CN115878111B - Threat analysis and risk assessment TARA data multiplexing implementation method and system - Google Patents
Threat analysis and risk assessment TARA data multiplexing implementation method and system Download PDFInfo
- Publication number
- CN115878111B CN115878111B CN202211174565.2A CN202211174565A CN115878111B CN 115878111 B CN115878111 B CN 115878111B CN 202211174565 A CN202211174565 A CN 202211174565A CN 115878111 B CN115878111 B CN 115878111B
- Authority
- CN
- China
- Prior art keywords
- library
- tara
- analysis
- risk assessment
- threat
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 108
- 238000012502 risk assessment Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 55
- 235000017399 Caesalpinia tinctoria Nutrition 0.000 title claims abstract description 26
- 241000388430 Tara Species 0.000 title claims abstract description 26
- 230000004044 response Effects 0.000 claims abstract description 4
- 230000006870 function Effects 0.000 claims description 29
- 239000010410 layer Substances 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 12
- 238000011282 treatment Methods 0.000 claims description 10
- 238000011156 evaluation Methods 0.000 claims description 9
- 238000005094 computer simulation Methods 0.000 claims description 8
- 239000002346 layers by function Substances 0.000 claims description 7
- 230000006855 networking Effects 0.000 claims description 4
- 230000008520 organization Effects 0.000 claims description 3
- 238000013210 evaluation model Methods 0.000 claims description 2
- 239000011159 matrix material Substances 0.000 claims description 2
- 238000011269 treatment regimen Methods 0.000 claims 1
- 238000003860 storage Methods 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 238000004590 computer program Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 8
- 238000013461 design Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 230000000007 visual effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012800 visualization Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000007306 functionalization reaction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Stored Programmes (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a threat analysis and risk assessment TARA data multiplexing realization method and system, wherein the method comprises the following steps: providing a predetermined TARA standard data exchange format; forming a multiplex library in response to data information submitted in accordance with the TARA standard data exchange format, the multiplex library comprising at least one of a data set library, an analytical model library, and a personalized customization library; and storing each formed multiplexing library in a database of the threat analysis and risk assessment system for calling. The application provides a set of TARA standard data exchange formats which are preset, a user can form reusable libraries according to the standard formats, the reusable libraries comprise, but are not limited to, a data set library, an analysis model library, a personalized customization library and the like, and the libraries can be directly called when the safety of the automobile information is analyzed and evaluated later, so that threat analysis and risk assessment TARA methods are easily, quickly, accurately and comprehensively realized.
Description
Technical Field
The application relates to the technical field of vehicle information security, in particular to a method and a system for realizing Threat Analysis and Risk Assessment (TARA) data multiplexing.
Background
Along with the high-speed development of intelligent network connection technology, each part in the network connection has been highly intelligent, and the network connection can fuse multiple intelligent devices to carry out information interaction with the outside, which brings a lot of technical innovations and convenience to the network connection, but also provides great challenges to the information security of the network connection at the same time, so that sensitive information related to vehicle function security, driver personal safety, property, personal privacy and the like has risks of leakage or tampering, thereby causing personal privacy and enterprise economic loss, and possibly causing serious consequences to personal safety.
Threat analysis and risk assessment (Threat analysis and risk assessment, TARA for short) is to provide a systematic analysis and assessment method for determining the degree of network security risk, thereby obtaining a corresponding network security target, inputting the network security requirement for subsequent formation, and providing a basis for design and development so as to reduce the existence of network-connected information security vulnerabilities to the greatest extent in the conceptual design stage; in the development and post-development stages, assessment of risk levels and determination of processing decisions are made for vulnerabilities that have been exposed.
The prior TARA analysis tool is mainly used for modifying the prior functional safety analysis tool, and applying functional safety logic and method to ensure that the TARA analysis tool meets the standards of automobile network safety. The disadvantage of this approach is that it appears to meet the requirements, but in practice it does not fit the network security analysis scenario, especially the data required for analysis is not multiplexed, resulting in non-uniform results of TARA analysis at different stages on the same function or system.
