鄧宇　向民奇　韋天文　劉書帆

摘 要：本文提出一種面向車輛ECU信息安全的威脅分析與風(fēng)險評估方法來識別車輛ECU存在的潛在網(wǎng)絡(luò)安全隱患，以便在產(chǎn)品的開發(fā)試驗階段相應(yīng)的網(wǎng)絡(luò)安全漏洞得到修補加固，風(fēng)險等級得到有效的降低。首先對ECU所有的資產(chǎn)按照軟件模塊、配置信息和數(shù)據(jù)信息進行劃分，其次從功能安全、隱私安全、經(jīng)濟安全和操作性安全四個因素來考慮其影響等級，然后從準(zhǔn)備時間、專業(yè)水平、相關(guān)知識、機會窗口、設(shè)備需求和可重復(fù)性來考慮資產(chǎn)被攻擊者成功攻破的可能性，最后綜合考慮資產(chǎn)的影響等級和被成功攻破可能性兩方面來決定最后的風(fēng)險等級。

關(guān)鍵詞：ECU 信息安全 影響等級 攻擊可能性 風(fēng)險等級

A threat analysis and risk assessment method for vehicle ECU cyber security

Deng Yu Xiang Minqi Wei Tianwen Liu Shufan

Abstract：This paper proposes a threat analysis and risk assessment method for vehicle ECU information security to identify the potential cyber security risks of vehicle ECU， so that the corresponding cyber security vulnerabilities can be repaired and reinforced in the product development and test stage， and the risk level can be effectively reduced. Firstly， all ECU assets are divided according to software modules， configuration information and data information. Secondly， the impact level is considered from four factors： functional security， privacy security， economic security and operational security. Then， the possibility of assets being successfully broken by attackers is considered from preparation time， professional level， relevant knowledge， opportunity window， equipment requirements and repeatability. Finally， the final risk level is determined by considering the influence level of assets and the possibility of successful attack.

Key words：electronic control unit， cyber security， impact level， possibility of attack， risk level