作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2021, Vol. 47 ›› Issue (7): 126-134. doi: 10.19678/j.issn.1000-3428.0059386

• 网络空间安全 • 上一篇    下一篇

面向新攻击面的物联网终端固件安全威胁模型

朱新兵1,2,3, 李清宝1,2, 张平1,2, 陈志锋1,2, 顾艳阳1,2   

  1. 1. 中国人民解放军战略支援部队信息工程大学 网络空间安全学院, 郑州 450003;
    2. 数学工程与先进计算国家重点实验室, 郑州 450003;
    3. 中国人民解放军河南省军区 数据信息室, 郑州 450003
  • 收稿日期:2020-08-28 修回日期:2020-09-29 发布日期:2020-10-15
  • 作者简介:朱新兵(1981-),男,工程师、博士,主研方向为信息安全、物联网;李清宝、张平,教授、博士;陈志锋,讲师、博士;顾艳阳,硕士。
  • 基金资助:
    国家自然科学基金(61802432)。

Security Threat Model for IoT Terminal Firmware with a New Attack Surface

ZHU Xinbing1,2,3, LI Qingbao1,2, ZHANG Ping1,2, CHEN Zhifeng1,2, GU Yanyang1,2   

  1. 1. Cyberspace Security College, PLA Strategic Support Force Information Engineering University, Zhengzhou 450003, China;
    2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450003, China;
    3. Data Information Office, PLA Henan Province Military Region, Zhengzhou 450003, China
  • Received:2020-08-28 Revised:2020-09-29 Published:2020-10-15

摘要: 物联网终端的显著特点是对外部世界进行感知与控制,但是传统安全威胁分析模型无法有效评估来自外部的攻击数据对物联网终端固件造成的危害。将新攻击面引入的攻击数据作为分析对象,通过对攻击数据在固件中的完整传播路径和交互过程进行建模,构建面向新攻击面的物联网终端固件安全威胁模型FSTM,从而分析物联网终端固件所面临的潜在威胁。分析结果表明,FSTM模型能有效描述物联网与物理世界紧耦合、与业务强相关的特性,为面向新攻击面的物联网终端安全检测技术研究提供理论指导。

关键词: 物联网, 固件, 新攻击面, 攻击数据, 安全威胁模型

Abstract: Internet of Things(IoT) terminals can perceive and control the external environment.However,the traditional security threat analysis models fail to accurately evaluate the harm of external attacks on IoT terminal firmware.This paper takes the attack data introduced by the new attack surface as the analysis object,and builds the model of the complete propagation path and interactions of the attack data in firmware.On this basis,a security threat model called FSTM for IoT terminal firmware with a new attack surface is constructed to support the analysis of potential threats faced by IoT terminal firmware.The analysis results show that FSTM can accurately describe the tight coupling between IoT and the physical world,as well as the strong correlation between IoT and the services.The proposed model provides theoretical guidance for the research of IoT terminal security and detection technology based on the new attack surface.

Key words: Internet of Things(IoT), firmware, new attack surface, attack data, security threat model

中图分类号: