物联网操作系统安全研究综述

彭安妮; 周威; 贾岩; 张玉清

doi:10.11959/j.issn.1000-436x.2018040

您当前的位置：

首页 >

文章列表页 >

物联网操作系统安全研究综述

论文Ⅰ：物联网与安全 | 更新时间：2024-06-05

- 物联网操作系统安全研究综述
- Survey of the Internet of things operating system security
- 通信学报 2018年39卷第3期页码：22-34
- 作者机构：
  
  1. 中国科学院大学国家计算机网络入侵防范中心，北京 101408
  2. 西安电子科技大学网络与信息安全学院，陕西西安 710071
- 作者简介：
  
  [ "彭安妮（1995-），女，湖北武汉人，中国科学院大学博士生，主要研究方向为网络与系统安全。" ]
  [ "周威（1993-），男，河北保定人，中国科学院大学博士生，主要研究方向为网络与系统安全。" ]
  [ "贾岩（1992-），男，河北石家庄人，西安电子科技大学博士生，主要研究方向为网络与系统安全。" ]
  [ "张玉清（1966-），男，陕西宝鸡人，博士，中国科学院大学教授，主要研究方向为网络与信息系统安全。" ]
- 基金信息：
  
  国家重点研究计划基金资助项目(2016YFB0800703);国家自然科学基金资助项目(61572460);国家自然科学基金资助项目(61272481);信息安全国家重点实验室的开放课题基金资助项目(2017-ZD-01);国家发展改革委员会信息安全专项基金资助项目((2012)1424);国家111计划基金资助项目(B16037)
- DOI：10.11959/j.issn.1000-436x.2018040
  中图分类号： TP393
- 网络出版日期：2018-03，
  
  纸质出版日期：2018-03-25
- 稿件说明：
移动端阅览
彭安妮, 周威, 贾岩, 等. 物联网操作系统安全研究综述[J]. 通信学报, 2018,39(3):22-34.

Anni PENG, Wei ZHOU, Yan JIA, et al. Survey of the Internet of things operating system security[J]. Journal on communications, 2018, 39(3): 22-34.
彭安妮, 周威, 贾岩, 等. 物联网操作系统安全研究综述[J]. 通信学报, 2018,39(3):22-34. DOI： 10.11959/j.issn.1000-436x.2018040.

Anni PENG, Wei ZHOU, Yan JIA, et al. Survey of the Internet of things operating system security[J]. Journal on communications, 2018, 39(3): 22-34. DOI： 10.11959/j.issn.1000-436x.2018040.

摘要

随着物联网的迅速普及和应用，物联网系统核心（操作系统）的安全问题越发显得急迫和突出。首先，对现阶段市场上广泛应用的物联网操作系统及其特征进行了介绍，分析了其与传统嵌入式操作系统的异同；然后，在调研和分析大量物联网操作系统相关文献的基础上，从构建完整安全系统的角度对现有物联网操作系统安全研究成果进行有效的分类和分析；进一步指出了物联网操作系统安全所面临的挑战和机遇，总结了物联网操作系统安全的研究现状；最后，结合现有研究的不足指出了物联网操作系统安全未来的热点研究方向，并特别指出了物联网系统生存技术这一新的研究方向。

Abstract

With the rapid popularization and wide application of the Internet of things (IoT)

the security problems of IoT operating system

which is the essential part

become more and more urgent.Firstly

the famous IoT operating systems and their different features were introduced

then it was compared with present embedded systems.Secondly

On the basis of the survey of research related to IoT operating system

the research was discussed and analyzed from the view of building a comprehensive security system

then security challenges and opportunities which the IoT system faced were pointed out

and the research status of the security of the IoT operating system was summarized.Finally

the promising future study directions in the IoT operating system security field were discussed based on the drawbacks of the existing researches

particularly

the IoT system survival technology as a new research direction was pointed out.

