CN115146283A - Information security testing method and device for vehicle-mounted information interaction system - Google Patents
Information security testing method and device for vehicle-mounted information interaction system Download PDFInfo
- Publication number
- CN115146283A CN115146283A CN202211081244.8A CN202211081244A CN115146283A CN 115146283 A CN115146283 A CN 115146283A CN 202211081244 A CN202211081244 A CN 202211081244A CN 115146283 A CN115146283 A CN 115146283A
- Authority
- CN
- China
- Prior art keywords
- information
- data
- security
- data acquisition
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 113
- 230000003993 interaction Effects 0.000 title claims abstract description 46
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000011076 safety test Methods 0.000 claims abstract description 14
- 239000000284 extract Substances 0.000 claims abstract description 5
- 238000013515 script Methods 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 claims description 8
- 238000013507 mapping Methods 0.000 claims description 8
- 238000009781 safety test method Methods 0.000 claims description 6
- 238000013480 data collection Methods 0.000 claims description 5
- 230000035945 sensitivity Effects 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims 1
- 239000000243 solution Substances 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method and a device for testing information safety of a vehicle-mounted information interaction system. Wherein the method comprises the following steps: the method comprises the steps that a controller responds to a data acquisition requirement, and an information safety test case corresponding to the data acquisition requirement is injected into an execution tool, wherein the test case comprises a file type and sensitive information keywords corresponding to the data acquisition requirement; the execution tool identifies a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracts the sensitive information and identifies a security vulnerability; and the controller generates an information security test report according to the security vulnerability. The information safety test of the vehicle-mounted information interaction system is realized through data acquisition.
Description
Technical Field
The embodiment of the invention relates to the field of information security, in particular to a method and a device for testing information security of a vehicle-mounted information interaction system.
Background
With the rapid development of the internet of vehicles industry, the networking level of automobiles is continuously improved. The vehicle-mounted information interaction system can perform information interaction with a tablet, a smart phone and the like through the cloud service desk, and huge information potential safety hazards exist.
Because the computing power of the vehicle-mounted electronic control unit is very limited, and the real-time requirement of the automobile use scene on information processing is particularly high, the information safety testing method in the traditional computer field cannot be directly applied to the automobile field. At present, no information security testing method suitable for the vehicle-mounted information interaction system exists, so that security vulnerabilities existing in the vehicle-mounted information interaction system cannot be found in time.
Disclosure of Invention
The embodiment of the invention provides a method and a device for testing information safety of a vehicle-mounted information interaction system, which are used for realizing the information safety test of the vehicle-mounted information interaction system through data acquisition.
In a first aspect, an embodiment of the present invention provides a method for testing information security of a vehicle-mounted information interaction system, which is applied to a device for testing information security of a vehicle-mounted information interaction system, where the testing device includes a controller and an execution tool;
the method comprises the following steps:
the controller responds to a data acquisition requirement, and injects an information safety test case corresponding to the data acquisition requirement into the execution tool, wherein the test case comprises a file type and a sensitive information keyword corresponding to the data acquisition requirement;
the execution tool identifies a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracts the sensitive information and identifies security vulnerabilities;
and the controller generates an information security test report according to the security vulnerability.
Optionally, the data collection requirement includes at least one of basic information collection, application file collection, key certificate file reading, and mirror image copying.
Optionally, the test case includes at least one of a certificate storage security test case, a password storage security test case, a configuration file storage security test case, and a key information encryption storage test case.
Optionally, the execution tool is configured with a collection requirement setting interface for acquiring the data collection requirement;
before the controller responds to a data acquisition requirement and injects an information security test case corresponding to the data acquisition requirement into the execution tool, the method further includes:
the execution tool responds to a data acquisition requirement input by a user on the setting interface and transmits the data acquisition requirement to the controller.
Optionally, the test case library includes: a mapping list of data acquisition requirements and file types and a corresponding keyword driving frame;
the controller responds to a data acquisition requirement, and injects an information security test case corresponding to the data acquisition requirement into the execution tool, and the method comprises the following steps:
the controller determines a file type corresponding to a data acquisition requirement by traversing the mapping list, determines a sensitive information keyword corresponding to the data acquisition requirement according to the keyword driving frame, and injects an information security test case comprising the file type and the sensitive information keyword into the execution tool.
