CN115719167A - Vehicle information safety monitoring method and device - Google Patents
Vehicle information safety monitoring method and device Download PDFInfo
- Publication number
- CN115719167A CN115719167A CN202211527495.4A CN202211527495A CN115719167A CN 115719167 A CN115719167 A CN 115719167A CN 202211527495 A CN202211527495 A CN 202211527495A CN 115719167 A CN115719167 A CN 115719167A
- Authority
- CN
- China
- Prior art keywords
- risk
- node
- information
- application program
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012544 monitoring process Methods 0.000 title claims abstract description 27
- 230000008439 repair process Effects 0.000 claims abstract description 33
- 238000004458 analytical method Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012502 risk assessment Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 7
- 238000012806 monitoring device Methods 0.000 claims description 5
- 230000010365 information processing Effects 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 7
- 238000013461 design Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 239000008280 blood Substances 0.000 description 3
- 210000004369 blood Anatomy 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000246 remedial effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000004927 fusion Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a device for monitoring vehicle information safety, wherein the method comprises the following steps: determining at least one application associated information of the target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program; if the application program correlation information is determined to be a risk event, determining risk nodes contained in the risk event; and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node. By executing the technical scheme provided by the embodiment of the invention, the information safety of the vehicle can be comprehensively monitored, the privacy of a user can be protected, and unnecessary economic loss is reduced.
Description
Technical Field
The invention relates to the technical field of vehicle information safety, in particular to a method and a device for monitoring vehicle information safety.
Background
With the rapid development of communication technology, networked automobiles have been developed into an optimal carrier for information fusion interconnection from a traditional information isolated island, and participate in automobile communication as an important component of multi-network fusion ecology. With the increase of multi-network integration application, the information interaction between the vehicle-mounted electronic equipment and the electric control unit of the networked automobile and the outside is more and more. This risks leakage or tampering of the user's sensitive information.
In the related technology, in the field of intelligent networking automobile information safety development, an effective scheme for monitoring the vehicle information safety is not provided, so that the privacy of a user is leaked, the economic loss of an enterprise is caused, and serious consequences can be caused to the personal safety.
Disclosure of Invention
The embodiment of the invention provides a method and a device for monitoring vehicle information safety, which can realize comprehensive monitoring of the vehicle information safety, protect user privacy and reduce unnecessary economic loss.
According to an aspect of the present invention, there is provided a method of monitoring vehicle information security, the method including:
determining at least one application associated information of the target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program;
if the application program correlation information is determined to be a risk event, determining risk nodes contained in the risk event;
and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node.
According to another aspect of the present invention, there is provided a vehicle information security monitoring apparatus, comprising: the system comprises an application program associated information determining module, a vehicle information acquiring module and a vehicle information processing module, wherein the application program associated information determining module is used for determining at least one piece of application program associated information of a target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program;
a risk node determination module, configured to determine a risk node included in the risk event if it is determined that the application program associated information is the risk event;
and the repair information determining module is used for repairing the vulnerability node if the risk node is determined to be the vulnerability node and the vulnerability node has no repair information.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to enable the at least one processor to perform the method for monitoring vehicle information security according to any of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium storing computer instructions for causing a processor to implement the method for monitoring vehicle information security according to any one of the embodiments of the present invention when the computer instructions are executed.
According to the technical scheme of the embodiment of the invention, at least one application program associated information of a target vehicle is determined; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program; if the application program correlation information is determined to be a risk event, determining risk nodes contained in the risk event; and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node. By executing the technical scheme provided by the embodiment of the invention, the information safety of the vehicle can be comprehensively monitored, the privacy of a user can be protected, and unnecessary economic loss is reduced.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a monitoring method for vehicle information security according to an embodiment of the present invention;
FIG. 2 is a flow chart of another method for monitoring vehicle information security provided by an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a vehicle information security monitoring apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing the monitoring method for vehicle information security according to the embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It can be understood that, before the technical solutions disclosed in the embodiments of the present invention are used, the type, the applicable scope, the usage scenario, etc. of the personal information related to the present invention should be informed to the user and authorized by the user in a proper manner according to relevant laws and regulations.
For example, in response to receiving an active request from a user, a prompt message is sent to the user to explicitly prompt the user that the requested operation to be performed would require the acquisition and use of personal information to the user. Therefore, the user can select whether to provide personal information to the software or hardware such as electronic equipment, application program, server or storage medium for executing the operation of the technical scheme of the invention according to the prompt information.
