Classified security protection evaluation for vehicle information system

摘要

This paper firstly analyzes security vulnerabilities, threats and special security requirements of current vehicle information system. And further referring to the classified security protection evaluation standards of traditional information system, we establish classified security protection evaluation system for vehicle information system. This system summarizes typical information assets in car system, divides vehicle information system into two classes/levels: family and business, and defines target and requirement of security protection for two kinds of vehicle information system, respectively. Finally, a series of feasible evaluation methods and tools are presented for evaluation practice. A big contribution of this paper is to explore classified security protection evaluation for vehicle information system and fills up the gap of evaluating security state of automotive information system all over the world.