引用本文: |
-
郑尧文,文辉,程凯,宋站威,朱红松,孙利民.物联网设备漏洞挖掘技术研究综述[J].信息安全学报,2019,4(5):61-75 [点击复制]
- ZHENG Yaowen,WEN Hui,CHENG Kai,SONG Zhanwei,ZHU Hongsong,SUN Limin.A Survey of IoT Device Vulnerability Mining Techniques[J].Journal of Cyber Security,2019,4(5):61-75 [点击复制]
|
|
本文已被:浏览 12270次 下载 15610次 |
码上扫一扫! |
物联网设备漏洞挖掘技术研究综述 |
郑尧文1,2, 文辉2, 程凯1,2, 宋站威2, 朱红松1,2, 孙利民1,2
|
|
(1.中国科学院大学网络空间安全学院 北京 中国 100049;2.中国科学院信息工程研究所物联网信息安全技术北京市重点实验室 北京 中国 100093) |
|
摘要: |
随着物联网设备的迅速发展和广泛应用,物联网设备的安全也受到了严峻的考验。安全漏洞大量存在于物联网设备中,而通用漏洞挖掘技术不再完全适用于物联网设备。近几年,针对物联网设备漏洞的挖掘技术逐渐成为热点。本文将分析物联网设备漏洞挖掘技术面临的挑战与机遇,然后从静态分析,动态模糊测试,以及同源性分析三个方面来介绍物联网设备漏洞挖掘技术的研究进展。最后本文将对今后该领域的研究重点和方向进行讨论和展望。 |
关键词: 物联网设备 漏洞挖掘 静态分析 模糊测试 同源性分析 |
DOI:10.19363/J.cnki.cn10-1380/tn.2019.09.06 |
投稿时间:2019-06-01修订日期:2019-08-16 |
基金项目:本课题得到广东省重点研发计划(No.2019B010137004),国家自然科学基金面上项目(No.U1636120),国家自然科学基金青年项目(No.61702504),国家重点研发计划(No.2018YFC1201102)资助。 |
|
A Survey of IoT Device Vulnerability Mining Techniques |
ZHENG Yaowen1,2, WEN Hui2, CHENG Kai1,2, SONG Zhanwei2, ZHU Hongsong1,2, SUN Limin1,2
|
(1.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China;2.Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China) |
Abstract: |
With the development of Internet of Things(IoT), its security faces a huge challenge. IoT devices are prone to lots of vulnerabilities while current software vulnerability mining techniques could not be directly applied to them. Vulnerability mining techniques on IoT devices has attracted researchers' attention in these years. In this paper, we will introduce challenges and opportunities of IoT vulnerability mining techniques, and then summarize the techniques from aspects of static analysis, dynamic fuzz testing and homology analysis techniques. Finally, we will discuss the research direction in the future. |
Key words: Internet of Things devices vulnerability mining static analysis fuzzing testing homology analysis |