| 摘要: |
| 随着物联网设备的迅速发展和广泛应用,物联网设备的安全也受到了严峻的考验。安全漏洞大量存在于物联网设备中,而通用漏洞挖掘技术不再完全适用于物联网设备。近几年,针对物联网设备漏洞的挖掘技术逐渐成为热点。本文将分析物联网设备漏洞挖掘技术面临的挑战与机遇,然后从静态分析,动态模糊测试,以及同源性分析三个方面来介绍物联网设备漏洞挖掘技术的研究进展。最后本文将对今后该领域的研究重点和方向进行讨论和展望。 |
| 关键词: 物联网设备 漏洞挖掘 静态分析 模糊测试 同源性分析 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2019.09.06 |
| 投稿时间:2019-06-01修订日期:2019-08-16 |
| 基金项目:本课题得到广东省重点研发计划(No.2019B010137004),国家自然科学基金面上项目(No.U1636120),国家自然科学基金青年项目(No.61702504),国家重点研发计划(No.2018YFC1201102)资助。 |
|
| A Survey of IoT Device Vulnerability Mining Techniques |
| ZHENG Yaowen,WEN Hui,CHENG Kai,SONG Zhanwei,ZHU Hongsong,SUN Limin |
| School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China |
| Abstract: |
| With the development of Internet of Things(IoT), its security faces a huge challenge. IoT devices are prone to lots of vulnerabilities while current software vulnerability mining techniques could not be directly applied to them. Vulnerability mining techniques on IoT devices has attracted researchers' attention in these years. In this paper, we will introduce challenges and opportunities of IoT vulnerability mining techniques, and then summarize the techniques from aspects of static analysis, dynamic fuzz testing and homology analysis techniques. Finally, we will discuss the research direction in the future. |
| Key words: Internet of Things devices vulnerability mining static analysis fuzzing testing homology analysis |