Optionally, the identifying, by the execution tool, the data file of the presence-sensitive information in the vehicle-mounted information interaction system to be tested according to the file type and the keyword includes:
and the execution tool calls and runs the running environment and the running script corresponding to the test case, and the running script is used for identifying the data file with the sensitive information in the vehicle-mounted information interaction system to be tested according to the file type and the keywords.
Optionally, the extracting the sensitive information and identifying the security vulnerability includes:
identifying the type of sensitive information existing in the data file according to the file type and the keywords;
and identifying whether the sensitive information has a security vulnerability or not according to the data rule of the type of the sensitive information.
Optionally, the identifying whether the sensitive information has a security vulnerability according to the data rule of the sensitive information type includes:
reading the sensitive information in the data file according to the data rule of the type of the sensitive information;
and if the sensitive information is effective and has a security risk, determining that the sensitivity has a security vulnerability, wherein the security risk comprises at least one of plaintext storage, non-backup and poor access authority.
Optionally, the controller generates an information security test report according to the security vulnerability, including:
the controller performs at least one of the following operations to circumvent the security breach: formulating a data acquisition rule, formulating a data transmission encryption rule, formulating a data encryption storage rule and setting a data access authority; and generating an information security test report according to at least one of the data acquisition rule, the data transmission encryption rule, the data encryption storage rule and the data access authority.
In a second aspect, an embodiment of the present invention provides an information security testing apparatus for a vehicle-mounted information interaction system, where the testing apparatus includes a controller and an execution tool; wherein,
the controller is used for responding to a data acquisition requirement and injecting an information safety test case corresponding to the data acquisition requirement into the execution tool, wherein the test case comprises a file type and a sensitive information keyword corresponding to the data acquisition requirement;
the execution tool is used for identifying a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracting the sensitive information and identifying security vulnerabilities;
the controller is also used for generating an information security test report according to the security vulnerability.
The embodiment of the invention provides an information security testing method for a vehicle-mounted information interaction system, which is characterized in that a controller with a test case library, a test case injection function and a result analysis function and an execution tool for acquiring and identifying sensitive information and identifying security holes are configured, so that the automatic testing of the information security of the vehicle-mounted information interaction system is realized, the artificial influence of the information security testing is effectively avoided, and the testing objectivity is increased. Meanwhile, the test algorithm is flexible and simple, the test cases are flexibly called, the requirements on the data capacity of the controller and each tool are low, and the normal operation of the system in the vehicle is not influenced. In addition, due to reusability of the controller and each tool, the problems of complex operation and easy information omission in the data safety test process are solved, and rapid automatic test is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic structural diagram of an information security testing apparatus for a vehicle-mounted information interaction system according to an embodiment of the present invention.
Fig. 2 is a flowchart of an information security testing method for a vehicle-mounted information interaction system according to an embodiment of the present invention.
Fig. 3 is another flowchart of an information security testing method for a vehicle-mounted information interaction system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplification of description, but do not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should also be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
The invention provides an information safety testing method for a vehicle-mounted information interaction system. To illustrate the method, an in-vehicle information interaction system information security testing apparatus that executes the method is described with priority. Fig. 1 is a schematic structural diagram of an information security testing apparatus for a vehicle-mounted information interaction system according to an embodiment of the present invention.
As shown in fig. 1, the apparatus includes a controller, an implement, and a power supply. The controller controls the execution tool to work. The execution tool is used for collecting data files in the test sample, identifying security holes and feeding back the security holes to the controller. And the controller generates a test report according to the feedback result. The test sample piece is a vehicle-mounted information interaction system to be tested and is connected with the execution tool through an input connecting line of the vehicle-mounted information interaction system so as to ensure that a command input by the execution tool can be accepted by the test sample piece. The power supply supplies power to the test sample piece through the power supply connecting wire, and the vehicle machine is ensured to be in a normal power-on state. The dotted line in the figure is only for explaining the connection relationship of the present apparatus and is not an essential component of the present apparatus.
Based on the above devices, fig. 2 is a flowchart of an information security testing method for a vehicle-mounted information interaction system according to an embodiment of the present invention. The method is suitable for identifying the situation of the security vulnerability in the vehicle-mounted information interaction system through data acquisition. As shown in fig. 2, the method specifically includes:
s110, the controller responds to a data acquisition requirement, and an information safety test case corresponding to the data acquisition requirement is injected into the execution tool.
Optionally, the data acquisition requirement includes at least one of basic information acquisition, application file acquisition, key certificate file reading, and mirror image copying. Each data acquisition requirement can be further refined into multi-level specific requirements, such as acquisition of vehicle codes, acquisition of user identification numbers and the like, and each requirement is identified through a corresponding request parameter. In a specific embodiment, the execution tool is configured with a collection requirement setting interface for acquiring the data collection requirement; the execution tool responds to the request parameters input by the user in the setting interface and transmits the request parameters to the controller. The request parameters may be request parameters for identifying four major requirements, i.e., basic information acquisition, application file acquisition, key certificate file reading, and mirror image copying, or may be request parameters for identifying specific requirements of each hierarchy.
Optionally, the test case includes at least one of a certificate storage security test case, a password storage security test case, a configuration file storage security test case, and a key information encryption storage test case, and is respectively used to test whether certificate storage is secure, whether password storage is secure, whether configuration file storage is secure, and whether key information is encrypted for storage. Furthermore, each data acquisition requirement corresponds to at least one test case; each test case is logic for identifying a data file with sensitive information, and comprises a file type and sensitive information keywords of data acquisition requirements. Specifically, the file type may be represented as a file suffix, and the sensitive information keyword (e.g., "user name" or "id card") is used to locate the sensitive information.
In one embodiment, the test case library includes: the system comprises a mapping list of data acquisition requirements and file types and a corresponding keyword driving framework. The controller responds to a data acquisition requirement, and injects an information security test case corresponding to the data acquisition requirement into the execution tool, and the method comprises the following steps: the controller analyzes the data acquisition requirement and determines the file type corresponding to the data acquisition requirement through traversing a mapping list; and determining a sensitive information keyword corresponding to the data acquisition requirement according to the keyword driving frame, and injecting a test case comprising the file type and the sensitive information keyword into the execution tool. Furthermore, the controller is internally provided with automatic test case injection software, and the test cases are injected into the execution tool by running the software.
And S120, the execution tool identifies the data file with the sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracts the sensitive information and identifies the security vulnerability.
Firstly, the execution tool calls an operation environment and an operation script corresponding to the test case, and the operation script is operated in the operation environment to identify and collect a data file with sensitive information in the vehicle-mounted information interaction system to be tested. The running environment is a data acquisition environment, and the running script is used for converting the identification logic in the test case into an executable program language in the running environment. Optionally, the running environments corresponding to the test cases are consistent, the corresponding running scripts are different, and the running scripts are preset according to the test cases. And the execution tool faces different acquisition requirements and respectively starts corresponding running scripts.
In the execution process of the running script, an execution tool searches data information in a traversing mode of a thread pool, and identifies data files with sensitive information based on keywords and file types in a mapping list, wherein the data files comprise certificate key files, password files, system configuration files, log files, sensitive information files and the like; and operating a data acquisition program, and reading the data files through an interface with the test sample piece.
After the data file with the sensitive information is collected, the execution tool identifies the sensitive information type of the data file according to the file type and the keyword; and identifying whether the sensitive information has a security vulnerability or not according to the data rule of the type of the sensitive information. Optionally, reading the sensitive information in the data file according to the data rule of the type of the sensitive information; and if the sensitive information is effective and has a security risk, determining that the sensitivity has a security vulnerability, wherein the security risk comprises at least one of plaintext storage, non-backup and poor access authority.
In one embodiment, the execution tool classifies sensitive information of the data file, such as identification number, license plate number, etc., according to the relevant information (such as keywords, etc.) related to the collected file type and file content. Taking the classification as the identification number as an example, the specific identification number of the data file is extracted according to the data rule (such as 18 decimal numbers) of the identification number. If the data recorded in the data file is matched with the data rule of the identity card number, namely 18 decimal numbers can be read, the identity card number is judged to be valid according to the matching of the first 6 decimal numbers with the data list of province-city, if the matching is successful, the test sample piece is indicated to be stored in the clear text, and the security vulnerability of the clear text storage of the identity card number exists. In addition, if the identity card number is not backed up and the access authority is too large, security holes in the aspects of backup and access authority exist at the same time.