关键词

Keywords

references

张玉清 , 周威 , 彭安妮 . 物联网安全综述 [J ] . 计算机研究与发展 , 2017 , 54 ( 10 ): 2130 - 2143 .

ZHANG Y Q , ZHOU W , PENG A N . Survey of Internet of things security [J ] . Journal of Computer Research and Development , 2017 , 54 ( 10 ): 2130 - 2143 .

AMIRI-KORDESTANI M , BOURDOUCEN H . A survey on embedded open source system software for the Internet of things [C ] // Free and Open Source Software Conference . 2017 .

LANGNER R . Stuxnet:dissecting a cyberwarfare weapon [J ] . IEEE Security ＆ Privacy , 2011 , 9 ( 3 ): 49 - 51 .

D’EXPLOITATION S . RIOT-the friendly operating system for the Internet of Things-VIDEO [J ] . Genomics ＆ Informatics , 2012 , 10 ( 4 ): 249 - 55 .

DUNKELS A , GRNVALL B , VOIGT T . Contiki-a lightweight and flexible operating system for tiny networked sensors [C ] // IEEE International Conference on Local Computer Networks . 2004 : 455 - 462 .

PAVELIĆ N . Evaluation of Android things platform [D ] . Sveučilište u Zagrebu:Fakultet Elektrotehnike i Računarstva , 2017 .

TOULSON R , WILMSHURST T . Fast and effective embedded systems design:applying the ARM mbed [J ] . Newnes , 2016 .

SHALAN M , EL-SISSY D , . Online power management using DVFS for RTOS [C ] // 4th International Design and Test Workshop (IDT) . 2009 : 1 - 6 .

INAM R , MÄKI-TURJA J , SJÖDIN M , . Hard real-time support for hierarchical scheduling in FreeRTOS [C ] // 23rd Euromicro Conference on Real-Time Systems . 2011 : 51 - 60 .

CAO Q , ABDELZAHER T , STANKOVIC J , et al . The liteos operating system:towards unix-like abstractions for wireless sensor networks [C ] // International Conference on Information Processing in Sensor Networks . 2008 : 233 - 244 .

GRÄS S , LOSE G . Green hills software’s integrity real-time operating system unleashes the power of Intel network processors [J ] . International Urogynecology Journal , 2013 , 24 ( 10 ):1771.

POELLABAUER C , SCHWAN K , WEST R , et al . Flexible user/kernel com-munication for real-time applications in elinux [C ] // The Workshop on Real Time Operating Systems and Applications and Second Real Time Linux Workshop (in conjunction with RTSS 2000) . 2000 .

VELEZ G , SENDEROS O , NIETO M , et al . Implementation of a computer vision based advanced driver assistance system in Tizen IVI [C ] // ITS World Congress . 2014 .

ZHAO K , GE L . A survey on the Internet of things security [C ] // Ninth International Conference on Computational Intelligence and Security . 2013 : 663 - 667 .

ZARAGOZA M G , KIM H K , LEE R Y . Big data and IoT for u-healthcare security [M ] // Computer and Information Science . Springer International Publishing , 2018 : 1 - 11 .

HENRY N L , PAUL N R , MCFARLANE N . Using bowel sounds to create a forensically-aware insulin pump system [C ] // Usenix Conference on Safety,Security,Privacy and Interoperability of Health Information Technologies . 2013 :8.

LANGNER R . Stuxnet:dissecting a cyberwarfare weapon [J ] . IEEE Security ＆ Privacy , 2011 , 9 ( 3 ): 49 - 51 .

CLARK S S , RANSFORD B , RAHMATI A , et al . WattsUpDoc:power side channels to nonintrusively discover untargeted malware on embedded medical devices [C ] // HealthTech . 2013 .

WOO S , JO H J , LEE D H . A practical wireless attack on the connected car and security protocol for in-vehicle CAN [J ] . IEEE Transactions on Intelligent Transportation Systems , 2015 , 16 ( 2 ): 993 - 1006 .