As an optional but non-limiting implementation manner, in response to receiving an active request from the user, the manner of sending the prompt information to the user may be, for example, a pop-up window, and the prompt information may be presented in a text manner in the pop-up window. In addition, a selection control for providing personal information to the electronic device by the user's selection of "agreeing" or "disagreeing" can be carried in the pop-up window.
It is understood that the above processes of notifying and obtaining user authorization are merely illustrative and are not intended to limit the implementation of the present invention, and other ways of satisfying relevant laws and regulations may be applied to the implementation of the present invention.
It will be appreciated that the data involved in the subject technology, including but not limited to the data itself, the acquisition or use of the data, should comply with the requirements of the corresponding laws and regulations and related regulations.
Fig. 1 is a flowchart of a monitoring method for vehicle information security according to an embodiment of the present invention, where the method is applied in a scenario where an intelligent networked vehicle is designed and analyzed in an information security operation and maintenance phase, and the method may be executed by a monitoring device for vehicle information security. The vehicle information safety monitoring device can be implemented in the form of hardware and/or software, and can be configured in electronic equipment for vehicle information safety monitoring. As shown in fig. 1, the method includes:
at least one application associated information of the target vehicle is determined S110.
The application program associated information includes at least one of coding specification information of the application program, open source library information of the application program, and news information of the application program.
The target vehicle may be a vehicle which needs to be monitored for information safety. The application may be application software that communicates with a device on the target vehicle. The application program associated information may be coding specification information of the application program, such as project definition and information security design specification inside a whole plant when an application program project is developed. The application association information may be open source function library information called by the development application. The news information of the application may be news related to the provider of the application. Or the application associated information may also be vendor provided information related to the application.
And S120, if the application program correlation information is determined to be a risk event, determining risk nodes contained in the risk event.
The risk node may be a node with information security hidden danger. The information security risk may be, for example, revealing sensitive information of the user and/or sensitive information of the enterprise. The application associated information may be only general information without any security risk. The application program associated information may also be an information security event with information security hidden danger, that is, a risk event. Therefore, the solution needs to analyze the application program association information to determine whether the application program association information is a risk event. For example, the scheme may input the application program correlation information into the trigger to classify the application program correlation information, and determine whether the application program correlation information is a risk event. The trigger may be, for example, a risk event determination algorithm. Or whether the application program associated information is a risk event can be judged according to the experience of the user. According to the scheme, if the application program correlation information is determined to be the risk event, the risk nodes contained in the risk event can be determined. The risk node is determined, for example, using a threat analysis and risk assessment algorithm. Alternatively, the risk nodes in the risk event are determined based on user experience.
And S130, if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node.
After determining the risk node that completes the application program associated information, the method also needs to determine whether the risk node is a bug node, and if the risk node is a bug node and the bug node does not have repair information, the bug node is managed, for example, a remedial plan is formulated, and measures such as design change and development of a bug patch are performed to repair the bug node. And if the risk node is a vulnerability node and the repair information of the vulnerability node already exists, acquiring the repair information of the vulnerability node to repair the vulnerability node. For example, taking a heart blood drip leak as an example, the leak node has repair information in the open source library, and a patch program of the heart blood drip leak can be directly obtained to repair the heart blood drip leak. After the bug nodes are repaired, the implementation of the bug nodes can be tracked by the method, so that new bugs cannot be generated by updated contents. According to the scheme, whether the risk node is a vulnerability node can be determined according to the risk level of the risk node or by performing vulnerability analysis on the risk node.
According to the technical scheme of the embodiment of the invention, at least one application program associated information of a target vehicle is determined; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program; if the application program correlation information is determined to be a risk event, determining risk nodes contained in the risk event; and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node. By executing the technical scheme provided by the embodiment of the invention, the information safety of the vehicle can be comprehensively monitored, the privacy of a user can be protected, and unnecessary economic loss is reduced.
Fig. 2 is a flowchart of a monitoring method for vehicle information security according to an embodiment of the present invention, and the embodiment is optimized based on the above embodiment. As shown in fig. 2, the method for monitoring vehicle information security in the embodiment of the present invention may include:
at least one application program associated information of the target vehicle is determined S210.
The details of this step are described in the above embodiments.
And S220, if the application program associated information is determined to be a risk event, inputting the application program associated information into a threat analysis and risk assessment algorithm to obtain a target attack tree.
