Bibliographic Details
| Title: |
物联网设备固件自动化漏洞挖掘技术研究综述. (Chinese) |
| Alternate Title: |
Survey on automated vulnerability mining techniques for IoT device firmware. (English) |
| Authors: |
刘, 航天, 甘, 水滔, 张, 超, 张, 红旗, 孙, 文厚, 高, 子聪, 赵, 敏, 白, 雪 |
| Source: |
Chinese Journal of Network & Information Security; Apr2025, Vol. 11 Issue 2, p26-49, 24p |
| Subject Terms: |
LANGUAGE models, INTERNET of things, RESEARCH personnel, CUSTOMIZATION |
| Abstract (English): |
With the wide application of IoT technology, IoT devices have exploded. In recent years, security incidents caused by IoT devices have occurred frequently, which makes the research of IoT device security become a hot spot. The security analysis of IoT device firmware has been conducted, with a focus on its black-box nature, network characteristics, and customization features. Challenges to automated vulnerability mining have been highlighted, such as the closed-source firmware code, closed operating environment, complex network interactions, and highly customized hardware-software. Researchers have proposed a series of advanced technologies and methods to address these challenges. The existing literature was comprehensively analyzed, and the latest research progress in automated vulnerability mining technology for IoT device firmware was summarized from four aspects: black-box fuzzing, gray-box fuzzing, static program analysis, and firmware re-hosting. Based on the analysis of the current research status, existing challenges and deficiencies were pointed out, and future research directions and ideas were proposed, including the development trend of multi-technology organically combination, the application prospects of large language models in automated vulnerability mining, and the synchronous upgrade of vulnerability mining technology driven by the evolution of IoT technology. An in-depth analysis and summary of the current status and development trends of automated vulnerability mining technology for IoT device firmware were provided, offering valuable references for future research and applications in the industry. [ABSTRACT FROM AUTHOR] |
| Abstract (Chinese): |
随着物联网技术的广泛应用,物联网设备爆炸式增长。近年来,物联网设备导致的安全事件频发,使得物联网设备安全研究成为热点。首先,对物联网设备固件的安全特性(包括黑盒特性、网络特性和定制化特性)进行了深入剖析,这些特性给自动化漏洞挖掘带来了新的挑战。固件代码闭源、运行环境封闭、网络交互复杂、软硬件高度定制化,这些都增加了固件安全分析的难度。针对这些挑战,研究人员研发了一系列解决方案。通过对现有文献进行综合分析,从黑盒模糊测试、灰盒模糊测试、静态程序分析和固件重托管4个方面,总结了物联网设备固件自动化漏洞挖掘技术的最新研究进展。在此基础上,分析了尚存在的挑战和不足,并提出了未来的研究方向和思路,包括多种技术有机组合的发展趋势、大语言模型在自动化漏洞挖掘中的应用前景,以及物联网技术演进驱动漏洞挖掘技术的同步升级。通过对物联网设备固件自动化漏洞挖掘技术现状及发展趋势的深入剖析和总结,为业界下一步研究及应用提供有价值的参考。 [ABSTRACT FROM AUTHOR] |
|
Copyright of Chinese Journal of Network & Information Security is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| Database: |
Complementary Index |
Nájsť tento článok vo Web of Science