物联网固件安全缺陷检测研究进展

张弛; 司徒凌云; 王林章

引用本文：

张弛,司徒凌云,王林章.物联网固件安全缺陷检测研究进展[J].信息安全学报,2021,6(3):141-158 [点击复制]
ZHANG Chi,SITU Lingyun,WANG Linzhang.Research Progress on Security Defect Detection of IoT Firmware[J].Journal of Cyber Security,2021,6(3):141-158 [点击复制]

本文已被：浏览 6265次下载 4872次	码上扫一扫！
物联网固件安全缺陷检测研究进展
张弛^1,2, 司徒凌云^1,2, 王林章^1,2
0 字体:加大+\|默认\|缩小-
(1.计算机软件新技术国家重点实验室(南京大学) 南京中国 210023;2.南京大学计算机科学与技术系南京中国 210023)

摘要:

固件是物联网设备的基础使能软件，其中存在的安全缺陷是物联网设备遭受攻击的根本原因之一。由于物联网设备资源受限，难以部署完善的安全防护机制，身处不安全的网络环境中，其固件缺陷一旦被恶意利用，轻则使设备宕机，重则威胁安全攸关领域基础设施，造成巨大的生命财产损失。因此，有效的固件安全缺陷检测已然成为保障物联网设备安全的关键，也成为学术界和工业界研究的热点。面对物联网设备数量的高速增长、固件自身规模和复杂性的不断攀升、固件类型的日益多样化、固件缺陷的持续增多，现有的物联网固件安全缺陷检测研究面临挑战。本文归纳了典型物联网固件实现缺陷类型，分析了典型缺陷产生机理，从静态分析、符号执行、模糊测试、程序验证、基于机器学习的方法等角度综述了现有固件缺陷检测方法。通过对不同方法优势与不足的分析，为进一步提升固件安全缺陷检测方法的智能化、精准化、自动化、有效性、可扩展性提供指导。在此基础上，本文展望了未来可以开展的研究工作。

关键词: 物联网设备实时操作系统固件安全缺陷检测

DOI：10.19363/J.cnki.cn10-1380/tn.2021.05.09

投稿时间：2020-06-23修订日期：2020-11-26

基金项目:本课题得到国家自然科学基金（No.62032010）资助。

Research Progress on Security Defect Detection of IoT Firmware

ZHANG Chi^1,2, SITU Lingyun^1,2, WANG Linzhang^1,2

(1.State Key Laboratory for Novel Software Technology (Nanjing University), Nanjing 210023, China;2.School of Computer Science and Technology, Nanjing University, Nanjing 210023, China)

Abstract:

Firmware is the basic enabling software for IoT devices, and the security defects that exist are one of the root causes of IoT devices being attacked. Due to the limited resources of IoT devices, it is difficult to deploy a complete security protection mechanism. In an insecure network environment, once the firmware defects are maliciously exploited, the device will be down, and the security infrastructure will be threatened. Caused huge loss of life and property. Therefore, effective firmware security defect detection has become the key to the security of IoT devices, and has become a hot topic in academic and industrial research. Faced with the rapid growth of the number of IoT devices, the increasing size and complexity of firmware itself, the increasing variety of firmware types, and the continued increase in firmware defects, existing IoT firmware security defect detection research faces challenges. This paper summarizes the typical types of defect implementation of IoT firmware, analyzes the mechanism of typical defect generation, and summarizes the existing firmware defect detection methods from the perspectives of static analysis, symbolic execution, fuzzing, program verification, and machine learning-based methods. Through the analysis of the advantages and disadvantages of different methods, it provides guidance for further improving the intelligence, accuracy, automation, effectiveness and scalability of the firmware security defect detection method. Further, this article also look forward to the research work that can be carried out in the future.

Key words: Internet of Things devices real-time operating system firmware security defect detection