claim 1, wherein the determining the processing rule corresponding to the vulnerability according to the threat level of the attack path corresponding to the vulnerability includes:
if the number of the attack paths corresponding to the vulnerability is one, the threat degree of the attack paths is used as the threat degree of the vulnerability, and the processing rule corresponding to the vulnerability is determined according to the threat degree of the vulnerability.
7. The method according to claim 5 or 6, wherein the determining the processing rule corresponding to the vulnerability according to the threat level of the vulnerability includes:
judging whether the vulnerability can be utilized or not according to the threat degree of the vulnerability;
if the judgment result is that the vulnerability can be utilized, processing the vulnerability; or,
and if the judgment result is that the vulnerability can not be utilized, monitoring the vulnerability.
8. The method of claim 7, wherein processing the vulnerability if the determination result is exploitable comprises:
if the judgment result is that the patch can be utilized, judging whether the patch of the vulnerability exists or not;
if so, repairing the vulnerability by using the patch; or,
and if no patch exists, monitoring the vulnerability.
9. The method according to claim 1, wherein the determining an attack path corresponding to the vulnerability according to the vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph comprises:
and determining an attack path taking a vehicle access point as a starting point and the attack target point as an end point according to the topological relation.
10. The method of claim 1, further comprising:
synchronizing safety asset information of a vehicle according to version fingerprint information of the vehicle, wherein the safety asset information comprises hardware information of the vehicle and software information of the vehicle, and the version fingerprint information is used for indicating the version information of the hardware of the vehicle and the version information of the software of the vehicle;
and acquiring the vulnerability information of the vehicle from a vulnerability library according to the safety asset information of the vehicle.
11. A vulnerability processing system, comprising:
the vulnerability determining unit determines a vulnerability indicated by the vulnerability information and an attack target point of the vulnerability according to the vulnerability information of the vehicle, wherein the attack target point is one of a vehicle access point, vehicle access point hardware and a vehicle communication node;
the threat calculation unit determines an attack path corresponding to the vulnerability and the threat degree of the attack path according to a vehicle topological graph corresponding to the vehicle and the position of the attack target point in the vehicle topological graph, wherein the vehicle topological graph is used for indicating the topological relation between the vehicle access point and the vehicle communication node in the vehicle;
and the security policy unit determines a processing rule corresponding to the vulnerability according to the threat degree of the attack path corresponding to the vulnerability.
12. A vehicle comprising the vulnerability processing system of claim 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011412604.9A CN114595458A (en) | 2020-12-04 | 2020-12-04 | Vulnerability processing method, vulnerability processing system and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011412604.9A CN114595458A (en) | 2020-12-04 | 2020-12-04 | Vulnerability processing method, vulnerability processing system and vehicle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114595458A true CN114595458A (en) | 2022-06-07 |
Family
ID=81812169
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011412604.9A Pending CN114595458A (en) | 2020-12-04 | 2020-12-04 | Vulnerability processing method, vulnerability processing system and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114595458A (en) |
-
2020
- 2020-12-04 CN CN202011412604.9A patent/CN114595458A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102274803B1 (en) | Quantifying the consistency of system architecture | |
| CN106828362B (en) | Safety testing method and device for automobile information | |
| US20190116157A1 (en) | Information processing method, information processing system, and non-transitory computer-readable recording medium storing a program | |
| US11921845B2 (en) | Risk evaluation and countermeasure planning system, and risk evaluation and countermeasure planning method | |
| US11924225B2 (en) | Information processing apparatus, information processing method, and recording medium | |
| CN109871683B (en) | Database protection system and method | |
| WO2007004209A1 (en) | Method and system for network vulnerability assessment | |
| CN111177779A (en) | Database auditing method, device thereof, electronic equipment and computer storage medium | |
| CN112637178B (en) | Attack similarity calculation method and device, electronic equipment and readable storage medium | |
| CN111447167A (en) | Safety protection method and device for vehicle-mounted system | |
| CN111756842A (en) | Method and device for detecting vulnerability of Internet of vehicles and computer equipment | |
| CN111193727A (en) | Operation monitoring system and operation monitoring method | |
| CN113094704B (en) | Method and system for grading safety risk of automobile part information based on hybrid analysis | |
| CN113872959A (en) | Risk asset grade judgment and dynamic degradation method, device and equipment | |
| EP4135261B1 (en) | Information processing device, information processing method, and program | |
| CN114595458A (en) | Vulnerability processing method, vulnerability processing system and vehicle | |
| CN109688159B (en) | Network isolation violation identification method, server and computer-readable storage medium | |
| Hou et al. | Zero-day vulnerability inspired hazard assessment for autonomous driving vehicles | |
| CN106302304A (en) | The method and apparatus in management information security specification storehouse | |
| CN116933272B (en) | Game vulnerability real-time analysis method, device and system | |
| CN115941358B (en) | Vulnerability discovery method, vulnerability discovery device, terminal equipment and storage medium | |
| CN115834187A (en) | Vehicle controller vulnerability management method, system, electronic device and storage medium | |
| Tarrach et al. | Threat repair with optimization modulo theories | |
| KR20240126308A (en) | Method for assessing security of in-vehicle network | |
| CN115250184A (en) | Firewall white list updating and testing method, device, storage medium and vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240123 Address after: 200030 Shanghai city Xuhui District Wukang Road No. 390 Applicant after: Shanghai automotive industry (Group) Co.,Ltd. Country or region after: China Applicant after: SAIC Motor Corp.,Ltd. Address before: Room 509, building 1, 563 Songtao Road, Pudong New Area, Shanghai, 201804 Applicant before: SAIC Motor Corp.,Ltd. Country or region before: China |