Exemplary Threat Analysis and Risk Assessment (TARA) analysis method is to analyze and identify system security target derived information security requirements through a system basic model including hardware technology architecture, software architecture and other applications such as PKI, OTA, log, etc. TARA performs information security asset identification on the basis of basic information security principles, confidentiality, integrity and availability through static data such as certificate keys, VIN, firmware, sensitive data and privacy data of cryptography required by vehicles and dynamic data such as in-vehicle communication data, diagnosis data, debug data and log data. According to the scheme, the application program correlation information can be input into a threat analysis and risk assessment algorithm to obtain an output attack tree, namely a target attack tree, and then nodes on the target attack tree are used as risk nodes of the application program correlation information.
And S230, taking the nodes on the target attack tree as risk nodes of the application program associated information.
According to the scheme, the nodes on the target attack tree can be used as risk nodes of the associated information of the application program.
S240, if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node.
In this embodiment, optionally, determining that the risk node is a vulnerability node includes: determining a risk level of the risk node; and if the risk level is higher than or equal to a preset risk level, determining that the risk node is a vulnerability node.
For example, the preset risk level may be set according to actual needs, for example, the preset risk level may be medium. According to the scheme, the risk nodes can be processed based on a threat analysis and risk assessment algorithm to obtain risk scores of the risk nodes, and the risk grade, such as low, medium or high, is determined according to the risk scores. And if the risk level is higher than or equal to the preset risk level, determining the risk node as the vulnerability node.
Thus, by determining a risk level of a risk node; and if the risk level is higher than or equal to the preset risk level, determining the risk node as the vulnerability node. The vulnerability node can be determined, and a reliable data base is provided for vulnerability repair.
In one possible embodiment, optionally, determining the risk level of the risk node includes: processing the risk nodes from a target dimension to obtain risk levels of the risk nodes based on the threat analysis and risk assessment algorithm; the target dimension includes at least one of a time dimension, an opportunity dimension, an experience dimension, a knowledge dimension, and a device dimension.
For example, the risk node analysis and risk assessment method can analyze and process risk nodes from a time dimension, an opportunity dimension, an experience dimension, a knowledge dimension and an equipment dimension based on a threat analysis and risk assessment algorithm to obtain risk scores of the risk nodes under different dimensions, and determine the risk level of the risk nodes based on the sum of the risk scores. For example, the present solution may risk score the risk nodes from the time dimension: the risk score is assigned a score of 0 if the time required to attack the risk node does not exceed one day. And if the time required for attacking the risk node does not exceed 1 week, assigning a 1 point to the risk score. And if the time required for attacking the risk node does not exceed 1 month, 4 points are assigned to the risk score. And if the time required for attacking the risk node does not exceed 6 months, assigning 17 points to the risk score. And if the time required for attacking the risk node exceeds more than 6 months, the risk score is assigned to 19 points.
The scheme can also carry out risk scoring on the risk nodes from experience dimensionality: and the ordinary person can attack the risk node by using the publicly acquired knowledge, and then the risk score is assigned with 0. The risk node can be attacked by a skilled person with common knowledge, and the risk score is assigned 3 points. And 6 points are given to the risk score when the risk node can be attacked by the expert with rich experience. And 8 points are given to the risk score when a plurality of professional experts form a team to attack the risk node.
The scheme can also carry out risk scoring on the risk nodes from knowledge dimensionality: and (3) acquiring knowledge from the Internet or publicly released documents, and then carrying out attack risk node, and then assigning a 0 point to the risk score. And if the limited knowledge in the organization can attack the risk nodes, assigning 3 points to the risk score. And the internal team members in the project development know to attack the risk nodes, and then the risk score is given 7 points. And the risk score is given 11 points if the risk nodes can be attacked by the secret knowledge known by a few in the team in the project.
The scheme can also carry out risk scoring on the risk nodes from the opportunity dimension: for example, if the risk node has no time constraint and can freely access the attacked component, the risk score is assigned 0. The risk node has a time constraint that the attacked component can be accessed within a short time and then the risk score is given 1. The risk node has physical and logical controls that need to be bypassed to access the attacked component and the risk score is given 4. And if the risk node has difficulty in accessing the attacked component in a limited time, the risk score is assigned to 10 points.
