通信学报 ›› 2018, Vol. 39 ›› Issue (3): 22-34.doi: 10.11959/j.issn.1000-436x.2018040
彭安妮1,周威1,贾岩2,张玉清1,2
修回日期:
2018-03-06
出版日期:
2018-03-01
发布日期:
2018-04-02
作者简介:
彭安妮(1995-),女,湖北武汉人,中国科学院大学博士生,主要研究方向为网络与系统安全。|周威(1993-),男,河北保定人,中国科学院大学博士生,主要研究方向为网络与系统安全。|贾岩(1992-),男,河北石家庄人,西安电子科技大学博士生,主要研究方向为网络与系统安全。|张玉清(1966-),男,陕西宝鸡人,博士,中国科学院大学教授,主要研究方向为网络与信息系统安全。
基金资助:
Anni PENG1,Wei ZHOU1,Yan JIA2,Yuqing ZHANG1,2
Revised:
2018-03-06
Online:
2018-03-01
Published:
2018-04-02
Supported by:
摘要:
随着物联网的迅速普及和应用,物联网系统核心(操作系统)的安全问题越发显得急迫和突出。首先,对现阶段市场上广泛应用的物联网操作系统及其特征进行了介绍,分析了其与传统嵌入式操作系统的异同;然后,在调研和分析大量物联网操作系统相关文献的基础上,从构建完整安全系统的角度对现有物联网操作系统安全研究成果进行有效的分类和分析;进一步指出了物联网操作系统安全所面临的挑战和机遇,总结了物联网操作系统安全的研究现状;最后,结合现有研究的不足指出了物联网操作系统安全未来的热点研究方向,并特别指出了物联网系统生存技术这一新的研究方向。
中图分类号:
彭安妮,周威,贾岩,张玉清. 物联网操作系统安全研究综述[J]. 通信学报, 2018, 39(3): 22-34.
Anni PENG,Wei ZHOU,Yan JIA,Yuqing ZHANG. Survey of the Internet of things operating system security[J]. Journal on Communications, 2018, 39(3): 22-34.
表1
物联网10个操作系统及其特性"
操作系统 | 特性 |
文献[ | 支持平台较多,能在多平台(如嵌入式设备和传感器等)上运行,较容易开发 |
文献[ | 是一个开源的、容易移植的多任务操作系统,适用于内存资源受限的设备 |
文献[ | 使用Weave的通信协议,实现设备与云端相连,并且与谷歌助手等服务交互 |
文献[ | ARM处理器专用,采用事件驱动的单线程架构,可用于尺寸小、低功耗的物联网设备 |
文献 | 兼容性强,为众多嵌入式架构提供了有力的支持 |
文献[ | 轻量级物联网实时操作系统 |
文献[ | 华为公司开发的轻量级的物联网操作系统,具备零配置、自组网、跨平台的能力 |
文献[ | 具备高性能、安全性和可靠性 |
文献[ | 嵌入式 Linux 操作系统,该操作系统基于Linux内核,支持该操作系统的厂商、芯片和产品比较广泛 |
文献[ | 具有很强的移植性,可用于手机、电脑、智能电视、车载系统等多种智能设备 |
[1] | 张玉清, 周威, 彭安妮 . 物联网安全综述[J]. 计算机研究与发展, 2017,54(10): 2130-2143. |
ZHANG Y Q , ZHOU W , PENG A N . Survey of Internet of things security[J]. Journal of Computer Research and Development, 2017,54(10): 2130-2143. | |
[2] | AMIRI-KORDESTANI M , BOURDOUCEN H . A survey on embedded open source system software for the Internet of things[C]// Free and Open Source Software Conference. 2017. |
[3] | LANGNER R . Stuxnet:dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011,9(3): 49-51. |
[4] | D’EXPLOITATION S . RIOT-the friendly operating system for the Internet of Things-VIDEO[J]. Genomics & Informatics, 2012,10(4): 249-55. |
[5] | DUNKELS A , GRNVALL B , VOIGT T . Contiki-a lightweight and flexible operating system for tiny networked sensors[C]// IEEE International Conference on Local Computer Networks. 2004: 455-462. |
[6] | PAVELI? N . Evaluation of Android things platform[D]. Sveu?ili?te u Zagrebu:Fakultet Elektrotehnike i Ra?unarstva, 2017. |
[7] | TOULSON R , WILMSHURST T . Fast and effective embedded systems design:applying the ARM mbed[J]. Newnes, 2016. |
[8] | SHALAN M , EL-SISSY D , . Online power management using DVFS for RTOS[C]// 4th International Design and Test Workshop (IDT). 2009: 1-6. |
[9] | INAM R , M?KI-TURJA J , SJ?DIN M , . Hard real-time support for hierarchical scheduling in FreeRTOS[C]// 23rd Euromicro Conference on Real-Time Systems. 2011: 51-60. |
[10] | CAO Q , ABDELZAHER T , STANKOVIC J ,et al. The liteos operating system:towards unix-like abstractions for wireless sensor networks[C]// International Conference on Information Processing in Sensor Networks. 2008: 233-244. |
[11] | GR?S S , LOSE G . Green hills software’s integrity real-time operating system unleashes the power of Intel network processors[J]. International Urogynecology Journal, 2013,24(10):1771. |