HUMAYED A , LUO B . Cyber-physical security for smart cars:taxonomy of vulnerabilities,threats,and attacks [C ] // The ACM/IEEE Sixth International Conference on Cyber-Physical Systems . 2015 : 252 - 253 .

FRANCILLON A , . Analyzing thousands of firmware images and a few physical devices:what’s next? [C ] // The 6th International Workshop on Trustworthy Embedded Devices . 2016 :1.

BABAR S , STANGO A , PRASAD N , et al . Proposed embedded security framework for Internet of things (IoT) [C ] // 2011 2nd International Conference on Wireless Communication,Vehicular Technology,Information Theory and Aerospace ＆ Electronics Systems Technology (Wireless VITAE) . 2011 : 1 - 5 .

JIN Y , . Embedded system security in smart consumer electronics [C ] // The 4th International Workshop on Trustworthy Embedded Devices . 2014 :59.

LIU S . Design and development of a security kernel in an embedded system [J ] . International Journal of Control ＆ Automation , 2014 , 7 ( 11 ): 49 - 58 .

GUANCIALE S , ROBERTO S , KHAKPOUR S , et al . Formal verification of information flow security for a simple arm-based separation kernel [J ] . Journal of Molecular Structure Theochem , 2013 , 587 ( s1-3 ): 49 - 56 .

AZAB A M , SWIDOWSKI K , BHUTKAR R , et al . SKEE:a lightweight secure kernel-level execution environment for ARM [C ] // NDSS . 2016 .

BATES A , TIAN D , BUTLER K R B , et al . Trustworthy whole-system provenance for the Linux kernel [C ] // Usenix Conference on Security Symposium . 2015 : 319 - 334 .

MALENKO M , BAUNACH M . Real-time and security requirements for Internet-of-things operating systems [C ] // Internet Der Dinge:Echtzeit 2016 . 2016 : 33 - 42 .

DYER J G , LINDEMANN M , PEREZ R , et al . Building the IBM 4758 secure coprocessor [J ] . Computer , 2001 , 34 ( 10 ): 57 - 66 .

PETRONI JR N L , FRASER T , MOLINA J , et al . Copilot-a coprocessor-based kernel runtime integrity monitor [C ] // USENIX Security Symposium . 2004 : 179 - 194 .

ZHAO L , LI G , SUTTER B D , et al . ARMor:fully verified software fault isolation [C ] // The International Conference on Embedded Software . 2011 : 289 - 298 .

CHEN X , GARFINKEL T , LEWIS E C , et al . Overshadow:a virtualization based approach to retrofitting protection in commodity operating systems [C ] // ACM , 2008 : 2 - 13 .

NORDHOLZ J , VETTER J , PETER M , et al . Xnpro:low-impact hypervisor-based execution prevention on ARM [C ] // The 5th International Workshop on Trustworthy Embedded Devices . 2015 : 55 - 64 .

PARK D J , HWANG H S , KANG M H , et al . Secure boot method and semiconductor memory system using the method:US20090019275 [P ] .2009.-- > 2009 .

KIRKPATRICK M S , GHINITA G , BERTINO E . Resilient authenticated execution of critical applications in untrusted environments [J ] . IEEE Transactions on Dependable ＆ Secure Computing , 2012 , 9 ( 4 ): 597 - 609 .

KOHNHÄUSER F , KATZENBEISSER S . Secure code updates for mesh networked commodity low-end embedded devices [C ] // European Symposium on Research in Computer Security . 2016 : 320 - 338 .

COSTIN A , ZADDACH J , FRANCILLON A , et al . A large-scale analysis of the security of embedded firmwares [C ] // USENIX Security Symposium . 2014 : 95 - 110 .

SACHIDANANDA V , TOH J , SIBONI S , et al . POSTER:towards exposing Internet of things:a roadmap [C ] // ACM Sigsac Conference on Computer and Communications Security . 2016 : 1820 - 1822 .