Disclosure of Invention
Aiming at the situation, the embodiment of the application provides a method and a system for realizing threat analysis and risk assessment TARA data multiplexing, and the method provides a complete TARA standard data exchange format so as to provide a universal data exchange standard for the field of automobile safety modeling, so that the defects of the prior art are overcome or at least partially overcome.
In a first aspect, an embodiment of the present application provides a method for implementing threat analysis and risk assessment TARA data multiplexing, where the method is implemented by a threat analysis and risk assessment system, and the method includes:
providing a predetermined TARA standard data exchange format;
forming a multiplex library in response to data information submitted in accordance with the TARA standard data exchange format, the multiplex library comprising at least one of a data set library, an analytical model library, and a personalized customization library;
and storing each formed multiplexing library in a database of the visual threat analysis and risk assessment system for calling.
In a second aspect, embodiments of the present application provide a threat analysis and risk assessment system comprising an application layer and a functional layer that are interconnected; the function layer is used for modularizing various threat analysis and risk assessment functions and providing the functions to the application layer, and the application layer is used for integrating various functions provided by the function layer into a front-end tool and managing applications and projects;
wherein, the functional layer includes: the system comprises a system modeling unit, a threat analysis unit, a risk assessment and treatment unit, a result report generation unit and a database configuration unit;
wherein the system modeling unit includes: the system comprises an image-text modeling module, an asset management and identification module;
the threat analysis unit includes: a damage scene management and analysis module, a threat scene management and analysis module, and an attack management and analysis module;
the risk assessment and treatment unit comprises: a risk score evaluation module, and a risk handling module;
the database configuration unit is used for realizing the threat analysis and risk assessment TARA data multiplexing realization method.
In a third aspect, an embodiment of the present application further provides an electronic device, including: a processor; and a memory arranged to store computer executable instructions that, when executed, cause the processor to perform the method of any of the above.
In a fourth aspect, embodiments of the present application also provide a computer-readable storage medium storing one or more programs that, when executed by an electronic device comprising a plurality of application programs, cause the electronic device to perform any of the methods described above.
The above-mentioned at least one technical scheme that this application embodiment adopted can reach following beneficial effect:
the method comprises the steps that a set of TARA standard data exchange format is preset, a user can fill in data information meeting the TARA standard data exchange format in an interface provided by a threat analysis and risk assessment system to form reusable libraries, the reusable libraries comprise a data set library, an analysis model library, a personalized customization library and the like, and the libraries can be directly called when the safety of automobile information is analyzed and assessed later, so that threat analysis and risk assessment TARA methods are easily, quickly, accurately and comprehensively realized, the information potential hazards existing in an internet-connected vehicle model are accurately estimated, guidance comments are provided for the design and optimization of the internet-connected vehicle, and the information safety of the internet-connected vehicle is greatly improved; and the TARA standard data exchange format provides a universal data exchange standard for the field of automobile safety modeling, and fills the blank of the prior art.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
FIG. 1 illustrates a schematic diagram of a threat analysis and risk assessment system in accordance with one embodiment of the application;
FIG. 2 illustrates a flow diagram of a method of implementing threat analysis and risk assessment TARA data multiplexing, according to one embodiment of the present application;
FIG. 3 illustrates a flow diagram of version updating of a multiplex library according to an embodiment of the application;
fig. 4 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
For the purposes, technical solutions and advantages of the present application, the technical solutions of the present application will be clearly and completely described below with reference to specific embodiments of the present application and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The following describes in detail the technical solutions provided by the embodiments of the present application with reference to the accompanying drawings.
Fig. 1 shows a schematic structural diagram of a threat analysis and risk assessment system (TARA system) according to an embodiment of the application, which may be visualized, it can be seen from fig. 1 that the visualized threat analysis and risk assessment system 100 comprises an application layer 110 and a functional layer 120, the application layer 110 and the functional layer 120 being data-interactable. Logically, the application layer 110 is disposed above the function layer 120, and the application layer 110 is user-oriented and can be used for managing applications and projects, and specifically includes an application management unit 111 and a project management unit 112. It should be noted that the visual threat analysis and risk assessment system 100 also includes other necessary logic layers that may implement algorithms, which are not described herein.
The function layer 120 may perform functionalization and modularization of various threat analysis and risk assessment TARA methods and provide to the application layer 110, and the application layer 110 is configured to integrate various functions provided by the function layer 120 into a front-end tool, which may be in the form of a Web tool or in the form of application software, for use by a user.
Referring to fig. 1 again, the functional layer 120 specifically includes: a system modeling unit 121, a threat analysis unit 122, a risk assessment and treatment unit 123, a result report generation unit 124, and a database configuration unit 125; and each unit can perform data interaction.
More specifically, the system modeling unit 121 includes: a graphic modeling module 121-1, an asset management and identification module 121-2; the threat analysis unit 122 includes: a damage scenario management and analysis module 122-1, a threat scenario management and analysis module 122-2, and an attack management and analysis module 122-3; the risk assessment and treatment unit 123 includes: a risk score evaluation module 123-1, and a risk treatment module 123-22.
A user can input user operation in the visualization tool of the front-end interface, so that threat analysis and risk assessment TARA model of the networking vehicle is constructed through the image-text modeling unit 121-1; the TARA model is formed by a plurality of data, components, data streams, channels and system boundaries, and a user inputs user operations in the visualization tool, including dragging of elements, definition of the components and the like, so that the TARA model can be obtained. In the threat analysis and risk assessment system 100 provided herein, the functions of the other units or modules are set forth below: asset identification of target elements in the threat analysis and risk assessment TARA model of the networked vehicle may be achieved through the asset management and identification module 121-2; through the damage scene management and analysis module 122-1, damage scene correlation can be achieved for elements identified as assets, and impact rating can also be achieved for at least one risk present in the established threat analysis and risk assessment model; threat scene association of associated damage scenes may be achieved through the threat scene management and analysis module 122-2; by the attack management and analysis module 122-3, an attack tree of the threat analysis and risk assessment model of the networking vehicle can be constructed, attack path association is carried out on the associated threat scene according to the constructed attack tree, and feasibility rating can be carried out on at least one risk existing in the established threat analysis and risk assessment model; by the risk score evaluation module 123-1, it is possible to implement risk score evaluation on at least one risk existing in the established threat analysis and risk evaluation model based on a risk matrix according to the impact rating result of the damage scene management and analysis module 122-1 and the feasibility rating result output by the attack management and analysis module 122-3; by means of the risk handling module 123-2, a risk handling policy for determining each of the risks according to the risk score evaluation result may be implemented; by means of the result report generating unit 124, it is achieved that a result file is output according to at least one of the system modeling unit 121, the threat analysis unit 122, the risk assessment and treatment unit 123.
The database configuration unit 125 may implement configuration of a multiplex library of the present application, where the multiplex library may be stored in a database (not shown in the figure) of the threat analysis and risk assessment system 100, and may be used by other units to make calls, and in particular, may implement the method shown in fig. 2.
It should be noted that, the implementation method of threat analysis and risk assessment TARA data multiplexing in the present application is not limited to the threat analysis and risk assessment system 100 shown in fig. 1, but any system capable of implementing the business logic of the method in the present application may be used.
Fig. 2 shows a flow chart of a method for implementing threat analysis and risk assessment TARA data multiplexing according to an embodiment of the application, and as can be seen from fig. 2, the application at least includes: step S210 to step S230:
step S210: a pre-established TARA standard data exchange format is provided.
The present application sets a TARA standard data exchange format, and in some embodiments, the TARA standard data exchange format is based on a Json security analysis model, and further, may be extended based on the Json security analysis model, so as to obtain more types of data formats. The Json security analysis model can be called JSON Security Analysis Models, is JSAM for short, is a data exchange format used in the field of automobile security modeling, follows JSON grammar, and can be expanded and nested by itself to express complex data structures and contents. This format has several advantages: the readability is high, and the readability is high compared with XML or other modeling exchange formats by using JSON grammar; the expansibility is strong; model multiplexing and tracking are supported; the redundant information is less, and the data in the model is supported.
The elements formed by the Json security analysis model, json security analysis model elements (JAM elements) can be understood as supertypes of all elements, a user can inherit the JAM elements to expand other data structures according to requirements, the JAM elements generally comprise three fields of objectType, id and isReference, and the specific data formats of the JAM elements are shown in table 1:
table 1:
the following are examples of JSAM elements:
{
"objectType":"JsamElement",
"id":"demo.element",
"isReference":false,
}。
based on the JSAM Element, elements in various TARA standard data exchange formats, such as a TARA Element, are obtained by expanding the TARA Element based on the Json security analysis model Element, and the TARA Element further includes, in addition to objectType, id, isReference fields included in the JSAM Element: name, desc, and extension fields. The specific data format of the Tara Element is shown in table 2:
table 2:
the following is an example of a Tara Element:
further, in some embodiments of the present application, the multiple-purpose elements that are further available are extended based on the Tara Element, such as, but not limited to, a component Element (Component Element), a system boundary Element (SystemBoundary Element), a Channel Element (Channel Element), a communication interface Element (Interface Element), a communication Protocol Element (Protocol Element), a Data flow Element (Data Element), a Data Element (Data Element), a Function Element (Function Element), a Software Element (Software Element), and a Hardware Element (hard Element), etc.
A reusable library is formed by combining a plurality of elements as described above, and the elements that make up the library are different from one type of library to another as the function of the library is different. Such as a multiplex library, which contains fields id, objectType, name, desc, isReference, jsamVersion, version, revison, organization, creator, sourceType, remoteURL, updateTime, and data fields. The data field may further contain a Tara element.
Which elements are needed for a multiplex library can be configured according to the type of multiplex library.
Table 3 shows the TARA standard data exchange format of a multiplex library according to an embodiment of the present application, in particular as shown in table 3:
the following is an example of a TARA standard data exchange format for a multiplex library:
{
"jsamVersion":"0.1.0",
"objectType":"TaraLibrary",
"id":"lib.demo",
"isReference":false,
"name": "Tara library format instance",
"desc": "Tara library format instance",
"organization":"GoGoByte",
"creator":"GoGoByte",
"version":"1.0.1",
"revision":12,
"sourceType":"local",
"remoteUrl":"",
"updateTime":"2022-04-23 07:08:11",
"data":[]
}。
step S220: in response to data information submitted in accordance with the TARA standard data exchange format, a multiplex library is formed, the multiplex library comprising at least one of a data set library, an analytical model library, and a personalized customization library.
In this application, all sets of resources that can be used for multiplexing/swapping are defined collectively as "libraries". The value of the library is that the multiplexing of behaviors, threat analysis and risk assessment system 100 encourages users to share resources in a modular fashion, simplifying the design and update flow of models.
Because the needed data are different in different types of multiplex libraries, when a user establishes the library, the type of the multiplex library to be established can be selected first, and after one type of library is selected, the corresponding TARA standard data exchange format needing to be filled is displayed, and the user can fill in according to the prompt. That is, when the reuse library is built, the filling content may be different depending on the library of different models selected.
The user may configure the data information of the reuse library according to the TARA standard data exchange format on the interface provided by the threat analysis and risk assessment system 100 shown in fig. 1, and further, the reuse library may be generated according to the data information submitted by the user, and the reuse library may be a data set library, an analysis model library and a personalized custom library.
Wherein the database includes, but is not limited to: component library (ModuleSet), damage classification library (DamageSet), threat classification library (thread Set), control measure library (Control Set), software BOM library (softwreset), hardware BOM library (hardwreset), and protocol library (protocol Set).
Analytical model can be understood as a method, and the present application takes the analytical model describing the method into the form of data description, for example, how a threat affects the threat when there are multiple damage scenes, whether to accumulate or maximize; how the mapping of scores and ratings is will be reflected in this model.
The analysis Model library implements configuration multiplexing of the Tara analysis algorithm including, but not limited to, an Impact Model (Impact Model), a threat analysis Model (thread Model), an attack feasibility Model (Feasibility Model), a Risk assessment Model (Risk Model).
The personalized custom library enables multiplexing of configuration for fonts, canvas colors, etc.
Step S230: and storing each formed multiplexing library in a database of the threat analysis and risk assessment system for calling.
And finally, storing the formed various reusable libraries in a database of the threat analysis and risk assessment system for each unit to call.
As can be seen from the method shown in fig. 2, a set of TARA standard data exchange format is preset, a user can fill in data information meeting the TARA standard data exchange format in an interface provided by a threat analysis and risk assessment system to form reusable libraries, the reusable libraries comprise but are not limited to a data set library, an analysis model library, a personalized customization library and the like, and the libraries can be directly called when the safety of the automobile information is analyzed and assessed subsequently, so that the threat analysis and risk assessment TARA method is easily, quickly, accurately and comprehensively realized, the information safety hidden danger existing in the network-connected vehicle model is accurately estimated, guidance comments are provided for the design and optimization of the network-connected vehicle, and the information safety of the network-connected vehicle is greatly improved; and the TARA standard data exchange format provides a universal data exchange standard for the field of automobile safety modeling, and fills the blank of the prior art.
The specific TARA standard data exchange format of each application element is described in detail below.
The component element (Component Element) may be a certain ECU or any logically independently distinguishable part, may be a nested sub-component, store data, and associate related functions. The specific data formats of the component elements are shown in table 4:
table 4:
the system boundary element (SystemBoundary Element) is a logical division separating components inside the system from components outside the system. The specific data format of the system boundary elements is shown in table 5:
table 5:
channel Element (Channel Element), communication Channel, such as CAN/BLE/WIFI, etc. One channel may connect interfaces (interfaces) on multiple components (components). But must ensure that the interfaces connected are identical. One channel may carry multiple dataflows. The specific data formats of the channel elements are shown in table 6:
table 6:
the communication Interface element (Interface Element), the communication Interface (Interface), is attached to the Component (Component), cannot exist independently, and is an endpoint of external communication of the Component. The specific data formats of the communication interface elements are shown in table 7:
table 7:
a Protocol Element (e.g., CAN/BLE/WIFI), only protocols with the same ID CAN be connected through a channel. The specific data formats of the communication protocol elements are shown in table 8:
table 8:
| fields | Type(s) | Description of the invention |
| id | string | Globally unique ID, when the data is of the reference type, this field stores the ID of the reference data |
| name | string | Names, e.g. CAN WIFI |
| desc | string | Description of the invention |
| isReference | bool | Whether or not it is of the reference type |
| extend.color | string | Protocol color for front-end display |
A Data flow Element (DataFlow Element) for transferring Data (Data) between interfaces (interfaces), a Data flow may carry one or more Data and functions (functions). The specific data formats of the data stream elements are shown in table 9:
TABLE 9
Data Element (Data Element), saved Data, signal. The specific data format of the data elements is shown in table 10:
table 10:
functional elements (Function elements), specific functions, such as opening and closing of a vehicle door. The specific data format of the functional elements is shown in table 11:
table 11:
| fields | Type(s) | Description of the invention |
| id | string | Globally unique ID, when the data is of the reference type, this field stores the ID of the reference data |
| name | string | Name, visual display |
| desc | string | Description of the invention |
| isReference | bool | Whether or not it is of the reference type |
Software elements (Software elements), software data can help discover and track vulnerabilities of known Software when modeled. The specific data formats of the software elements are shown in table 12:
table 12:
hardware elements (hard elements), hardware data may help discover and track vulnerabilities of known Hardware. The specific data formats of the hardware elements are shown in table 13:
table 13:
in a practical scenario, threat analysis and risk assessment systems are customer/user oriented, such as suppliers, automotive manufacturers, etc.; all users can submit the multiplexing library designed by themselves, for example, a part manufacturer can provide the library of parts of the users, so that the problem of updating the version of the library is faced, and when the version of the multiplexing library is updated, the first multiplexing library submitted by the users can be obtained; reading whether a second multiplexing library with the same id as the first multiplexing library exists in a database of the threat analysis and risk assessment system; if not, the first multiplexing library is created according to the first multiplexing library; if so, determining whether the version of the first multiplexing library is higher than that of the second multiplexing library; if the first multiplexing library is higher than the second multiplexing library, updating the second multiplexing library according to the first multiplexing library; and if not, reserving the second multiplexing library.
Fig. 3 shows a schematic flow chart of version updating of a multiplex library according to an embodiment of the present application, and as can be seen from fig. 3, the embodiment includes:
acquiring a first multiplexing library submitted by a user, wherein the acquiring process can be active or passive, and the active fingering acquires a data source of the first multiplexing library for remote; passive finger receiving user passes through submitted first multiplexed library.
Then judging whether a second multiplexing library with the same id as the first multiplexing library exists locally or not, if not, creating the first multiplexing library; if yes, judging whether the version of the first multiplexing library is higher than that of the second multiplexing library.
If the first multiplexing library is higher than the second multiplexing library, updating the local second multiplexing library by using the first multiplexing library; otherwise, the second multiplexing library is reserved, and the update is ignored.
Fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Referring to fig. 4, at the hardware level, the electronic device includes a processor, and optionally an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory (non-volatile Memory), such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, network interface, and memory may be interconnected by an internal bus, which may be an ISA (Industry Standard Architecture ) bus, a PCI (Peripheral Component Interconnect, peripheral component interconnect standard) bus, or EISA (Extended Industry Standard Architecture ) bus, among others. The buses may be classified as address buses, data buses, control buses, etc. For ease of illustration, only one bi-directional arrow is shown in FIG. 4, but not only one bus or type of bus.
And the memory is used for storing programs. In particular, the program may include program code including computer-operating instructions. The memory may include memory and non-volatile storage and provide instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs to form a visual threat analysis and risk assessment system on a logic level. And the processor is used for executing the program stored in the memory and particularly used for executing the method.
The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components. The disclosed methods, steps, and logic blocks in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in hardware, in a decoded processor, or in a combination of hardware and software modules in a decoded processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other identical elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (7)
1. A method for implementing threat analysis and risk assessment TARA data multiplexing, the method implemented by a threat analysis and risk assessment system, the method comprising:
providing a predetermined TARA standard data exchange format;
forming a multiplex library in response to data information submitted in accordance with the TARA standard data exchange format, the multiplex library comprising at least one of a data set library, an analytical model library, and a personalized customization library;
storing each formed multiplexing library in a database of the threat analysis and risk assessment system for calling;
the TARA standard data exchange format comprises elements formed by a Json security analysis model; the Json security analysis model element is a superclass of all elements and comprises objectType, id and isReference fields, wherein the objectType field represents the specific type of the Json security analysis model element; the isReference field indicates a reference type, and when isreference=true, indicates a reference form in which a data object records only the id of a reference element, and entity class information; when isreference=false, the object in the form is expressed as an entity form, and the object in the form completely records all element data attributes of the object; the TARA standard data exchange format further comprises a Tara element, wherein the Tara element is obtained by expanding based on the Json security analysis model element, and the Tara element comprises: objectType, id, isReference, name, desc, extension field;
the TARA standard data exchange format further comprises a plurality of application elements, and each application element is developed based on the TARA element, wherein the application elements comprise at least one of a component element, a system boundary element, a channel element, a communication interface element, a communication protocol element, a data flow element, a data element, a functional element, a software element and a hardware element.
2. The method of claim 1, wherein the component element comprises: id. name, desc, isReference, isNominal, interfaces, software, hardware, storedData, processedData, assignedFunctions, and subsumes fields;
the system boundary element includes: id. name, desc, isReference and subsumes fields;
the channel elements include: id. name, desc, isReference, connections, dataFlows, assignedFunctions field;
the communication interface element includes: id. name, desc, isReference, componentId, protocol field;
the communication protocol elements include: id. name, desc, isReference and extension.
3. The method of claim 1, wherein the data stream element comprises: id. name, desc, isReference, source, target, transferredData and an assignedFunctions field;
the data element includes: id. name, desc, isReference, subData and an assignedFunctions field;
the functional elements include: id. name, desc, and isReference fields;
the software elements include: id. name, desc, isReference, version, deps field;
the hardware elements include: id. name, desc, isReference, version, hardwareDeps, softwareDeps field.
4. A method according to any one of claims 1 to 3, wherein the TARA standard data exchange format of each of the multiplexed libraries is integrated by a plurality of elements, the multiplexed libraries comprising id, objectType, name, desc, isReference, jsamVersion, version, revison, organization, creator, sourceType, remoteURL, updateTime, and data fields.
5. A method according to any one of claims 1 to 3, wherein the database comprises: component library, damage classification library, threat classification library, control measure library, software BOM library, hardware BOM library, and protocol library;
the analytical model library comprises: an impact model, a threat analysis model, an attack feasibility model, and a risk assessment model.
6. The method according to claim 1, wherein the method further comprises:
acquiring a first multiplexing library submitted by a user;
reading whether a second multiplexing library with the same id as the first multiplexing library exists in a database of the threat analysis and risk assessment system;
if not, the first multiplexing library is created according to the first multiplexing library; if so, determining whether the version of the first multiplexing library is higher than that of the second multiplexing library;
if the first multiplexing library is higher than the second multiplexing library, updating the second multiplexing library according to the first multiplexing library; and if not, reserving the second multiplexing library.
7. A threat analysis and risk assessment system, the system comprising an application layer and a functional layer connected to each other; the function layer is used for modularizing various threat analysis and risk assessment functions and providing the functions to the application layer, and the application layer is used for integrating various functions provided by the function layer into a front-end tool and managing applications and projects;
wherein, the functional layer includes: the system comprises a system modeling unit, a threat analysis unit, a risk assessment and treatment unit, a result report generation unit and a database configuration unit;
wherein the system modeling unit includes: the system comprises an image-text modeling module, an asset management and identification module;
the threat analysis unit includes: a damage scene management and analysis module, a threat scene management and analysis module, and an attack management and analysis module;
the risk assessment and treatment unit comprises: a risk score evaluation module, and a risk handling module;
the database configuration unit for implementing the method of any one of claims 1 to 6;
the image-text modeling module is used for constructing a threat analysis and risk assessment TARA model of the networking vehicle;
the asset management and identification module is used for realizing asset identification on target elements in a threat analysis and risk assessment TARA model of the networked vehicle;
the damage scene management and analysis module is used for realizing damage scene association of elements identified as assets and also realizing influence grading of at least one risk existing in the established threat analysis and risk assessment model;
the threat scene management and analysis module is used for realizing threat scene association on the associated damage scene;
the attack management and analysis module is used for constructing an attack tree of the threat analysis and risk assessment model of the networking vehicle, carrying out attack path association on the associated threat scene according to the constructed attack tree, and carrying out feasibility grading on at least one risk existing in the established threat analysis and risk assessment model;
the risk score evaluation module is used for realizing risk score evaluation on at least one risk existing in the established threat analysis and risk evaluation model based on the risk matrix according to the influence rating result of the damage scene management and analysis module and the feasibility rating result output by the attack management and analysis module;
the risk treatment module is used for determining risk treatment strategies of the risks according to the risk score evaluation result;