[12] | POELLABAUER C , SCHWAN K , WEST R ,et al. Flexible user/kernel com-munication for real-time applications in elinux[C]// The Workshop on Real Time Operating Systems and Applications and Second Real Time Linux Workshop (in conjunction with RTSS 2000). 2000. |
[13] | VELEZ G , SENDEROS O , NIETO M ,et al. Implementation of a computer vision based advanced driver assistance system in Tizen IVI[C]// ITS World Congress. 2014. |
[14] | ZHAO K , GE L . A survey on the Internet of things security[C]// Ninth International Conference on Computational Intelligence and Security. 2013: 663-667. |
[15] | ZARAGOZA M G , KIM H K , LEE R Y . Big data and IoT for u-healthcare security[M]// Computer and Information Science. Springer International Publishing, 2018: 1-11. |
[16] | HENRY N L , PAUL N R , MCFARLANE N . Using bowel sounds to create a forensically-aware insulin pump system[C]// Usenix Conference on Safety,Security,Privacy and Interoperability of Health Information Technologies. 2013:8. |
[17] | LANGNER R . Stuxnet:dissecting a cyberwarfare weapon[J]. IEEE Security & Privacy, 2011,9(3): 49-51. |
[18] | CLARK S S , RANSFORD B , RAHMATI A ,et al. WattsUpDoc:power side channels to nonintrusively discover untargeted malware on embedded medical devices[C]// HealthTech. 2013. |
[19] | WOO S , JO H J , LEE D H . A practical wireless attack on the connected car and security protocol for in-vehicle CAN[J]. IEEE Transactions on Intelligent Transportation Systems, 2015,16(2): 993-1006. |
[20] | HUMAYED A , LUO B . Cyber-physical security for smart cars:taxonomy of vulnerabilities,threats,and attacks[C]// The ACM/IEEE Sixth International Conference on Cyber-Physical Systems. 2015: 252-253. |
[21] | FRANCILLON A , . Analyzing thousands of firmware images and a few physical devices:what’s next?[C]// The 6th International Workshop on Trustworthy Embedded Devices. 2016:1. |
[22] | BABAR S , STANGO A , PRASAD N ,et al. Proposed embedded security framework for Internet of things (IoT)[C]// 2011 2nd International Conference on Wireless Communication,Vehicular Technology,Information Theory and Aerospace & Electronics Systems Technology (Wireless VITAE). 2011: 1-5. |
[23] | JIN Y , . Embedded system security in smart consumer electronics[C]// The 4th International Workshop on Trustworthy Embedded Devices. 2014:59. |
[24] | LIU S . Design and development of a security kernel in an embedded system[J]. International Journal of Control & Automation, 2014,7(11): 49-58. |
[25] | GUANCIALE S , ROBERTO S , KHAKPOUR S ,et al. Formal verification of information flow security for a simple arm-based separation kernel[J]. Journal of Molecular Structure Theochem, 2013,587(s1-3): 49-56. |
[26] | AZAB A M , SWIDOWSKI K , BHUTKAR R ,et al. SKEE:a lightweight secure kernel-level execution environment for ARM[C]// NDSS. 2016. |
[27] | BATES A , TIAN D , BUTLER K R B ,et al. Trustworthy whole-system provenance for the Linux kernel[C]// Usenix Conference on Security Symposium. 2015: 319-334. |
[28] | MALENKO M , BAUNACH M . Real-time and security requirements for Internet-of-things operating systems[C]// Internet Der Dinge:Echtzeit 2016. 2016: 33-42. |
[29] | DYER J G , LINDEMANN M , PEREZ R ,et al. Building the IBM 4758 secure coprocessor[J]. Computer, 2001,34(10): 57-66. |
