天天射天天干天天透综合网,国产精品VA在线观看无码,夜夜嗨老熟女av一区,亚洲乱亚洲中文字幕,国产精品资源在线免费观看,91亚洲精品视频在线,欧美 在线 免费 不卡,193在线免费观看黄页网,欧美成人精品色午夜免费观看

汽車互聯(lián)可以給用戶帶來巨大便利，但同時也將汽車系統(tǒng)暴露在互聯(lián)網(wǎng)所帶來的負面風險之中，因此汽車生產(chǎn)商必須迅速采取措施，以確保車輛不會成為黑客攻擊的受害者。SAE即將發(fā)布一份最佳做法（Best Practices） 建議，協(xié)助整車廠通過實施結(jié)構(gòu)清晰的項目，以保證汽車在全生命周期中都可獲得有效的保護。

SAE J3061推薦規(guī)程《信息物理汽車系統(tǒng)網(wǎng)絡安全指南(Cybersecurity Guidebook for Cyber-Physical Vehicle Systems)》是首部針對汽車網(wǎng)絡安全而制定的指導性文件。近日，SAE舉行了一次網(wǎng)絡研討會，數(shù)位與會的SAE委員會成員參與探討了一系列重要問題，包括規(guī)范相關標準及其在保護網(wǎng)聯(lián)汽車安全方面的作用。

本次會議的討論范圍覆蓋了J3061號指南的全部內(nèi)容。會議開始時，發(fā)言人首先介紹了起草J3061號指南的初衷。

全球供應商ZF TRW公司高級技術專家、安全評估員及網(wǎng)絡安全員Barbara Czerny表示，“（與網(wǎng)絡安全有關的）潛在威脅眾多，包括經(jīng)濟損失、知識產(chǎn)權(quán)盜用、汽車性能降低，以及商業(yè)運營受到影響等等。”

網(wǎng)絡安全與汽車質(zhì)量和車輛安全等因素一樣，也需要從一開始就堅持貫徹，始終不變，但要做到這點并不容易。汽車的絕大多數(shù)系統(tǒng)都可能受到網(wǎng)絡安全的影響，換言之，網(wǎng)絡攻擊的目標可能是車輛安全系統(tǒng)、信息娛樂系統(tǒng)，也可能是車上的其他電子系統(tǒng)。

Czerny指出，汽車廠商必須采用系統(tǒng)工程的方法保護網(wǎng)絡安全。如果車輛遭受網(wǎng)絡攻擊，其關鍵安全系統(tǒng)和其他電子控制系統(tǒng)均有可能受到影響。舉例來說，黑客有可能盜取存儲在車載信息娛樂系統(tǒng)中的密碼或其他個人信息。目前人們最擔心的，還是網(wǎng)絡安全對汽車安全的潛在影響。

汽車安全和網(wǎng)絡安全有時并無過多交集，但也有很多時候，兩者是緊密聯(lián)系在一起的。如果有黑客計劃通過網(wǎng)絡入侵來敲詐整車廠，一定會首先從車輛的安全系統(tǒng)下手。過去工程師需要關注的僅僅是車輛硬件和軟件之間的配合，而如今他們還要考慮更多的問題，比如外來入侵者是否有可能通過某些方法影響車輛的關鍵功能，比如車速控制等。

汽車咨詢公司Horiba MIRA的功能性安全主管David Ward表示，“很多系統(tǒng)都有可能造成汽車發(fā)生意外加速等狀況，網(wǎng)絡安全系統(tǒng)也不例外。”

與其他電子系統(tǒng)相比，網(wǎng)絡安全系統(tǒng)需要更高的靈活性，因為網(wǎng)絡威脅時刻都會發(fā)生變化。我們必須及時拿出預防措施，應對黑客攻擊，在車輛的整個生命周期中為其提供有效保護。我們必須開發(fā)出全面的安全保障策略，有效應對常規(guī)問題，并對網(wǎng)絡攻擊做出敏捷的反應。

福特汽車公司車內(nèi)系統(tǒng)安全專家Lisa Boran表示，“網(wǎng)絡系統(tǒng)安全也必須考慮到車主變更的情況。作為整車廠，我們所制定的規(guī)劃必須包含一個能夠準確判斷事件性質(zhì)的響應機制。當此類事件發(fā)生時，所有人都應該知道需要通知哪些人員來處理相關問題。

