检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:李飞序 严飞[1] 程斌林 张立强[1] LI Feixu;YAN Fei;CHENG Binlin;ZHANG Liqiang(Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education,School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,Hubei,China;School of Cyber Science and Technology,Shandong University,Qingdao 266237,Shandong,China)
机构地区:[1]武汉大学国家网络安全学院空天信息安全与可信计算教育部重点实验室,湖北武汉430072 [2]山东大学网络空间安全学院,山东青岛266237
出 处:《山东大学学报(理学版)》2023年第9期39-50,共12页Journal of Shandong University(Natural Science)
基 金:国家自然科学基金资助项目(61872430,62172144);湖北省重点研发计划项目(2020BAA003,2021BAA027);湖北省自然科学基金资助项目(2022CFB510)。
摘 要:低功耗广域网(low power wide area network,LPWAN)作为一个强调低功耗的协议通常运行在资源受限设备上。一方面,受限的资源给协议实现的安全性带来了严峻的挑战,厂商通常难以在安全性与资源消耗上进行取舍。另一方面,协议栈以裸机固件的形式部署在设备上,各异的硬件特性使得其自动化分析较为困难。因此,本文专门针对资源受限设备提出了一种基于符号执行与污点分析的协议栈分析框架ProSE,能够针对固件中存在的协议漏洞进行检测。本文以LPWAN中最具代表性的LoRaWAN协议作为分析对象,实现了多种漏洞的自动化检测,并成功检测出6个厂商LoRaWAN实现中存在的20个潜在安全漏洞。LPWAN(low power wide area network)as a protocol that emphasizes low power consumption usually runs on resource-constrained devices.On the one hand,limited resources bring serious challenges to the security of protocol implementation.Manufacturers may have trouble balancing security demands and resource consumption.On the other hand,protocol stacks are deployed on constrained devices as bare-metal firmware.The varying hardware characteristics make automatic analysis difficult.Therefore,a protocol stack analysis framework called ProSE is proposed.Based on symbolic execution and taint analysis,ProSE is specifically designed for protocol vulnerability detection on the firmware of constrained devices.LoRaWAN is chosen for analysis due to its popularity.The framework is capable of detecting various types of vulnerability.ProSE successfully detected 20 potential security vulnerabilities in the implementation of LoRaWAN of 6 manufacturers.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.49