[30] | PETRONI JR N L , FRASER T , MOLINA J ,et al. Copilot-a coprocessor-based kernel runtime integrity monitor[C]// USENIX Security Symposium. 2004: 179-194. |
[31] | ZHAO L , LI G , SUTTER B D ,et al. ARMor:fully verified software fault isolation[C]// The International Conference on Embedded Software. 2011: 289-298. |
[32] | CHEN X , GARFINKEL T , LEWIS E C ,et al. Overshadow:a virtualization based approach to retrofitting protection in commodity operating systems[C]// ACM, 2008: 2-13. |
[33] | NORDHOLZ J , VETTER J , PETER M ,et al. Xnpro:low-impact hypervisor-based execution prevention on ARM[C]// The 5th International Workshop on Trustworthy Embedded Devices. 2015: 55-64. |
[34] | PARK D J , HWANG H S , KANG M H ,et al. Secure boot method and semiconductor memory system using the method:US20090019275[P].2009.--> 2009. |
[35] | KIRKPATRICK M S , GHINITA G , BERTINO E . Resilient authenticated execution of critical applications in untrusted environments[J]. IEEE Transactions on Dependable & Secure Computing, 2012,9(4): 597-609. |
[36] | KOHNH?USER F , KATZENBEISSER S . Secure code updates for mesh networked commodity low-end embedded devices[C]// European Symposium on Research in Computer Security. 2016: 320-338. |
[37] | COSTIN A , ZADDACH J , FRANCILLON A ,et al. A large-scale analysis of the security of embedded firmwares[C]// USENIX Security Symposium. 2014: 95-110. |
[38] | SACHIDANANDA V , TOH J , SIBONI S ,et al. POSTER:towards exposing Internet of things:a roadmap[C]// ACM Sigsac Conference on Computer and Communications Security. 2016: 1820-1822. |
[39] | MER M , ASPINALL D , WOLTERS M . POSTER:weighing in eHealth security[C]// ACM Sigsac Conference on Computer and Communications Security. 2016: 1832-1834. |
[40] | TABRIZI F M , PATTABIRAMAN K . Formal security analysis of smart embedded systems[C]// The 32nd Annual Conference on Computer Security Applications. 2016: 1-15. |
[41] | KHAN M T , SERPANOS D , SHROBE H . A rigorous and efficient run-time security monitor for real-time critical embedded system applications[C]// 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). 2016: 100-105. |
[42] | YOON M K , MOHAN S , CHOI J ,et al. Learning execution contexts from system call distribution for anomaly detection in smart embedded system[C]// 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI). 2017: 191-196. |
[43] | HUANG W , HUANG Z , MIYANI D ,et al. LMP:light-weighted memory protection with hardware assistance[C]// The 32nd Annual Conference on Computer Security Applications. 2016: 460-470. |
[44] | VOGT D , GIUFFRIDA C , BOS H ,et al. Lightweight memory checkpointing[C]// IEEE/IFIP International Conference on Dependable Systems and Networks. 2015: 474-484. |
[45] | YU T , SEKAR V , SESHAN S ,et al. Handling a trillion (unfixable) flaws on a billion devices:rethinking network security for the Internet-of-things[C]// ACM Workshop on Hot Topics in Networks. 2015:5. |
[46] | KOEBERL P , SCHULZ S , SADEGHI A R ,et al. TrustLite:a security architecture for tiny embedded devices[C]// European Conference on Computer Systems. 2014:10. |
[47] | DEFRAWY K E , PERITO D , TSUDIK G . SMART:secure and minimal architecture for (Establishing a Dynamic) root of trust[J]. Isoc. 2017. |
