Automotive Security的一些资料跟心得(1):Security Engineering
陆续更新一些最近在Automotive Security方面的资料和心得。
1. Overview
1.1. Software Engineering Process
Introduction -> Concept Refinement -> Development -> Industrialization -> Product Validation -> Production Ramp-Up
对应的SW-Phase:
Introduction -> Concept Refinement -> Prototype Planning & Specification -> Design & Realization -> Integration & Test ->Industrialization Support -> Product Validation Support -> Production Ramp-Up Support
其中Prototype Planning & Specification -> Design & Realization -> Integration & Test 形成一个loop。
1.2. Secure Software Development Life Cycle
推荐工具Microsoft Security Development Lifecycle
- Training
Security training
- Requirements
Security requirements analysis
Security & Privacy risk assessment
- Design
Design requirements analysis
Analyze attack possible
Threat modeling
- Implementation
Use secure development tools
Discard unsafe functions
Run static code analysis
- Testing
- Release
- Feedback
1.3. 挑战
- 不确定性。内部,外部环境。商业程序。技术。法律等。
- 严格确保安全性会提高成本
1.4. 已有的一些模型
OWASP, OpenSAMM, BSIMM, ISO21827
2. Requirements