摘要
物联网即“万物相连的互联网”,是利用互联网延伸与扩展,实现频射识别、红外感应、全球定位系统、激光扫描器等设备的互联通信。物联网体系结构复杂,各组件安全问题突出,传统人工测评方式难以适用。目前,以攻击者视角来研究如何整体评估物联网生态安全的报道较少。文章以威胁建模为导向,基于物联网组件分解理论,定义并识别出所有可能的攻击面,提出一种综合评估物联网生态系统安全方式,为自动化渗透测试提供适当的切入点。
IoT(internet of things)is the considered as the internet of all the things.According to the extension and expansion of internet,the information sensing devices such as frequency identification,infrared sensors,GPS,laser scanner and so on,are able to interconnect with each other.As a new technology production,the architecture of the internet of things is extremely complex,and the security of various components is particularly prominent.Therefore,it will be difficult to carry out the traditional manual evaluation method.At present,there are relatively few studies on the overall assessment of ecosystem security of the internet of things from an attacker’s perspective.In this paper,based on threat modeling,component decomposition theory based on internet of things,and then give a suggestion of identifying all the referring possible attack surfaces,and form a method of how to estimate the IOT ecosystem security assessment.It will be supposed to provide an appropriate entry point for automated penetration testing in the future research.
作者
冯伟
FENG Wei(China Southern Power Grid Digital Grid Research Institute Co.,Ltd.,Guangzhou 511458,China)
出处
《现代信息科技》
2020年第1期171-173,共3页
Modern Information Technology
关键词
物联网
攻击面
自动化渗透测试
威胁建模
internet of things
attack surfaces
automated penetration testing
threat modeling