[48] | STRACKX R , PIESSENS F , PRENEEL B . Efficient isolation of trusted subsystems in embedded systems[C]// International Conference on Security and Privacy in Communication Systems. 2010: 344-361. |
[49] | GUO F , MU Y , SUSILO W ,et al. CP-ABE with constant-size keys for lightweight devices[J]. IEEE Transactions on Information Forensics&Security, 2014,9(5): 763-771. |
[50] | SHI Y , WEI W , HE Z ,et al. An ultra-lightweight white-box encryption scheme for securing resource-constrained IoT devices[C]// Conference on Computer Security Applications. 2016: 16-29. |
[51] | BANSOD G , RAVAL N , PISHAROTY N . Implementation of a new lightweight encryption design for embedded security[J]. IEEE Transactions on Information Forensics and Security, 2015,10(1): 142-151. |
[52] | ADNAN S F S , ISA M A M , HASHIM H . Timing analysis of the lightweight AAβ encryption scheme on embedded Linux for Internet of things[C]// 2016 IEEE Symposium on Computer Applications &Industrial Electronics (ISCAIE). 2016: 113-116. |
[53] | KAUER B , . OSLO:improving the security of trusted computing[C]// USENIX Security Symposium. 2007: 229-237. |
[54] | KüHN U , SELHORST M SELHORST C . Realizing property-based attestation and sealing with commonly available hard and software[C]// The 2007 ACM workshop on Scalable trusted computing. 2007: 50-57. |
[55] | KYL?NP?? M , RANTALA A , . Remote attestation for embedded systems[C]// Conference on Cybersecurity of Industrial Control Systems. 2015: 79-92. |
[56] | TSUDIK G , . Challenges in remote attestation of low-end embedded devices[C]// The 4th International Workshop on Trustworthy Embedded Devices. 2014:1. |
[57] | CHEN L , L?HR H , MANULIS M ,et al. Property-based attestation without a trusted third party[J]. Information Security, 2008: 31-46. |
[58] | SADEGHI A R , STüBLE C , . Property-based attestation for computing platforms:caring about properties,not mechanisms[C]// The 2004 workshop on new security paradigms. 2004: 67-77. |
[59] | MCCUNE J M , LI Y , QU N ,et al. TrustVisor:efficient TCB reduction and attestation[C]// 2010 IEEE Symposium on Security and Privacy (SP). 2010: 143-158. |
[60] | SCHULZ S , WACHSMANN C , SADEGHIS A R . Lightweight remote attestation using physical functions,technische universitat darmstadt,darmstadt[R]. Germany,Technical Report, 2011. |
[61] | SCHULZ S , SADEGHI A R , WACHSMANN C . Short paper:lightweight remote attestation using physical functions[C]// The fourth ACM Conference on Wireless Network Security. 2011: 109-114. |
[62] | RANASINGHE D , ENGELS D , COLE P . Security and privacy:modest proposals for low-cost RFID systems[C]// Auto-ID Labs Research Workshop,Zurich,Switzerland. 2004. |
[63] | EICHHORN I , LEEST V V D , LEEST V V D . Logically reconfigurable PUFs:memory-based secure key storage[C]// ACM Workshop on Scalable Trusted Computing. 2011: 59-64. |
[64] | YU M D M , M’RAIHI D , SOWELL R , .et al. Lightweight and secure PUF key storage using limits of machine learning[C]// International Work-shop on Cryptographic Hardware and Embedded Systems. 2011: 358-373. |
[65] | GARITANO I , FAYYAD S , NOLL J . Multi-metrics approach for security,privacy and dependability in embedded systems[J]. Wireless Personal Communications, 2015,81(4): 1359-1376. |
