| 摘要: |
| 许多智能家居平台支持用户定义自动化规则以管理智能家居设备,这些规则在同一场景下可能发生交互。如果这些规则间的交互存在逻辑漏洞,则可能导致智能家居设备自动执行违背用户本意的意外动作,从而给用户带来安全危害(例如,人不在家时打开窗户)。因此,进行规则交互漏洞检测技术的研究是紧迫且必要的。本文对近年来智能家居规则交互漏洞检测技术相关研究进行了广泛的调研和细致的汇总。首先本文对智能家居规则交互漏洞检测技术研究中涉及的四个重要概念进行了解释。随后本文对迄今研究中提出的规则交互漏洞进行总结,将其分为了5类,分别是条件绕过,条件阻塞,动作冲突,动作重复以及意外规则链,并分析了每类漏洞的形成机理和潜在危害。在此基础上,文章对现有的交互漏洞检测方案进行了分类研究,根据检测方案技术原理的不同,本文将交互漏洞检测中具有代表性的20项工作分为三个类别,分别是基于静态规则分析的TAP交互漏洞检测,基于动态执行监控的TAP交互漏洞检测以及基于用户视角的TAP交互规则检测。接着,本文从技术原理和实现效果两个维度对相关工作进行梳理和对比。最后结合研究现状和发展历程本文提出了当前研究中面临的3个研究热点,分别是考虑物理交互的TAP交互漏洞检测,考虑时间要素的TAP交互漏洞检测以及TAP规则交互检测中的安全属性表达。 |
| 关键词: 智能家居 规则交互 漏洞检测 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2025.07.02 |
| Received:September 28, 2023Revised:December 13, 2023 |
| 基金项目:本课题得到国家自然科学基金项目(No. 61872430)资助。 |
|
| A Review of Research on Smart Home Rule Interaction Vulnerability Detection |
| WANG Jingyao,CHEN Zemao,WANG Tingting |
| School of Cyber Science and Engineering, Wuhan University, Wuhan 430000, China;Northern Theater Command Navy, Qingdao 266000, China |
| Abstract: |
| Many smart home platforms allow users to define automation rules to manage smart home devices that may interact in the same scenario. If there are logical loopholes in the interaction between these rules, it may cause the smart home device to automatically perform unexpected actions that are contrary to the user's intention, thus causing safety hazards to the user (for example, opening a window when the person is not at home). Therefore, it is urgent and necessary to conduct research on rule interaction vulnerability detection technology. This paper conducts an extensive survey and detailed summary of the research on smart home rule interaction vulnerability detection technology in recent years. First, this paper explains the four key concepts involved in the research on smart home rule interaction vulnerability detection technology. This paper then summarizes the rule interaction vulnerabilities proposed in the research so far and divides them into five categories, namely condition bypass, condition blocking, action conflict, action reverting and unexpected rule chain. The formation mechanism and potential harm of each type of vulnerability are analyzed. On this basis, the paper conducts a classification study on the existing interaction vulnerability detection solutions. According to the different technical principles of the detection solutions, this paper divides 20 representative work in interaction vulnerability detection into three categories, which are TAP interaction vulnerability detection based on static rule analysis, TAP interaction vulnerability detection based on dynamic execution monitoring, and TAP interaction rule detection based on user perspective. Next, this paper reviews and compares the relevant work from two dimensions: technical principles and implementation effects. Finally, based on the current research status and development history, this paper proposes three research hotspots faced in current research, namely TAP interaction vulnerability detection considering physical interaction, TAP interaction vulnerability detection considering time factors, and security/safety properties expression in TAP rule interaction detection. |
| Key words: smart home rule interaction vulnerability detection |