MER M , ASPINALL D , WOLTERS M . POSTER:weighing in eHealth security [C ] // ACM Sigsac Conference on Computer and Communications Security . 2016 : 1832 - 1834 .

TABRIZI F M , PATTABIRAMAN K . Formal security analysis of smart embedded systems [C ] // The 32nd Annual Conference on Computer Security Applications . 2016 : 1 - 15 .

KHAN M T , SERPANOS D , SHROBE H . A rigorous and efficient run-time security monitor for real-time critical embedded system applications [C ] // 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT) . 2016 : 100 - 105 .

YOON M K , MOHAN S , CHOI J , et al . Learning execution contexts from system call distribution for anomaly detection in smart embedded system [C ] // 2017 IEEE/ACM Second International Conference on Internet-of-Things Design and Implementation (IoTDI) . 2017 : 191 - 196 .

HUANG W , HUANG Z , MIYANI D , et al . LMP:light-weighted memory protection with hardware assistance [C ] // The 32nd Annual Conference on Computer Security Applications . 2016 : 460 - 470 .

VOGT D , GIUFFRIDA C , BOS H , et al . Lightweight memory checkpointing [C ] // IEEE/IFIP International Conference on Dependable Systems and Networks . 2015 : 474 - 484 .

YU T , SEKAR V , SESHAN S , et al . Handling a trillion (unfixable) flaws on a billion devices:rethinking network security for the Internet-of-things [C ] // ACM Workshop on Hot Topics in Networks . 2015 :5.

KOEBERL P , SCHULZ S , SADEGHI A R , et al . TrustLite:a security architecture for tiny embedded devices [C ] // European Conference on Computer Systems . 2014 :10.

DEFRAWY K E , PERITO D , TSUDIK G . SMART:secure and minimal architecture for (Establishing a Dynamic) root of trust [J ] . Isoc . 2017 .

STRACKX R , PIESSENS F , PRENEEL B . Efficient isolation of trusted subsystems in embedded systems [C ] // International Conference on Security and Privacy in Communication Systems . 2010 : 344 - 361 .

GUO F , MU Y , SUSILO W , et al . CP-ABE with constant-size keys for lightweight devices [J ] . IEEE Transactions on Information Forensics＆Security , 2014 , 9 ( 5 ): 763 - 771 .

SHI Y , WEI W , HE Z , et al . An ultra-lightweight white-box encryption scheme for securing resource-constrained IoT devices [C ] // Conference on Computer Security Applications . 2016 : 16 - 29 .

BANSOD G , RAVAL N , PISHAROTY N . Implementation of a new lightweight encryption design for embedded security [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 1 ): 142 - 151 .

ADNAN S F S , ISA M A M , HASHIM H . Timing analysis of the lightweight AAβ encryption scheme on embedded Linux for Internet of things [C ] // 2016 IEEE Symposium on Computer Applications ＆Industrial Electronics (ISCAIE) . 2016 : 113 - 116 .

KAUER B , . OSLO:improving the security of trusted computing [C ] // USENIX Security Symposium . 2007 : 229 - 237 .

KÜHN U , SELHORST M SELHORST C . Realizing property-based attestation and sealing with commonly available hard and software [C ] // The 2007 ACM workshop on Scalable trusted computing . 2007 : 50 - 57 .

KYLÄNPÄÄ M , RANTALA A , . Remote attestation for embedded systems [C ] // Conference on Cybersecurity of Industrial Control Systems . 2015 : 79 - 92 .

TSUDIK G , . Challenges in remote attestation of low-end embedded devices [C ] // The 4th International Workshop on Trustworthy Embedded Devices . 2014 :1.

CHEN L , LÖHR H , MANULIS M , et al . Property-based attestation without a trusted third party [J ] . Information Security , 2008 : 31 - 46 .

SADEGHI A R , STÜBLE C , . Property-based attestation for computing platforms:caring about properties,not mechanisms [C ] // The 2004 workshop on new security paradigms . 2004 : 67 - 77 .