the result report generating unit is configured to output a result file according to at least one of the system modeling unit, the threat analysis unit, and the risk assessment and treatment unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211174565.2A CN115878111B (en) | 2022-09-26 | 2022-09-26 | Threat analysis and risk assessment TARA data multiplexing implementation method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211174565.2A CN115878111B (en) | 2022-09-26 | 2022-09-26 | Threat analysis and risk assessment TARA data multiplexing implementation method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115878111A CN115878111A (en) | 2023-03-31 |
| CN115878111B true CN115878111B (en) | 2024-02-06 |
Family
ID=85770031
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211174565.2A Active CN115878111B (en) | 2022-09-26 | 2022-09-26 | Threat analysis and risk assessment TARA data multiplexing implementation method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115878111B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266723A (en) * | 2019-07-08 | 2019-09-20 | 云南财经大学 | A kind of safety of cloud service methods of risk assessment |
| CN112752682A (en) * | 2020-09-01 | 2021-05-04 | 华为技术有限公司 | Method and system for improving vehicle safety |
| CN113240341A (en) * | 2021-06-10 | 2021-08-10 | 中国人民解放军战略支援部队航天工程大学 | Information system efficiency evaluation method based on big data |
| CN114584348A (en) * | 2022-02-14 | 2022-06-03 | 上海安锐信科技有限公司 | Industrial control system network threat analysis method based on vulnerability |
| CN114881503A (en) * | 2022-05-19 | 2022-08-09 | 中国第一汽车股份有限公司 | Scoring determination method, device, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| ITMI20122255A1 (en) * | 2012-12-28 | 2014-06-29 | Eni Spa | METHOD AND SYSTEM FOR RISK ASSESSMENT FOR THE SAFETY OF AN INDUSTRIAL INSTALLATION |
-
2022
- 2022-09-26 CN CN202211174565.2A patent/CN115878111B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266723A (en) * | 2019-07-08 | 2019-09-20 | 云南财经大学 | A kind of safety of cloud service methods of risk assessment |
| CN112752682A (en) * | 2020-09-01 | 2021-05-04 | 华为技术有限公司 | Method and system for improving vehicle safety |
| CN113240341A (en) * | 2021-06-10 | 2021-08-10 | 中国人民解放军战略支援部队航天工程大学 | Information system efficiency evaluation method based on big data |
| CN114584348A (en) * | 2022-02-14 | 2022-06-03 | 上海安锐信科技有限公司 | Industrial control system network threat analysis method based on vulnerability |
| CN114881503A (en) * | 2022-05-19 | 2022-08-09 | 中国第一汽车股份有限公司 | Scoring determination method, device, equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 基于威胁分析的智能网联汽车信息安全风险评估方法;李木犀 等;《汽车文摘》(第10期);第1671-6329页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115878111A (en) | 2023-03-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113792159B (en) | Knowledge graph data fusion method and system | |
| US8766980B2 (en) | Information management system, method and program | |
| US20160072683A1 (en) | System architecture for cloud-platform infrastructure layouts | |
| US20070022106A1 (en) | System design using a RAS-based database | |
| Igamberdiev et al. | An integrated multi-level modeling approach for industrial-scale data interoperability | |
| US8676627B2 (en) | Vertical process merging by reconstruction of equivalent models and hierarchical process merging | |
| WO2015118709A1 (en) | Information processing device, information processing program, storage medium, and information processing method | |
| Staron et al. | Autosar standard | |
| US20090228905A1 (en) | State management of operating system and applications | |
| US20230274134A1 (en) | A neural network model, a method and modelling environment for configuring neural networks | |
| CN111427684B (en) | Service deployment method, system and device | |
| CN115878111B (en) | Threat analysis and risk assessment TARA data multiplexing implementation method and system | |
| JP4330559B2 (en) | Green procurement equipment and green procurement processing program | |
| CN111198677A (en) | Equipment object generation method, device and equipment | |
| Marie et al. | The QoCIM framework: concepts and tools for quality of context management | |
| CN117669518A (en) | File generation method, system, computer device and storage medium | |
| CN112947896A (en) | Directed graph-based component dependence analysis method | |
| US20160012179A1 (en) | Method for managing data relative to motor vehicles with a view to the subsequent graphic generation of electrical diagrams of electrical systems | |
| CN115484105B (en) | Modeling method and device for attack tree, electronic equipment and readable storage medium | |
| CN111639903A (en) | Review processing method for architecture change and related equipment | |
| CN114556238A (en) | Method and system for generating digital representation of asset information in cloud computing environment | |
| Martin | Overview of the revised standard on architecture description–ISO/IEC 42010 | |
| CN113971019B (en) | Data type creation method, device, server and medium | |
| Malburg et al. | Improving complex adaptations in process-oriented case-based reasoning by applying rule-based adaptation | |
| Arslan et al. | Modelling Internet of Things Software for Public Transportation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |