一种面向车辆ECU信息安全的威胁分析与风险评估方法

邓宇　向民奇　韦天文　刘书帆

摘 要：本文提出一種面向车辆ECU信息安全的威胁分析与风险评估方法来识别车辆ECU存在的潜在网络安全隐患，以便在产品的开发试验阶段相应的网络安全漏洞得到修补加固，风险等级得到有效的降低。首先对ECU所有的资产按照软件模块、配置信息和数据信息进行划分，其次从功能安全、隐私安全、经济安全和操作性安全四个因素来考虑其影响等级，然后从准备时间、专业水平、相关知识、机会窗口、设备需求和可重复性来考虑资产被攻击者成功攻破的可能性，最后综合考虑资产的影响等级和被成功攻破可能性两方面来决定最后的风险等级。

关键词：ECU 信息安全 影响等级 攻击可能性 风险等级

A threat analysis and risk assessment method for vehicle ECU cyber security

Deng Yu Xiang Minqi Wei Tianwen Liu Shufan

Abstract：This paper proposes a threat analysis and risk assessment method for vehicle ECU information security to identify the potential cyber security risks of vehicle ECU， so that the corresponding cyber security vulnerabilities can be repaired and reinforced in the product development and test stage， and the risk level can be effectively reduced. Firstly， all ECU assets are divided according to software modules， configuration information and data information. Secondly， the impact level is considered from four factors： functional security， privacy security， economic security and operational security. Then， the possibility of assets being successfully broken by attackers is considered from preparation time， professional level， relevant knowledge， opportunity window， equipment requirements and repeatability. Finally， the final risk level is determined by considering the influence level of assets and the possibility of successful attack.

Key words：electronic control unit， cyber security， impact level， possibility of attack， risk level