SAEJ3061規(guī)程已于2016年1月發(fā)布，同時SAE相關委員會成員已經(jīng)開始準備相關配套文件。例如，J3101號文件《路面車輛硬件保護措施的應用(Hardware Protected Security in Ground Vehicle Applications)》。設計團隊可以采取一些措施，為車輛提供多重保護，比如將驗證秘鑰存儲在微控制器的受保護區(qū)域中。

菲亞特克萊斯勒全球汽車網(wǎng)絡安全策略師Bill Mazzara表示，“對硬件的安全防護，也可以幫助應對一些針對軟件的威脅。”

在網(wǎng)絡研討會上，與會發(fā)言人不斷重申，網(wǎng)絡安全系統(tǒng)的開發(fā)必須從車輛設計階段就開始進行，并貫徹整個車輛研發(fā)過程始終，而不是在研發(fā)后期才添添補補。專家們同時指出，認證機制在網(wǎng)絡安全領域并不能發(fā)揮太大作用，其按部就班的工作機制并不適合復雜多變的網(wǎng)絡環(huán)境。

網(wǎng)絡安全系統(tǒng)一般采用縱深防御(Defense in Depth)技術，這樣一來即使某層防御被突破，其他程序也能補上缺口。此外，分層防御還能保證問題發(fā)生時可以得到有效控制，不會迅速蔓延至車輛的其他系統(tǒng)。

Czerny表示，“沒有哪個系統(tǒng)是100%安全的，遵循結(jié)構(gòu)化流程有助于降低網(wǎng)絡攻擊得手的可能性。結(jié)構(gòu)完善的流程還能應對不斷變化的威脅。”

在車輛的生命周期很長，而網(wǎng)絡攻擊的技術始終在發(fā)生變化，因而系統(tǒng)只有不斷升級才能有效保持防御能力。美國國家高速公路安全局（簡稱NHTSA）電子系統(tǒng)安全研究部負責人Cem Hatipoglu表示，網(wǎng)絡攻擊信息的共享可以造福所有整車廠，幫助他們在遭受大規(guī)模攻擊前及時發(fā)現(xiàn)威脅。

Cem說:“我們希望整個汽車行業(yè)能夠建立一個信息共享的分析中心，以便在問題大規(guī)模爆發(fā)前及時互通可疑情況。如果我們等到問題發(fā)生時再采取行動，那就太晚了。我們必須盡早發(fā)現(xiàn)問題。”

打造靈活的系統(tǒng)，以保證汽車在整個生命周期中有效應對各種威脅并不容易，因為這需要對車輛進行長時間的監(jiān)測，甚至長達數(shù)年。正因為如此，J3061號指南僅僅是SAE推薦的最佳做法，并非研發(fā)者必須遵守的規(guī)范。

Czerny表示，“J3061只是根據(jù)目標而提出的建議，并非強制性規(guī)定，公司完全可以根據(jù)自身的要求打造適合自己的解決方案。”

研討會期間，J3061號指南的起草者還強調(diào)了這份SAE標準文件和ISO26262功能性安全標準之間的相似之處。這兩份文件都要求設計團隊盡可能尋找潛在問題，并采取措施消除或降低風險。此外，這兩份文件都認同應當集中精力處理最危險的問題。

Ward表示，“風險評估應當包括對襲擊動機的偵測，而嚴重等級則用于評估可能遭受的損失規(guī)模。”

不過，這兩份標準也有明顯不同。其中最重要的一點差別是，在功能性安全問題上只需考慮開發(fā)人員可能發(fā)生的疏漏，但在網(wǎng)絡安全領域，還必須同時考慮到其他因素，包括黑客乃至車主的行為。

Ward表示，“功能性安全隱患一般源于系統(tǒng)故障、軟件或硬件失效。但在網(wǎng)絡安全中，還必須同時考慮惡意或意外行為可能造成的影響，比如有些車主出于好奇，也有可能對車輛進行一些不當操作，從而影響車輛的網(wǎng)絡安全。”