After the security vulnerabilities are identified, the execution tool feeds back the security vulnerabilities, the related sensitive information and the data files in which the sensitive information is located to the controller.
And S130, the controller generates an information security test report according to the security vulnerability.
Optionally, the controller performs at least one of the following operations to circumvent the security breach: formulating a data acquisition rule, formulating a data transmission encryption rule, formulating a data encryption storage rule and setting a data access authority; and generating an information security test report according to at least one of the data acquisition rule, the data transmission encryption rule, the data encryption storage rule and the data access authority. Specifically, a strict and standard acquisition rule is established in the data acquisition stage, so that the key sensitive information can be prevented from being acquired by external equipment; encryption processing is carried out during data transmission, and the integrity of data is guaranteed through verification, so that the safety of sensitive information in the transmission process can be guaranteed; an encryption storage technology is adopted in data storage, and backup is made, so that negative effects possibly caused by data damage and loss are reduced; setting permissions in data access, prohibiting unauthorized access behavior, etc.
Optionally, the controller includes test result analysis software, and the software may identify files in txt, csv, and the like, and output an information security solution according to file types and information. The controller may add the solution provided by the test result analysis software to the test report.
Fig. 3 is another flowchart of an information security testing method for a vehicle-mounted information interaction system according to an embodiment of the present invention, which represents an overall process of data interaction between a controller and an execution tool.
The embodiment provides an information security testing method for a vehicle-mounted information interaction system, which is characterized in that a controller with a test case library, a test case injection function and a result analysis function and an execution tool for acquiring and identifying sensitive information and identifying security holes are configured, so that the automatic testing of the information security of the vehicle-mounted information interaction system is realized, the artificial influence of the information security testing is effectively avoided, and the testing objectivity is increased. Meanwhile, the test algorithm is flexible and simple, the test case is flexibly called, the requirements on the data capacity of the controller and each tool are low, and the normal operation of the system in the vehicle is not influenced. In addition, due to reusability of the controller and each tool, the problems of complex operation and easy information omission in the data safety test process are solved, and rapid automatic test is realized.
Particularly, in the whole method, the data acquisition requirement is used as an index, the mapping relation of the sensitive information request parameter, the test case, the operation environment, the operation script and the result judgment criterion (whether the sensitive information is effective or not, whether the sensitive information is clear or not and the like) corresponding to the data acquisition requirement is configured according to different acquisition requirement contents, various data acquisition functions such as basic information acquisition, application file acquisition, key certificate file reading, mirror image copying and the like are realized, the certificate storage safety test case, the password storage safety test case, the configuration file storage safety test case and the key information encryption storage test case are particularly provided, the four data acquisition functions are fully realized, and the correctness of the test result is ensured.
The embodiment of the invention also discloses an information safety testing device of the vehicle-mounted information interaction system. As shown in fig. 1, the test apparatus includes a controller and an execution tool.
The controller is used for responding to a data acquisition requirement, and injecting an information safety test case corresponding to the data acquisition requirement into the execution tool, wherein the test case comprises a file type and sensitive information keywords corresponding to the data acquisition requirement.
And the execution tool is used for identifying a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracting the sensitive information and identifying security vulnerabilities.
And the controller is used for generating an information security test report according to the security vulnerability.
Optionally, the controller is configured with a USB interface or an ethernet port, a data security test case library, test case automatic injection software, and test result analysis software.
Optionally, the controller injects the test case to the execution device through an ethernet port or a WLAN.
Optionally, the controller receives security vulnerabilities, sensitive information, and data files fed back by the execution tool through the USB interface.
Optionally, the execution tool configures an ethernet interface.
Optionally, the execution tool configures a python runtime environment.
Optionally, the execution tool configures an acquisition requirement setting interface, so as to implement parameter input of data acquisition requirements.
Further, the controller comprises a test case library, and the test case library comprises test cases such as certificate storage safety, password storage safety, configuration file storage safety, key information encryption storage and the like of the vehicle-mounted information interaction system; the execution tool can respectively start corresponding running environments and running scripts for different data acquisition requirements, such as basic information acquisition, application file acquisition, key certificate file reading, mirror image copying and the like, extract and classify the type of the acquired file and related information related to the file content according to the acquisition requirements, and identify security holes in the file.
