hardware-in-the-loop-security-tester

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Hardware-in-the-Loop (HIL) Security Tester

硬件在环（HIL）安全测试员

When to Use

适用场景

Plan or execute authorized security assessments on real hardware with a HIL rig (ECU, ECM, PLC, gateway, domain controller)
Design test bench topology, bus taps, power/reset control, and safety interlocks before active testing
Map attack surfaces on cyber-physical targets (diagnostics, flashing, debug ports, wireless, OTA paths) under lab conditions
Develop fault injection and stimulus campaigns (bus frames, timing, signal, power) with reproducible test cases
Monitor buses and interfaces during tests; correlate observations with firmware/vehicle security teams
Capture evidence (logs, traces, captures, configuration snapshots) suitable for remediation and retest
Coordinate retest after firmware patches, key rotation, or configuration hardening on the same bench

规划或执行针对搭载HIL设备（ECU、ECM、PLC、网关、域控制器）的授权真实硬件安全评估
在主动测试前设计测试平台拓扑、总线分接器、电源/复位控制及安全联锁机制
在实验室环境下梳理信息物理目标的攻击面（诊断、刷写、调试端口、无线、OTA路径）
开发具备可复现测试用例的故障注入与激励方案（总线帧、时序、信号、电源）
测试期间监控总线与接口；与固件/车辆安全团队联动分析观测结果
采集适用于整改与复测的证据（日志、追踪记录、捕获数据、配置快照）
在同一平台上完成固件补丁、密钥轮换或配置加固后的复测协调工作

When NOT to Use

不适用于以下场景

Web application or API-only assessments (OWASP, proxy methodology) →
```
web-pentester
```
Network/AD/infra pentest without embedded targets on the bench →
```
network-pentester
```
General penetration test without HIL hardware, buses, or plant simulation →
```
penetration-tester
```
Disassembly, decompilation, patch diff, or malware RE as primary work →
```
reverse-engineer
```
SIEM alert triage, SOC playbooks, or shift operations →
```
soc-analyst
```
Live incident command, war room, or production containment →
```
incident-responder
```
LLM jailbreak, prompt injection, or agent tool abuse →
```
ai-redteam
```
Classified ISSO / accreditation paperwork without hands-on HIL testing →
```
information-systems-security-officer-classified-specialist
```
CI build validation or release gates without hardware under test →
```
build-validator
```
Enterprise security strategy, GRC roadmap, or policy without lab execution →
```
cybersecurity
```
Control testing and audit evidence mapping only (no active HIL tests) →
```
compliance-engineer
```

仅Web应用或API的评估（OWASP、代理方法论）→
```
web-pentester
```
平台无嵌入式目标的网络/AD/基础设施渗透测试 →
```
network-pentester
```
无HIL硬件、总线或被控对象模拟的通用渗透测试 →
```
penetration-tester
```
主要工作为反汇编、反编译、补丁对比或恶意软件逆向工程 →
```
reverse-engineer
```
SIEM告警分诊、SOC剧本或轮班运维 →
```
soc-analyst
```
实时事件指挥、作战室或生产环境遏制 →
```
incident-responder
```
LLM越狱、提示注入或Agent工具滥用 →
```
ai-redteam
```

无实操HIL测试的涉密ISSO/认证文书工作 →

information-systems-security-officer-classified-specialist

无被测硬件的CI构建验证或发布闸门 →
```
build-validator
```
无实验室执行环节的企业安全战略、GRC路线图或政策制定 →
```
cybersecurity
```
仅进行控制测试与审计证据映射（无主动HIL测试）→
```
compliance-engineer
```

Related skills

Need	Skill
Authorized general pentest (non-HIL primary)	`penetration-tester`
Binary/firmware RE, protocol reverse engineering	`reverse-engineer`
Implement fixes (IAM, SIEM, guardrails) on IT systems	`information-security-engineer`
Security program, risk acceptance, engagement governance	`cybersecurity`
Audit control mapping and evidence packages	`compliance-engineer`
Web/API layer when also in scope	`web-pentester`
Network/AD when bench includes enterprise segment	`network-pentester`
Threat context and TTP mapping for reports	`cti-analyst`
Customer-facing technical writeups	`tech-writer-researcher`

需求	技能
授权通用渗透测试（非HIL为主）	`penetration-tester`
二进制/固件逆向工程、协议逆向分析	`reverse-engineer`
在IT系统上实施修复（IAM、SIEM、防护措施）	`information-security-engineer`
安全方案、风险接受、项目治理	`cybersecurity`
审计控制映射与证据包整理	`compliance-engineer`
涉及Web/API层的场景	`web-pentester`
平台包含企业网段的网络/AD场景	`network-pentester`
报告中的威胁背景与TTP映射	`cti-analyst`
面向客户的技术文档撰写	`tech-writer-researcher`

Core Workflows

核心工作流

1. Authorization, scope, and bench readiness

1. 授权、范围确认与平台就绪

Do not energize targets or inject faults without written authorization and completed safety review.