MCCUNE J M , LI Y , QU N , et al . TrustVisor:efficient TCB reduction and attestation [C ] // 2010 IEEE Symposium on Security and Privacy (SP) . 2010 : 143 - 158 .

SCHULZ S , WACHSMANN C , SADEGHIS A R . Lightweight remote attestation using physical functions,technische universitat darmstadt,darmstadt [R ] . Germany,Technical Report , 2011 .

SCHULZ S , SADEGHI A R , WACHSMANN C . Short paper:lightweight remote attestation using physical functions [C ] // The fourth ACM Conference on Wireless Network Security . 2011 : 109 - 114 .

RANASINGHE D , ENGELS D , COLE P . Security and privacy:modest proposals for low-cost RFID systems [C ] // Auto-ID Labs Research Workshop,Zurich,Switzerland . 2004 .

EICHHORN I , LEEST V V D , LEEST V V D . Logically reconfigurable PUFs:memory-based secure key storage [C ] // ACM Workshop on Scalable Trusted Computing . 2011 : 59 - 64 .

YU M D M , M’RAIHI D , SOWELL R , . et al . Lightweight and secure PUF key storage using limits of machine learning [C ] // International Work-shop on Cryptographic Hardware and Embedded Systems . 2011 : 358 - 373 .

GARITANO I , FAYYAD S , NOLL J . Multi-metrics approach for security,privacy and dependability in embedded systems [J ] . Wireless Personal Communications , 2015 , 81 ( 4 ): 1359 - 1376 .

OH D , KIM D , RO W W . A malicious pattern detection engine for embedded security systems in the Internet of things [J ] . Sensors , 2014 , 14 ( 12 ): 24188 - 24211 .

ODELU V , DAS A K , GOSWAMI A . A secure biometrics-based multi-server authentication protocol using smart cards [J ] . IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 9 ): 1953 - 1966 .

CARABAS M , MOGOSANU L , DEACONESCU R , et al . Lightweight display virtualization for mobile devices [C ] // International Workshop on Secure Internet of Things . 2014 : 18 - 25 .

ABERA T , ASOKAN N , DAVI L , et al . C-FLAT:control-flow attestation for embedded systems software [C ] // The 2016 ACM SIGSAC Conference on Computer and Communications Security . 2016 : 743 - 754 .

CHALUPAR G , PEHERSTORFER S , POLL E , et al . Automated reverse engineering using Lego [J ] . WOOT , 2014 , 14 : 1 - 10 .

ASOKAN N , EKBERG J E , KOSTIAINEN K , et al . Mobile trusted computing [J ] . Proceedings of the IEEE , 2014 , 102 ( 8 ): 1189 - 1206 .

HALEVI T , MA D , SAXENA N , et al . Secure proximity detection for NFC devices based on ambient sensor data [C ] // European Symposium on Research in Computer Security . 2012 : 379 - 396 .

LIN J , JING J , LIU P . Evaluating intrusion-tolerant certification authority systems [J ] . Quality ＆ Reliability Engineering International , 2012 , 28 ( 8 ): 825 - 841 .

GOSEVAPOPSTOJANOVA K , VAIDYANATHAN K , TRIVEDI K , et al . Characterizing intrusion tolerant systems using a state transition model [C ] // DARPA Information Survivability Conference ＆ Exposition II . 2001 : 211 - 221 .

GUPTA V , LAM V , RAMASAMY H G V , et al . dependability and performance evaluation of intrusion-tolerant server architectures [M ] // Dependable Computing . Springer Berlin Heidelberg , 2003 : 81 - 101 .

浏览量

3233

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

全栈信创电子邮件系统实践

基于SDN的物联网边缘节点间数据流零信任管理

基于审计博弈的安全协作频谱感知方案

面向轻量级物联网设备的高效匿名身份认证协议设计

共生网络——异构网络安全高效互联的体系结构与机理