The scheme can also carry out risk scoring on the risk nodes from the equipment dimension: and if the equipment used by the attack risk node belongs to the universal equipment, the risk score is given 0. The devices used by the attacking risk node need to be assigned a 4-point risk score for targeted procurement or readiness. The risk score of the equipment used by the attack risk node is assigned 7 points according to the customized design rule. The equipment used by the attack risk node needs to be designed in a customized mode, the customized equipment adopted in different stages is different, and the risk score is given 9 points when the steps are changed along with the attack layer degree.
For a certain risk node, the total score of the assignments of all the dimensions is 0-13, the risk node is judged to be high-level and can be attacked, namely the risk level of the risk node is high. The total score between 14 and 19 determines that the risk node is of a medium level and can be attacked, namely, the risk level of the risk node is of a medium level. The total score between 20 and 24 determines that the risk node is low-level and can be attacked, i.e. the risk level of the risk node is low. And judging that the risk node is an ultra-low level and can be attacked when the total score is more than 25, namely, the risk level of the risk node is an ultra-low level.
Therefore, risk nodes are processed from the target dimension to obtain risk levels of the risk nodes based on a threat analysis and risk assessment algorithm; the target dimension includes at least one of a time dimension, an opportunity dimension, an experience dimension, a knowledge dimension, and a device dimension. The risk level of the risk node can be scientifically and objectively determined, and a reliable data basis is provided for subsequent steps.
In another possible embodiment, optionally, determining that the risk node is a vulnerability node includes: determining at least one target attack path according to the target attack tree; and if the target attack path is determined to comprise the risk node, determining the risk node as a vulnerability node.
According to the scheme, each target attack path formed by risk nodes on adjacent levels can be determined according to the target attack tree. And if the risk node is contained in at least one target attack path, indicating that the risk node is a vulnerability node.
Thereby, at least one target attack path is determined according to the target attack tree; and if the target attack path comprises the risk node, determining the risk node as the vulnerability node. The vulnerability node can be determined, and a reliable data base is provided for vulnerability repair.
In another possible embodiment, optionally, the repairing the vulnerability node includes: updating the coding specification information of the application program based on the vulnerability node; or determining target patch information associated with the vulnerability node from a patch database, and repairing the vulnerability node based on the target patch information.
The target patch information may be set according to actual needs, for example, may be a patch program associated with the vulnerability node. According to the scheme, if the bug node is determined not to have the repairing information, the bug node can be managed, for example, measures such as making a remedial plan, carrying out design change, developing a bug patch program and the like are taken to update the coding specification information of the application program, and the bug node is repaired. Or, the scheme may also search for a patch program of the vulnerability node, that is, target patch information, through the internet, and repair the vulnerability node using the target patch information.
Therefore, the coding specification information of the application program is updated based on the vulnerability node; or determining target patch information associated with the vulnerability node from the patch database, and repairing the vulnerability node based on the target patch information. The vehicle information safety can be monitored.
According to the technical scheme of the embodiment of the invention, at least one application program associated information of a target vehicle is determined; the application program correlation information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program; if the application program associated information is determined to be a risk event, the application program associated information is input into a threat analysis and risk assessment algorithm to obtain a target attack tree; taking nodes on the target attack tree as risk nodes of the associated information of the application program; and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node. By executing the technical scheme provided by the embodiment of the invention, the information safety of the vehicle can be comprehensively monitored, the privacy of a user can be protected, and unnecessary economic loss is reduced.
In order to express the technical scheme of the present invention more clearly, the technical scheme provided by the embodiment of the present invention may include the following steps:
step 1, determining at least one application program associated information of a target vehicle.
According to the scheme, the application program related information of the target vehicle can be collected according to the internal source and the external source.
And 2, if the application program correlation information is determined to be the risk event, determining risk nodes contained in the risk event.
According to the scheme, triggers can be defined and maintained, the collected application program associated information is classified, whether the application program associated information is upgraded to a risk event or not is judged, and a risk node in the risk event is determined.
And 3, if the risk node is determined to be the bug node and the bug node does not have the repair information, repairing the bug node.
According to the scheme, the risk nodes can be analyzed, and if the risk nodes have the repair information, the repair information is adopted to repair the risk nodes. And if the risk node has no repair information, performing attack path analysis or risk level evaluation on the risk node, and if no attack path exists or the risk level is low, not considering the risk node as a vulnerability node. And if the attack path exists or the risk level is higher than or equal to the low level, performing vulnerability management, such as planning and remedial measures, and tracking the implementation process.