Confirm signed SOW/ROE: targets, buses, methods, time windows, stop conditions
Complete bench FMEA / hazard review with lab owner; document interlocks and e-stop
Inventory target firmware versions, keys, calibration, and baseline configuration
Define out-of-scope (moving machinery, public roads, production fleets, third-party networks)
Establish emergency stop, power-down procedure, and escalation contacts

See
references/hil_security_tester_scope.md
and
references/test_bench_and_safety.md
.

未经书面授权与安全评审完成，不得启动目标供电或注入故障。

确认已签署的SOW/ROE：测试目标、总线、方法、时间窗口、终止条件
与实验室负责人完成平台FMEA/危害评审；记录联锁机制与紧急停止流程
盘点目标固件版本、密钥、校准参数及基线配置
定义超出范围的内容（移动机械、公共道路、生产车队、第三方网络）
制定紧急停止、断电流程及升级联络人

参考文档：
references/hil_security_tester_scope.md
与
references/test_bench_and_safety.md
。

2. Attack surface mapping and test design

2. 攻击面梳理与测试设计

baseline capture → interface inventory → trust boundaries → threat hypotheses → test cases → peer review

Prioritize interfaces exposed on the bench: OBD/diagnostics, flashing, debug (JTAG/SWD), wireless, USB/Ethernet, service modes, and cross-domain gateways.

See
references/bus_and_interface_security.md
and
references/automotive_and_industrial_patterns.md
.

baseline capture → interface inventory → trust boundaries → threat hypotheses → test cases → peer review

优先梳理平台暴露的接口：OBD/诊断、刷写、调试（JTAG/SWD）、无线、USB/以太网、服务模式及跨域网关。

参考文档：
references/bus_and_interface_security.md
与
references/automotive_and_industrial_patterns.md
。

3. Execute fault injection and stimulus (in scope)

3. 执行故障注入与激励（范围内）

Run reproducible scripts or harness-defined sequences; version control stimulus definitions
Record bus traces, power events, and target responses with synchronized timestamps (UTC)
Stop at agreed impact; avoid unbounded fuzzing on safety-critical actuators without explicit approval
Restore baseline configuration and clear test keys/sessions before handoff

See
references/fault_injection_and_stimulus.md
.

运行可复现的脚本或工具定义的序列；对激励定义进行版本控制
记录带同步UTC时间戳的总线追踪、电源事件及目标响应
达到约定影响程度时停止测试；未经明确批准，不得对安全关键执行器进行无边界模糊测试
移交前恢复基线配置并清除测试密钥/会话

参考文档：
references/fault_injection_and_stimulus.md
。

4. Evidence, reporting, and coordination

4. 证据、报告与协作

Per finding: title, severity, safety note, impact, preconditions, reproduction on bench, evidence refs, remediation owner, retest criteria. Coordinate with firmware/vehicle security on exploitability vs design intent.

See
references/evidence_and_reporting.md
.

针对每个发现项：标题、严重程度、安全提示、影响范围、前置条件、平台复现步骤、证据引用、整改负责人、复测标准。与固件/车辆安全团队协作分析可利用性与设计意图差异。

参考文档：
references/evidence_and_reporting.md
。

When to load references

参考文档加载场景

Topic	Reference
Role boundaries and engagement types	`references/hil_security_tester_scope.md`
Bench topology, interlocks, lab safety	`references/test_bench_and_safety.md`
CAN/LIN/Ethernet/Modbus security angles	`references/bus_and_interface_security.md`
Fault injection and stimulus design	`references/fault_injection_and_stimulus.md`
Evidence capture and reporting	`references/evidence_and_reporting.md`
Automotive and industrial patterns	`references/automotive_and_industrial_patterns.md`

主题	参考文档
角色边界与项目类型	`references/hil_security_tester_scope.md`
平台拓扑、联锁机制、实验室安全	`references/test_bench_and_safety.md`
CAN/LIN/以太网/Modbus安全视角	`references/bus_and_interface_security.md`
故障注入与激励设计	`references/fault_injection_and_stimulus.md`
证据采集与报告	`references/evidence_and_reporting.md`
汽车与工业领域模式	`references/automotive_and_industrial_patterns.md`