没有合适的资源?快使用搜索试试~ 我知道了~
JasPar规范-ECU Vulnerability Test Requirements
需积分: 0 2 下载量 110 浏览量
2024-01-19
13:51:38
上传
评论
收藏 777KB PDF 举报
温馨提示
试读
53页
本标准文档定义了近期内预计安装在车辆上的车内 ECU (例如连接到互联网和自动驾驶汽车的 ECU) 的漏洞测试要求。 根据对这些要求背景的了解,读者选择了用于测试 ECU 的漏洞测试,即使读者一眼就发现 ECU 与网络安全无关。
资源推荐
资源详情
资源评论
JASPAR Standards Document: ST-CST-1 Ver.1.1
Copyrights for this document belong to the General Incorporated Association JASPAR.
Unauthorized copying or reproduction is prohibited by copyright.
Issued on May 15, 2019
Cybersecurity Technical WG
General Incorporated Association JASPAR
ST-CST-1
ECU Vulnerability Test Requirements
Ver.1.1
ECU Vulnerability Test Requirements Ver.1.1 JASPAR Standards Document: ST-CST-1
- 2 -
Unauthorized copying or reproduction is prohibited by copyright.
JASPAR uses Japanese as its official language. This document is a translated version of the original Japanese one.
Please note that the Japanese version prevails on others for every difference in contents and/or interpretation among
them.
This English translation is for an informational purpose only and there is absolutely no guarantee regarding its
contents.
For your research and development purpose, always use the Japanese version as the reference.
ECU Vulnerability Test Requirements Ver.1.1 JASPAR Standards Document: ST-CST-1
- 3 -
Unauthorized copying or reproduction is prohibited by copyright.
Revision History
Date
Version
Details
2019/9/17
Ver. 1.0
First Edition
2020/5/15
Ver. 1.1
Newly Added
AP-004, AP-005, AP-006, AP-007, AP-008
Corrected
HW-001, HW-002, HW-003, NE-001BT, NE-001-WiFi,
NE-002-BT, NE-002-WiFi, NE-003-WiFi, NE-005-IP,
NE-007-BT, NE-008-WiFi, NE-009-CAN, NE-009-BT,
NE-009-WiFi, NE-009-IP, NE-010-CAN, NE-010-BT,
NE-010-WiFi, NE-010-IP, NE-012-CAN, NE-013-BT,
NE-013-IP, NE-015-IP, AP-003
Deleted
NE-011-CAN, NE-011-IP, NE-011-WiFi, NE-011-BT
Corrected Typography
ECU Vulnerability Test Requirements Ver.1.1 JASPAR Standards Document: ST-CST-1
- 4 -
Unauthorized copying or reproduction is prohibited by copyright.
Contents
Introduction ................................................................................................................................................................. 5
Disclaimer ............................................................................................................................................................. 5
Scope of application .............................................................................................................................................. 5
Referenced standards ............................................................................................................................................ 5
1.3.1 Related documents ................................................................................................................................ 5
1.3.2 References ............................................................................................................................................ 5
Description of terms .............................................................................................................................................. 6
1.4.1 Definition of terms ................................................................................................................................ 6
1.4.2 Definition of abbreviations ................................................................................................................... 6
Notes on patents .................................................................................................................................................... 7
Notes on copyrights .............................................................................................................................................. 7
Vulnerability testing in this document ....................................................................................................................... 8
Definition of vulnerability test .............................................................................................................................. 8
Position of vulnerability tests in the development process.................................................................................... 8
Vulnerability tests given in other standards and guidelines .................................................................................. 9
Vulnerability test requirements ................................................................................................................................ 10
In applying vulnerability test requirements ......................................................................................................... 10
Classifications of vulnerability test requirements ............................................................................................... 10
Structure of vulnerability test requirements ........................................................................................................ 11
List of vulnerability test requirements ................................................................................................................ 12
3.4.1 Hardware ............................................................................................................................................ 12
3.4.2 Network .............................................................................................................................................. 12
3.4.3 Application ......................................................................................................................................... 14
Vulnerability test requirement details ................................................................................................................. 15
3.5.1 Hardware ............................................................................................................................................ 15
3.5.2 Network .............................................................................................................................................. 18
3.5.3 Application ......................................................................................................................................... 46
ECU Vulnerability Test Requirements Ver.1.1 JASPAR Standards Document: ST-CST-1
- 5 -
Unauthorized copying or reproduction is prohibited by copyright.
Introduction
Disclaimer
General Incorporated Association JASPAR (JASPAR hereafter) is not responsible for revision of this document
due to any changes occurring in sections referenced in this document. Also, JASPAR is not responsible for any issues
that may occur in the implementation of these standards.
Scope of application
This standards document defines test requirements for vulnerability testing for in-vehicle ECUs installed in the
vehicles expected in the near future, such as those connected to the Internet and autonomous cars.
Based on the understanding of the background of these requirements, the readers select vulnerability test for testing
the ECU, even if the reader identified it as an ECU having no-relevance with cyber-security at first glance.
Referenced standards
1.3.1 Related documents
The following table shows industry standards in the creation of this document.
Table 1-1: Referenced standards (Industry standards)
Standard
Issued by
Issued on
Version
JASPAR Information Security ECU Design
Requirements Definitions Document Ver.1.0
JASPAR Cybersecurity Promotion
Working Group
2018.6.15
Ver 1.0
Draft Recommendation on Cyber
Security of the Task Force on Cyber
Security and Over-the-air issues of
UNECE WP.29 GRVA
United Nations, Economic
Commission for Europe
2018.9.20
TFCS-13
-18
Cybersecurity Guidebook for
Cyber-Physical Vehicle Systems
J3061
SAE International
2016.10.14
2016-01
1.3.2 Referenced URLs
The following table shows URLs of documents referenced in the creation of this document.
Table 1-2: Referenced URLs (References)
Reference
Overview
Reference source
OWASP
OWASP (Open Web Application Security Project): A
nonprofit foundation that collects and distributes
information about web security, application security, and
vulnerability assessments.
https://www.owasp.org/index.php/Japan
CMVP
CMVP (Cryptographic Module Validation Program): A U.S.
and Canadian joint project on cryptographic modules
https://csrc.nist.gov/projects/cryptographic-
module-validation-program
CWE
CWE (Common Weakness Enumeration)
https://cwe.mitre.org/data/index.html
CVE
CVE (Common Vulnerabilities and Exposures)
https://cve.mitre.org/
CAPEC
CAPEC (Common Attack Path Enumeration and
Classification)
https://capec.mitre.org/data/
* Reference URLs are as of April 1, 2019.
剩余52页未读,继续阅读
资源评论
落叶成花
- 粉丝: 260
- 资源: 9
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功