Fig. 3 is a schematic structural diagram of a monitoring device for vehicle information security according to an embodiment of the present invention. As shown in fig. 3, the apparatus includes:
an application associated information determining module 310 for determining at least one application associated information of the target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program;
a risk node determining module 320, configured to determine a risk node included in the risk event if it is determined that the application program associated information is the risk event;
and the repair information determining module 330 is configured to repair the vulnerability node if it is determined that the risk node is the vulnerability node and the vulnerability node does not have repair information.
Optionally, the risk node determining module 320 includes a target attack tree determining unit, configured to input the application program association information into a threat analysis and risk assessment algorithm to obtain a target attack tree; and the risk node determining unit is used for taking the nodes on the target attack tree as risk nodes of the application program associated information.
Optionally, the repair information determining module 330 includes a risk level determining unit, configured to determine a risk level of the risk node; the first vulnerability node determination unit is used for determining that the risk node is the vulnerability node if the risk level is higher than or equal to a preset risk level.
Optionally, the risk level determining unit is specifically configured to process the risk nodes from a target dimension to obtain the risk levels of the risk nodes based on the threat analysis and risk assessment algorithm; the target dimension includes at least one of a time dimension, an opportunity dimension, an experience dimension, a knowledge dimension, and a device dimension.
Optionally, the repair information determining module 330 includes a target attack path determining unit, configured to determine at least one target attack path according to the target attack tree; and the second vulnerability node determination unit is used for determining the risk node as the vulnerability node if the target attack path is determined to include the risk node.
Optionally, the repair information determining module 330 is specifically configured to update the coding specification information of the application program based on the bug node; or determining target patch information associated with the vulnerability node from a patch database, and repairing the vulnerability node based on the target patch information.
The vehicle information safety monitoring device provided by the embodiment of the invention can execute the vehicle information safety monitoring method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
FIG. 4 shows a schematic block diagram of an electronic device 40 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM) 42, a Random Access Memory (RAM) 43, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 42 or the computer program loaded from a storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data necessary for the operation of the electronic apparatus 40 can also be stored. The processor 41, the ROM 42, and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.
A number of components in the electronic device 40 are connected to the I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, an optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
In some embodiments, the vehicle information security monitoring method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into the RAM 43 and executed by the processor 41, one or more steps of the monitoring method for vehicle information security described above may be performed. Alternatively, in other embodiments, processor 41 may be configured to perform the monitoring method of vehicle information security by any other suitable means (e.g., by way of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on a machine, as a stand-alone software package partly on a machine and partly on a remote machine or entirely on a remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired results of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A method for monitoring vehicle information safety is characterized by comprising the following steps:
determining at least one application associated information of the target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program;
if the application program correlation information is determined to be a risk event, determining a risk node contained in the risk event;
and if the risk node is determined to be the bug node and the bug node has no repair information, repairing the bug node.
2. The method of claim 1, wherein determining risk nodes included in the risk event comprises:
inputting the application program correlation information into a threat analysis and risk assessment algorithm to obtain a target attack tree;
and taking the nodes on the target attack tree as risk nodes of the application program associated information.
3. The method of claim 2, wherein determining that the risk node is a vulnerability node comprises:
determining a risk level of the risk node;
and if the risk level is higher than or equal to a preset risk level, determining that the risk node is a vulnerability node.
4. The method of claim 3, wherein determining the risk level of the risk node comprises:
processing the risk nodes from a target dimension to obtain risk levels of the risk nodes based on the threat analysis and risk assessment algorithm; the target dimension includes at least one of a time dimension, an opportunity dimension, an experience dimension, a knowledge dimension, and a device dimension.
5. The method of claim 2, wherein determining that the risk node is a vulnerability node comprises:
determining at least one target attack path according to the target attack tree;
and if the target attack path is determined to comprise the risk node, determining the risk node as a vulnerability node.
6. The method of claim 1, wherein repairing the vulnerability node comprises:
updating the coding specification information of the application program based on the vulnerability node; alternatively, the first and second electrodes may be,
and determining target patch information associated with the vulnerability node from a patch database, and repairing the vulnerability node based on the target patch information.
7. A monitoring device for vehicle information security, comprising:
the system comprises an application program associated information determining module, a vehicle information acquiring module and a vehicle information processing module, wherein the application program associated information determining module is used for determining at least one piece of application program associated information of a target vehicle; the application program associated information comprises at least one of coding specification information of the application program, open source library information of the application program and news information of the application program;
a risk node determination module, configured to determine a risk node included in the risk event if it is determined that the application program associated information is the risk event;
and the repair information determining module is used for repairing the vulnerability node if the risk node is determined to be the vulnerability node and the vulnerability node has no repair information.
8. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the method of monitoring vehicle information security of any one of claims 1-6.
9. A computer-readable storage medium storing computer instructions for causing a processor to implement the method for monitoring vehicle information security according to any one of claims 1 to 6 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211527495.4A CN115719167A (en) | 2022-11-30 | 2022-11-30 | Vehicle information safety monitoring method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211527495.4A CN115719167A (en) | 2022-11-30 | 2022-11-30 | Vehicle information safety monitoring method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115719167A true CN115719167A (en) | 2023-02-28 |
Family
ID=85257147
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211527495.4A Pending CN115719167A (en) | 2022-11-30 | 2022-11-30 | Vehicle information safety monitoring method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115719167A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117749529A (en) * | 2024-02-19 | 2024-03-22 | 中汽智联技术有限公司 | Method for searching full attack path |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104376264A (en) * | 2014-07-11 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Software vulnerability handling method, device and system |
| CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
| CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
| CN113626825A (en) * | 2021-07-21 | 2021-11-09 | 南京星云数字技术有限公司 | Security vulnerability management and control method, device, equipment and computer readable medium |
-
2022
- 2022-11-30 CN CN202211527495.4A patent/CN115719167A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104376264A (en) * | 2014-07-11 | 2015-02-25 | 腾讯科技(深圳)有限公司 | Software vulnerability handling method, device and system |
| CN113114647A (en) * | 2021-04-01 | 2021-07-13 | 海尔数字科技(青岛)有限公司 | Network security risk detection method and device, electronic equipment and storage medium |
| CN113065195A (en) * | 2021-04-02 | 2021-07-02 | 中国第一汽车股份有限公司 | Vehicle information security threat assessment method, device, medium and electronic equipment |
| CN113626825A (en) * | 2021-07-21 | 2021-11-09 | 南京星云数字技术有限公司 | Security vulnerability management and control method, device, equipment and computer readable medium |
Non-Patent Citations (1)
| Title |
|---|
| 芦效峰编著: "《软件工程与安全》", 31 August 2021, 北京邮电大学出版社, pages: 26 - 29 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117749529A (en) * | 2024-02-19 | 2024-03-22 | 中汽智联技术有限公司 | Method for searching full attack path |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109241125B (en) | Anti-money laundering method and apparatus for mining and analyzing data to identify money laundering persons | |
| US20200364345A1 (en) | Security risk assessment and control for code | |
| US9235410B2 (en) | Tracking software package dependencies using a graph model | |
| US20190251291A1 (en) | Anonymity assessment system | |
| US10614208B1 (en) | Management of login information affected by a data breach | |
| US11720825B2 (en) | Framework for multi-tenant data science experiments at-scale | |
| JP2017514218A (en) | Running third-party applications | |
| US10956664B2 (en) | Automated form generation and analysis | |
| CN111435393A (en) | Object vulnerability detection method, device, medium and electronic equipment | |
| US20230281249A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for enabled intervention into a network computing environment | |
| US20230273959A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment | |
| CN110289995A (en) | Based on the social networks behavior monitoring method and device using attribute attack graph | |
| Jiang et al. | Evaluating the data inconsistency of open-source vulnerability repositories | |
| US11663547B2 (en) | Evolutionary software prioritization protocol for digital systems | |
| CN117474091A (en) | Knowledge graph construction method, device, equipment and storage medium | |
| WO2019095569A1 (en) | Financial analysis method based on financial and economic event on microblog, application server, and computer readable storage medium | |
| US20230273958A1 (en) | Computer-implemented methods, systems comprising computer-readable media, and electronic devices for narrative representation of a network computing environment | |
| CN117076280A (en) | Policy generation method and device, electronic equipment and computer readable storage medium | |
| CN115130114B (en) | Gateway secure starting method and device, electronic equipment and storage medium | |
| CN115086047B (en) | Interface authentication method and device, electronic equipment and storage medium | |
| CN115719167A (en) | Vehicle information safety monitoring method and device | |
| CN115310096A (en) | Security vulnerability processing method, device, equipment and medium | |
| CN114722401A (en) | Equipment safety testing method, device, equipment and storage medium | |
| CN114281586A (en) | Fault determination method and device, electronic equipment and computer readable storage medium | |
| CN110674491B (en) | Method and device for real-time evidence obtaining of android application and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |