汽车软件OTA升级威胁分析及实测举隅
A Threat Analysis and Test-based Study of OTA Software Updates for Automobiles
朱科屹 1孙琦 2罗勇 3丁文龙 4宁友良4
作者信息
- 1. 北京航空航天大学,北京 100191;中国软件评测中心,北京 100048
- 2. 中国第一汽车股份有限公司,吉林长春 130011
- 3. 联合汽车电子有限公司,上海 201206
- 4. 中国软件评测中心,北京 100048
- 折叠
摘要
软件定义汽车是新一代汽车产业发展的必然趋势,汽车软件OTA升级是未来汽车软件升级的重要手段,在其带来便利的同时信息安全性值得重点关注.本文对汽车软件OTA升级进行资产识别、威胁场景识别、攻击路径及攻击可行性分析,提出汽车软件OTA升级信息安全测试指标,开展测试实践.本文给出测试过程中的重点问题分析,旨在通过完整的威胁分析,为汽车软件OTA升级体系研究提供参考.
Abstract
Software plays an important role in the development of modern vehicles,and over-the-air updates is an important alternative that brings convenient and efficient.While there are several advantages of OTA updates,information security threats that introduced must also be considered seriously.Based on the CSTC asset identification,threat scenario identification,attack path analysis and attack feasibility evaluation specification for automotive software OTA updates,comprehensive information security tests were conducted by CSTC.This paper summarizes characteristic information security vulnerabilities of automotive software OTA updates in order to promote the automotive software development.
关键词
汽车软件/OTA升级/信息安全/测试Key words
automotive software/OTA updates/information security/testing引用本文复制引用
出版年
2024
NETL
NSTL
万方数据