The present embodiment is implemented based on the above embodiments, and has the technical effects of the above embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions deviate from the technical solutions of the embodiments of the present invention.
Claims (10)
1. The information safety testing method of the vehicle-mounted information interaction system is characterized by being applied to a vehicle-mounted information interaction system information safety testing device, wherein the testing device comprises a controller and an execution tool;
the method comprises the following steps:
the controller responds to a data acquisition requirement, and injects an information safety test case corresponding to the data acquisition requirement into the execution tool, wherein the test case comprises a file type and a sensitive information keyword corresponding to the data acquisition requirement;
the execution tool identifies a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracts the sensitive information and identifies security vulnerabilities;
and the controller generates an information security test report according to the security vulnerability.
2. The method of claim 1, wherein the data collection requirements comprise at least one of basic information collection, application file collection, key certificate file reading, and mirror copying.
3. The method of claim 1, wherein the test cases comprise at least one of certificate storage security test cases, password storage security test cases, configuration file storage security test cases, and key information encryption storage test cases.
4. The method of claim 1, wherein the execution tool is configured with a collection requirements setting interface for obtaining the data collection requirements;
before the controller responds to a data acquisition requirement and injects an information security test case corresponding to the data acquisition requirement into the execution tool, the method further includes:
the execution tool responds to a data acquisition requirement input by a user on the setting interface and transmits the data acquisition requirement to the controller.
5. The method of claim 1, wherein the test case library comprises: a mapping list of data acquisition requirements and file types and a corresponding keyword driving frame;
the controller responds to a data acquisition requirement, and injects an information security test case corresponding to the data acquisition requirement into the execution tool, including:
the controller determines a file type corresponding to a data acquisition requirement by traversing the mapping list, determines a sensitive information keyword corresponding to the data acquisition requirement according to the keyword driving frame, and injects an information security test case comprising the file type and the sensitive information keyword into the execution tool.
6. The method according to claim 1, wherein the executing tool identifies the data file of the presence-sensitive information in the vehicle-mounted information interactive system to be tested according to the file type and the keyword, and the method comprises the following steps:
and the execution tool calls and runs the running environment and the running script corresponding to the test case, and the running script is used for identifying the data file with the sensitive information in the vehicle-mounted information interaction system to be tested according to the file type and the keywords.
7. The method of claim 1, wherein extracting the sensitive information and identifying security vulnerabilities comprises:
identifying the type of sensitive information existing in the data file according to the file type and the keyword;
and identifying whether the sensitive information has a security vulnerability or not according to the data rule of the type of the sensitive information.
8. The method of claim 1, wherein the identifying whether the sensitive information has a security breach according to the data rule of the sensitive information type comprises:
reading the sensitive information in the data file according to the data rule of the type of the sensitive information;
and if the sensitive information is effective and has security risks, determining that the sensitivity has security vulnerabilities, wherein the security risks comprise at least one of plaintext storage, non-backup and poor access authority.
9. The method of claim 1, wherein the controller generates an information security test report information security according to the security breach, comprising:
the controller performs at least one of the following operations to circumvent the security breach: formulating a data acquisition rule, formulating a data transmission encryption rule, formulating a data encryption storage rule and setting a data access authority; and generating an information security test report according to at least one of the data acquisition rule, the data transmission encryption rule, the data encryption storage rule and the data access authority.
10. The information safety testing device of the vehicle-mounted information interaction system is characterized by comprising a controller and an execution tool; wherein,
the controller is used for responding to a data acquisition requirement and injecting an information safety test case corresponding to the data acquisition requirement into the execution tool, wherein the test case comprises a file type and a sensitive information keyword corresponding to the data acquisition requirement;
the execution tool is used for identifying a data file with sensitive information in the vehicle-mounted information interaction system to be detected according to the file type and the keywords, extracting the sensitive information and identifying security vulnerabilities;
the controller is also used for generating an information security test report according to the security vulnerability.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211081244.8A CN115146283A (en) | 2022-09-06 | 2022-09-06 | Information security testing method and device for vehicle-mounted information interaction system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211081244.8A CN115146283A (en) | 2022-09-06 | 2022-09-06 | Information security testing method and device for vehicle-mounted information interaction system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115146283A true CN115146283A (en) | 2022-10-04 |
Family
ID=83415352
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211081244.8A Pending CN115146283A (en) | 2022-09-06 | 2022-09-06 | Information security testing method and device for vehicle-mounted information interaction system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115146283A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115801465A (en) * | 2023-01-31 | 2023-03-14 | 中汽研软件测评(天津)有限公司 | Firewall security policy control method, system and equipment based on component self-adaption |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
| CN110276201A (en) * | 2019-06-18 | 2019-09-24 | 广州小鹏汽车科技有限公司 | A kind of safety detection method of onboard system, system and service equipment |
| CN113051168A (en) * | 2021-03-31 | 2021-06-29 | 中汽研汽车检验中心(天津)有限公司 | Data storage information safety testing system and method for vehicle-mounted information interaction system |
| CN114722401A (en) * | 2022-03-30 | 2022-07-08 | 中国第一汽车股份有限公司 | Equipment safety testing method, device, equipment and storage medium |
-
2022
- 2022-09-06 CN CN202211081244.8A patent/CN115146283A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109145579A (en) * | 2018-08-18 | 2019-01-04 | 北京航空航天大学 | Intelligent network joins automobile information secure authentication testing method and system |
| CN109325351A (en) * | 2018-08-23 | 2019-02-12 | 中通服咨询设计研究院有限公司 | A kind of security breaches automatic Verification systems based on many survey platforms |
| CN110162977A (en) * | 2019-04-24 | 2019-08-23 | 北京邮电大学 | A kind of Android vehicle-mounted terminal system leakage location and method |
| CN110276201A (en) * | 2019-06-18 | 2019-09-24 | 广州小鹏汽车科技有限公司 | A kind of safety detection method of onboard system, system and service equipment |
| CN113051168A (en) * | 2021-03-31 | 2021-06-29 | 中汽研汽车检验中心(天津)有限公司 | Data storage information safety testing system and method for vehicle-mounted information interaction system |
| CN114722401A (en) * | 2022-03-30 | 2022-07-08 | 中国第一汽车股份有限公司 | Equipment safety testing method, device, equipment and storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115801465A (en) * | 2023-01-31 | 2023-03-14 | 中汽研软件测评(天津)有限公司 | Firewall security policy control method, system and equipment based on component self-adaption |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109871691B (en) | Authority-based process management method, system, device and readable storage medium | |
| CN113779585B (en) | Unauthorized vulnerability detection method and device | |
| CN110088744B (en) | Database maintenance method and system | |
| WO2023108833A1 (en) | Terminal anomalous behavior detection method and apparatus, device, and storage medium | |
| CN115146283A (en) | Information security testing method and device for vehicle-mounted information interaction system | |
| CN112685743A (en) | Automatic reinforcing method and system for host security baseline | |
| CN117034305A (en) | Sensitive information identification method, device, computer equipment and readable storage medium | |
| CN115827610A (en) | Method and device for detecting effective load | |
| CN115600201A (en) | User account information safety processing method for power grid system software | |
| CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
| CN115061924A (en) | Automatic test case generation method and generation device | |
| CN110691090B (en) | Website detection method, device, equipment and storage medium | |
| CN112699369A (en) | Method and device for detecting abnormal login through stack backtracking | |
| CN115774864B (en) | Code leakage protection method and device based on git hook script | |
| CN116303069A (en) | Test method, device, upper computer, system and medium of vehicle-mounted terminal | |
| CN116049797A (en) | Intelligent storage system based on data classification system | |
| CN110472423A (en) | A kind of nuclear power station file permission management method, device and equipment | |
| CN115296874A (en) | Computer network security system, method, medium, equipment and terminal | |
| CN115757107A (en) | Embedded point detection method, device, server and storage medium | |
| CN112415404B (en) | Battery pack testing method and battery pack testing device | |
| CN114817035A (en) | Software testing method, device, equipment and medium | |
| CN114428955A (en) | Method and system for judging abnormal risk based on operation information and electronic equipment | |
| CN114444048A (en) | Feature management method, feature management device, computer equipment and storage medium | |
| CN110795320A (en) | User behavior recording and tracing management method, device, electronic equipment and system | |
| CN112395619A (en) | Vulnerability scanning method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221004 |
|
| RJ01 | Rejection of invention patent application after publication |