| 引用本文: |
-
詹东阳,俞兆丰,叶麟,张宏莉.面向物联网设备安全的多层次内核访问控制方法[J].信息安全学报,2022,7(6):116-125 [点击复制]
- ZHAN Dongyang,YU Zhaofeng,YE Lin,ZHANG Hongli.Multi-layer Kernel Access Control Method for Internet of Things Device Security[J].Journal of Cyber Security,2022,7(6):116-125 [点击复制]
|
|
| 摘要: |
| 物联网设备受能耗、计算能力等因素限制, 通常采用轻量化的操作系统以及精简化的安全保护机制, 导致物联网设备的操作系统安全保护能力不足, 更容易被用户态程序攻破。为了增强操作系统的隔离能力, 现有的安全保护方法通常限制应用程序可访问的系统调用种类, 使其仅能访问运行所必须的系统调用, 从而缩小操作系统的攻击面。然而, 现有的动态或者静态程序分析方法无法准确获取目标程序运行所依赖的系统调用。动态跟踪方法通过跟踪程序执行过程中触发的系统调用, 仅能获取程序依赖系统调用的子集, 以此作为依据的访问控制可能会影响程序的正常执行。而静态分析方法通常构造程序及其依赖库的控制流图并分析其可达的系统调用, 然而由于静态分析无法精准构建控制流图, 仅能获取目标程序依赖系统调用的超集, 会在访问控制中引入多余的系统调用, 造成操作系统攻击面依然较大。针对现有系统调用访问控制面临的可用性以及精准度问题, 研究多层次的内核访问控制方法, 在现有系统调用访问控制的基础上, 引入了动态链接库的访问控制, 并提出了多层联动的动态安全分析机制, 以动态分析的方法排除由于静态分析不准确引入的额外系统调用, 从而进一步缩小物联网系统的攻击面, 提升物联网设备的隔离能力与安全性。实验结果表明, 相比于现有内核访问控制方法, 本文提出的方法能够抵御更多漏洞而且引入的实时负载更低。 |
| 关键词: 物联网系统安全 攻击面缩小 静态程序分析 动态访问控制 多层访问控制 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.11.08 |
| 投稿时间:2022-06-29修订日期:2022-08-24 |
| 基金项目:本课题得到国家重点研发计划资助项目(No. 2021YFB2012402), 国家自然科学基金资助项目(No. 61872111)资助。 |
|
| Multi-layer Kernel Access Control Method for Internet of Things Device Security |
|
ZHAN Dongyang, YU Zhaofeng, YE Lin, ZHANG Hongli
|
| (School of Cyberspace Science, Harbin Institute of Technology, Harbin 150001, China) |
| Abstract: |
| IoT devices are limited by factors such as energy consumption and computing power, and usually use lightweight operating systems and simplified security protection mechanisms. As a result, IoT devices have insufficient operating system security protection capabilities and are more likely to be compromised by user-mode programs. In order to enhance the isolation capability of the operating system, the existing security protection methods usually limit the numbers of system calls accessible to applications, so that they can only access system calls necessary for running, thereby reducing the attack surface of the operating system. However, the existing dynamic or static program analysis methods cannot accurately obtain the necessary system call set of the target program. The dynamic tracking approaches can only obtain a subset of the program-dependent system calls by tracking the system calls triggered during the execution of the program, and the access control based on this may affect the normal execution of the program. The static analysis approaches usually construct the control flow graph of the program and their dependent libraries and analyze their reachable system calls. However, because static analysis cannot accurately construct the control flow graph, it can only obtain the over-approximated set of the target program's dependent system calls, which will introduce extra system calls in access control and result in a large attack surface of the operating system. Aiming at the usability and accuracy problems faced by the existing system call access control, a multi-level kernel access control method is studied. Based on the existing system call access control, the dynamically-linked library access control is introduced, and the multi-level correlation dynamic security analysis is proposed. The dynamic verification mechanism uses dynamic analysis to eliminate additional system calls introduced by inaccurate static analysis, thereby further reducing the attack surface of the IoT systems and improving the isolation capability and security of IoT devices. The experimental results show that, compared with the existing kernel access control methods, our approach can mitigate more vulnerabilities and introduce lower overhead. |
| Key words: IoT system security attack surface reduction static program analysis dynamic access control multi-layer access control |