開發(fā)人員在分析系統(tǒng)安全的弱點和潛在威脅時，必須分析事故的嚴重級別，以及汽車功能受其影響的可能性，還應評估發(fā)動者發(fā)動攻擊的難度。

Ward表示，“判斷安全威脅發(fā)生的概率，基本上就是在判斷攻擊者發(fā)動有效攻擊的概率。研發(fā)人員必須分析發(fā)動攻擊所需的技術水平、攻擊者是否需要掌握細節(jié)信息，或者攻擊者是否已經(jīng)掌握了可以幫助他們突破安全防線的情報。”

很多評估網(wǎng)絡風險等級的措施，與實現(xiàn)功能性安全要求的流程都有相似之處。研討會上有專家指出，SAE指南文件與ISO26262標準的理念有很多相似之處。設計團隊可以先尋找系統(tǒng)的潛在薄弱點，采取措施消除或減小其風險，然后再重新“走”一遍分析流程。

利用現(xiàn)有的流程來設計網(wǎng)絡安全防御項目，不但可以節(jié)省大量時間，效果也更好?，F(xiàn)有的質(zhì)量控制和功能性安全流程都有助于幫助整車廠從最初的車輛設計環(huán)節(jié)就開始貫徹安全系統(tǒng)。

Czerny說：“大多數(shù)組織都有成熟的流程架構(gòu)，企業(yè)完全可以對其加以利用。網(wǎng)絡安全和功能性安全是相互關聯(lián)的，網(wǎng)絡安全要進行威脅分析和風險評估，功能性安全也同樣需要分析和風險評估。攻擊樹分析(Attack-tree Analysis)和故障樹分析(Fault-tree Analysis)是非常相似的。”

與會專家指出，現(xiàn)有流程的效果都可以在最新的網(wǎng)絡安全研發(fā)項目中得到體現(xiàn)。

Ward表示，“如果沒有完整的質(zhì)量控制流程作為基礎，上層建筑也不會穩(wěn)固。企業(yè)必須建立良好的質(zhì)量管理流程。”

作者：Terry Costlow

來源：SAE《汽車工程雜志》

翻譯：SAE 上海辦公室

SAE security guideline set to provide structure for connected vehicles

Connectivity opens vehicle systems to the dark side of the Internet, forcing automakers to quickly develop strategies to ensure that they don’t join the litany of corporations hit by hack attacks. SAE is nearing the release of a best practices document that will help OEMs create structured programs that provide protection that will remain effective throughout vehicle lifetimes.

SAE Recommended Practice J3061, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems," is the first document tailored for vehicle cybersecurity. Several members of the committee recently participated in an SAE webinar to discuss the standard and its role in protecting connected vehicles.

The session covered the full scope of J3061. Spokespersons opened by highlighting the many motivating factors behind its creation.

“Potential impacts include finances, theft of intellectual property, vehicle performance can be compromised, and interference with business operations,” said Barbara Czerny, Senior Technical Specialist, Safety Assessor and Cybersecurity atZF TRW.

Security will be similar to factors like quality and safety that must be considered from the concept phase and beyond. That’s a tall order, since cyber security spans most vehicle systems. For example, attacks can focus on safety, infotainment, or other electronic systems.

Czerny noted that companies need to take an overarching systems-engineering approach to cyber security. Cyber assaults can impact safety-critical systems as well as other electronic controls. For example, a hacker may steal passwords or other personal information stored on the radio head unit. Potential impacts on safety will be a primary concern.

Though safety and cyber security will sometimes have little overlap, they will often be tightly intertwined. Safety systems may be a primary target for hackers who want to extort money from an OEM. Engineering teams that have focused only on hardware and software they put in the car will now have to think about ways that outsiders may alter the performance of critical vehicle functions like speed control.

“Hazards like unintended acceleration may involve several systems,” said David Ward, Head of Functional Safety at Horiba MIRA Ltd. “Cyber security may be the source of that issue.”

Cyber security systems need more flexibility than most other aspects of vehicle electronics. Threats will change over time, and preventive technologies will have to evolve to meet attacks by hackers throughout vehicle lifetimes. A comprehensive security strategy should address routine events as well as attack responses.

“Computer security must also consider what happens when vehicle ownership changes,” said Lisa Boran, Global Security Attribute Leader at Ford Motor Co. “Corporate plans should include an incident response plan that identifies incidents and makes sure they’re valid. Everyone should know which team members need to be informed about incidents.”

Though J3061 won’t be formally released until early in 2016, SAE committee members are already busy working on supporting documentation. For example, J3101 will address the growing need for "Hardware Protected Security in Ground Vehicle Applications." Steps such as storing authentication keys in protected areas on microcontrollers will help design teams add another layer of protection.

“Hardware protected security offers improved security against software-only threat vectors,” said Bill Mazzara, Fiat Chrysler Global Vehicle Cybersecurity Strategist.

Throughout the Webinar, speakers continually noted that cyber security must be built into the designs, not added on during the development cycle. They also noted that certification may not be beneficial in cyber security because it fosters a check-the-box mentality that won’t work well in the complex, ever-changing cyber security field.

Security programs will typically use defense in depth techniques so that, if one preventive measure fails, another will pick up the slack. Layered defenses also help ensure that any problems that occur are kept in check before they spread to other vehicle systems.

“No system can be 100% safe,” Czerny said. “Following a structured process helps reduce the likelihood of a successful attack. A well-structured process also provides a means to react to a constantly changing threat landscape.”

The changes in hacking techniques over the lifetime of a vehicle will force strategists to plan for updates. Cem Hatipoglu, Chief, Electronic Systems Safety Research Division, at NHTSA, noted that OEMs may benefit from sharing information on attacks. That could help automakers spot attacks before they spread throughout vehicle fleets.

“We encourage the vehicle industry to set up an information sharing and analysis center,” he said. “There’s a need to disseminate information on anomalies seen on one vehicle before there are issues with a lot of vehicles. If we wait until accidents happen, it will be too late. We need to find issues earlier.”

The need to monitor vehicles for years highlights the complexity of building flexible systems that can meet varying types of threats over long lifetimes. J3061 was therefore written as a best practices document, not a specification that tells developers what they must do.

“The standard is goal-based rather than prescriptive so companies can tailor their solutions to their requirements,” Czerny said.

Throughout the webinar, the J3061 developers stressed the similarities between the new SAE document and the ISO 26262 functional safety standard. Both ask design teams to find as many potential problems as possible, then take steps to eliminate or mitigate them. In both standards, the most dangerous issues should get the most attention.

“Risk includes detection and motivation,” Ward said. “The analysis of severity includes the amount of losses that can occur.”

However, there are noticeable differences. Foremost among them is that developers are the only humans involved in functional safety issues. The actions of hackers and even vehicle owners must be taken into account by those working in the cyber security world.

“Functional safety is very much based on hazards caused by malfunctioning systems, failures in hardware or software,” Ward said. “In cyber security, people need to consider malicious action and unintended actions; a curious owner may do something to the car, for example.”

When developers are analyzing vulnerabilities and potential threats, they need to rank them on both severity and likelihood of an incident that impacts some aspect of vehicle operations. They should also examine the amount of effort required to mount an assault.

“Determining the probability of a security threat is typically based on the probability of an attacker making an effective attack,” Ward said. “People need to look at the skill level that’s needed, whether the attackers needs detailed knowledge, or whether it’s based on things that are readily known.”

Many of the steps taken to determine the level of risk are similar to the processes used to meet functional safety requirements. Webinar speakers noted that there are many similarities with the ISO 26262 methodologies. Design teams can figure out potential vulnerabilities and eliminate or mitigate them, then run through the analysis processes again.

Utilizing existing processes to set up cyber security programs will save plenty of time and improve results. Both quality programs and functional safety processes can be used to help build the base for baking security into designs.

“Most organizations have process frameworks established; companies can leverage this,” Czerny said. “Cyber security and functional safety are related activities. Cyber security has threat analysis and risk assessment versus hazard analysis and risk assessment for functional safety. Attack-tree analysis and fault-tree analysis are similar.”

Speakers noted that any new programs for security can’t reduce the effectiveness of existing processes.

“If you don’t have an established quality process, what you put on top of it won’t be reliable,” Ward said. “Companies need to have a quality management process in place.”

Author: Terry Costlow
Source: SAE Automotive Engineering Magazine