[66] | OH D , KIM D , RO W W . A malicious pattern detection engine for embedded security systems in the Internet of things[J]. Sensors, 2014,14(12): 24188-24211. |
[67] | BANSOD G , RAVAL N , PISHAROTY N . Implementation of a new lightweight encryption design for embedded security[J]. IEEE Transactions on Information Forensics and Security, 2015,10(1): 142-151. |
[68] | ODELU V , DAS A K , GOSWAMI A . A secure biometrics-based multi-server authentication protocol using smart cards[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9): 1953-1966. |
[69] | CARABAS M , MOGOSANU L , DEACONESCU R ,et al. Lightweight display virtualization for mobile devices[C]// International Workshop on Secure Internet of Things. 2014: 18-25. |
[70] | ABERA T , ASOKAN N , DAVI L ,et al. C-FLAT:control-flow attestation for embedded systems software[C]// The 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 743-754. |
[71] | CHALUPAR G , PEHERSTORFER S , POLL E ,et al. Automated reverse engineering using Lego[J]. WOOT, 2014,14: 1-10. |
[72] | ASOKAN N , EKBERG J E , KOSTIAINEN K ,et al. Mobile trusted computing[J]. Proceedings of the IEEE, 2014,102(8): 1189-1206. |
[73] | HALEVI T , MA D , SAXENA N ,et al. Secure proximity detection for NFC devices based on ambient sensor data[C]// European Symposium on Research in Computer Security. 2012: 379-396. |
[74] | LIN J , JING J , LIU P . Evaluating intrusion-tolerant certification authority systems[J]. Quality & Reliability Engineering International, 2012,28(8): 825-841. |
[75] | GOSEVAPOPSTOJANOVA K , VAIDYANATHAN K , TRIVEDI K ,et al. Characterizing intrusion tolerant systems using a state transition model[C]// DARPA Information Survivability Conference & Exposition II. 2001: 211-221. |
[76] | GUPTA V , LAM V , RAMASAMY H G V ,et al. dependability and performance evaluation of intrusion-tolerant server architectures[M]// Dependable Computing. Springer Berlin Heidelberg, 2003: 81-101. |
[1] | 赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56. |
[2] | 金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL:面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197. |
[3] | 李元诚, 秦永泰. 基于深度强化学习的软件定义安全中台QoS实时优化算法[J]. 通信学报, 2023, 44(5): 181-192. |
[4] | 刘盈泽, 郭渊博, 方晨, 李勇飞, 陈庆礼. 基于有限理性的网络防御策略智能规划方法[J]. 通信学报, 2023, 44(5): 52-63. |
[5] | 谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215. |
[6] | 罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225. |
[7] | 余雪勇, 邱礼翔, 宋家宁, 朱洪波. 无人机辅助边缘计算中安全通信与能效优化策略[J]. 通信学报, 2023, 44(3): 45-54. |
[8] | 徐明, 张保俊, 伍益明, 应晨铎, 郑宁. 面向网络攻击和隐私保护的多智能体系统分布式共识算法[J]. 通信学报, 2023, 44(3): 117-127. |
[9] | 张艳硕, 刘宁, 袁煜淇, 杨亚涛. 基于ISRSAC数字签名算法的适配器签名方案[J]. 通信学报, 2023, 44(3): 178-185. |
[10] | 康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135. |
[11] | 刘彩霞, 季新生, 邬江兴. 移动通信网的内生安全共性问题及破解之道[J]. 通信学报, 2022, 43(9): 70-79. |
[12] | 石润华, 于辉, 柯唯阳, 徐小桐. 基于BB84态的量子匿名一票否决协议[J]. 通信学报, 2022, 43(8): 109-120. |
[13] | 陈炜宇, 骆俊杉, 王方刚, 丁海洋, 王世练, 夏国江. 无线隐蔽通信容量限与实现技术综述[J]. 通信学报, 2022, 43(8): 203-218. |
[14] | 王振宇, 郭阳, 李少青, 侯申, 邓丁. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61. |
[15] | 郭渊博, 李勇飞, 陈庆礼, 方晨, 胡阳阳. 融合Focal Loss的网络威胁情报实体抽取[J]. 通信学报, 2022, 43(7): 85-92. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|