网络与信息安全学报 (Feb 2022)
Information security vulnerability scoring model for intelligent vehicles
Abstract
More and more electronic devices are integrated into the modern vehicles with the development of intelligent vehicles. There are various design flaws and vulnerabilities hidden in a large number of hardware, firmware and software. Therefore, the vulnerabilities of intelligent vehicles have become the most important factor affecting the vehicle safety. The safety of vehicles is seriously affected by the disclosure of a large number of vulnerabilities, and the wide application of smart cars is also restricted. Vulnerability management is an effective method to reduce the risk of vulnerabilities and improve vehicle security. And vulnerability scoring is one the important step in vulnerability management procedure. However, current method have no capability assessing automotive vulnerabilities reasonably. In order to handle this problem, a vulnerability scoring model for intelligent vehicles was proposed, which was based on CVSS. The attack vector and attack complexity were optimized, and property security, privacy security, functional safety and life safety were added to characterize the possible impact of the vulnerabilities according to the characteristics of intelligent vehicles. With the machine learning method, the parameters in CVSS scoring formula were optimized to describe the characteristics of intelligent vehicle vulnerabilities and adapt to the adjusted and new added weights. It is found in case study and statistics that the diversity and distribution of the model are better than CVSS, which means the model can better score different vulnerabilities. And then AHP is used to evaluate the vulnerability of the whole vehicle based on the vulnerability score of the model, a score is given representing the risk level of whole vehicle. The proposed model can be used to evaluate the severity of information security vulnerabilities in intelligent vehicles and assess the security risks of the entire vehicle or part of the system reasonably, which can provide an evidence for fixing the vulnerabilities or reinforcing the entire vehicle.
Keywords