摘要
网联汽车车载终端系统与外界网络连通特性引入了大量的信息安全隐患。文章系统地分析了网联汽车车载终端的外部威胁面,并抽象出五种基本的外部攻击向量,建立了车载终端系统的威胁模型;同时综合考虑攻击者的效用问题和实际可能造成的危害提出了相应的风险评估框架,在具有代表性的某款网联汽车上进行相关攻击和测试实验后,发现其车载终端存在着一些可被利用的攻击面,最后利用该威胁模型和风险评估框架有效地对车载终端进行了安全风险评估。
The connectivity between the vehicle terminal system and the external network has introduced a lot of information security risks. This paper systematically analyzes the external threat surface of terminals, abstracts five basic external attack vectors, and established the threat model of vehicle terminal system. At the same time, considering the problem of attacker’s "utility" and the actual possible harm, a corresponding framework of threat analysis and risk assessment is proposed. After carrying out relevant attacks and test experiments on a representative connected vehicle, it is found that there are some attack surfaces that can be used in the terminals, and we used the framework to effectively carry out the security risk assessment.
作者
张雄
张海春
刘政林
ZHANG Xiong;ZHANG Haichun;LIU Zhenglin(China-EU School of Clean and Renewable Energy,Huazhong University of Science and Technology,Hubei Wuhan 430074;School of Optics and Electronic Information,Huazhong University of Science and Technology,Hubei Wuhan 430074)
出处
《汽车实用技术》
2021年第20期26-30,共5页
Automobile Applied Technology
基金
国家重点研发计划资助项目(2019YFB1310001)。
关键词
车联网
车载终端
威胁模型
风险评估
Internet of Vehicles
Vehicle terminal
Threat model
Risk assessment
