Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (12): 1146-.

    Next Articles

A Survey of IoT Firmware Vulnerability Security Detection

  

  • Online:2022-12-03 Published:2022-12-01

物联网固件漏洞安全检测综述

李涛1田迎军1葛阳晨2田源2李剑3
  

  1. 1(山东高速建设管理集团有限公司济南250098)
    2(北京邮电大学人工智能学院北京100876)
    3(北京邮电大学网络空间安全学院北京100876)
  • 通讯作者: 李涛 硕士.主要研究方向为交通建设的信息化和智能化. 552126247@qq.com
  • 作者简介:李涛 硕士.主要研究方向为交通建设的信息化和智能化. 552126247@qq.com 田迎军 主要研究方向为交通建设的信息化和智能化. 86841536@qq.com 葛阳晨 硕士.主要研究方向为深度学习、网络安全. geyangchengyc@163.com 田源 博士.主要研究方向为信息安全、大数据隐私保护、量子密码学. redrainiety@bupt.edu.cn 李剑 博士,教授,博士生导师.主要研究方向为信息安全、量子密码学. lijian@bupt.edu.cn

Abstract: With the advent of the Internet of everything, the security issues of the IoT have become more and more important, especially the economic losses caused by security risks and attacks caused by firmware vulnerabilities in the IoT. Efficient firmware vulnerability detection technology has increasingly become the key to ensuring the security of IoT devices. Therefore, studying the methods and technologies related to firmware vulnerability security detection in the IoT has essential theoretical significance and practical value. This paper analyzes the reasons for the frequent security problems of IoT firmware, summarizes the main security threats faced by IoT firmware, and targets the firmware. Based on the challenges faced by vulnerability analysis, the existing firmware vulnerability detection methods are reviewed. Through the analysis of the advantages and disadvantages of different methods, it provides guidance for further improving the intelligence, precision, automation, effectiveness, and scalability of the firmware security defect detection method. Finally, future research in IoT firmware vulnerability security detection is prospected.

Key words: IoT, firmware, vulnerability detection, security, firmware security

摘要: 随着万物互联时代的到来,物联网的安全问题越来越突出,尤其是物联网中由于固件漏洞引起的安全隐患或攻击行为导致的经济损失越来越大.高效的固件漏洞检测技术越来越成为保障物联网设备安全的关键,因此研究物联网中固件漏洞安全检测相关方法与技术具有重要的理论意义和实用价值.分析了物联网固件安全问题频发的原因,归纳了物联网固件面临的主要安全威胁,针对固件漏洞分析所面临的挑战,综述了现有固件漏洞检测方法.通过对不同方法优势与不足的分析,为进一步提升固件安全缺陷检测方法的智能化、精准化、自动化、有效性、可扩展性提供指导.最后,对物联网固件漏洞安全检测进行了展望.

关键词: 物联网, 固件, 漏洞检测, 安全, 固件安全